False Alarm Reduction Method for Weakness Static Analysis Using BERT Model-Reference-Cited by-同舟云学术

False Alarm Reduction Method for Weakness Static Analysis Using BERT Model

Published:2023-03-09 Issue:6 Volume:13 Page:3502
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Nguyen Dinh Huong¹,Seo Aria¹,Nnamdi Nnubia Pascal¹,Son Yunsik¹^ORCID

Affiliation:

1. Department of Computer Science and Engineering, Dongguk University, Seoul 04620, Republic of Korea

Abstract

In the era of the fourth Industrial Revolution, software has recently been applied in many fields. As the size and complexity of software increase, security attack problems continue to arise owing to potential software defects, resulting in significant social losses. To reduce software defects, a secure software development life cycle (SDLC) should be systematically developed and managed. In particular, a software weakness analyzer that uses a static analysis tool to check software weaknesses at the time of development is a very effective tool for solving software weaknesses. However, because numerous false alarms can be reported even when they are not real weaknesses, programmers and reviewers must review them, resulting in a decrease in the productivity of development. In this study, we present a system that uses the BERT model to determine the reliability of the weakness analysis results generated by the static analysis tool and to reduce false alarms by reclassifying the derived results into a decision tree model. Thus, it is possible to maintain the advantages of static analysis tools and increase productivity by reducing the cost of program development and the review process.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/6/3502/pdf

Reference44 articles.

1. (2022, November 07). CS Hub Mid-Year Market Report 2022|Cyber Security Hub. Available online: https://www.cshub.com/executive-decisions/reports/cs-hub-mid-year-market-report-2022.

2. A Study on the Secure Coding Rules for Developing Secure Smart Contract on Ethereum Environments;Jeong;Int. J. Adv. Sci. Technol.,2019

3. A Study on the Security Weakness Analysis of Chaincode on Hyperledger Fawbric and Etheum Blockchain Framework;Kim;J. Green Eng.,2020

4. Secure Cloud Storage Service Using Bloom Filters for the Internet of Things;Jeong;IEEE Access,2019

5. A Survey of Emerging Threats in Cybersecurity;Nepal;J. Comput. Syst. Sci.,2014

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Enhanced Vision-Based Taillight Signal Recognition for Analyzing Forward Vehicle Behavior;Sensors;2024-08-10

2. Software Weakness Detection in Solidity Smart Contracts Using Control and Data Flow Analysis: A Novel Approach with Graph Neural Networks;Electronics;2024-08-10

3. Robust Prediction Method for Pedestrian Trajectories in Occluded Video Scenarios;2024-03-06

4. Motility Analysis of Diaphragm in Patients With Chronic Pulmonary Lung Disease Based on Computed Tomography Technique;IEEE Access;2023