Software Metrics as Indicators of Security Vulnerabilities
作者: Nadia Medeiros , Naghmeh Ivaki , Pedro Costa , Marco Vieira
关键词: Software 、 Vulnerability management 、 Software architecture 、 Software security assurance 、 Security bug 、 Software system 、 Software metric 、 Computer security 、 Software quality 、 Computer science
摘要: Detecting software security vulnerabilities and distinguishing vulnerable from non-vulnerable code is anything but simple. Most of the time, remain undisclosed until they are exposed, for instance, by an attack during operational phase. Software metrics widely-used indicators quality, question whether can be used to distinguish units ones development. In this paper, we perform exploratory study on metrics, their interdependency, relation with vulnerabilities. We aim at understanding: i) correlation between architectural characteristics, represented in form number vulnerabilities; ii) which most informative discriminative that allow identifying code. To achieve these goals, use, respectively, coefficients heuristic search techniques. Our analysis carried out a dataset includes reported vulnerabilities, exposed attacks, all functions, classes, files five widely projects. Results show: strong several project-level possibility using group both file function levels, high level accuracy.
computer.org
sci-hub.se 参考文章(38)
James M. Wood, Understanding and Computing Cohen’s Kappa: A Tutorial. WebPsychEmpiricist. Web Journal at http://wpe.info/. ,(2007)
Joanne M. Garrett, Anthony J. Viera, Understanding interobserver agreement: the kappa statistic. Family Medicine. ,vol. 37, pp. 360- 363 ,(2005)
Semi-Supervised Learning Advanced Methods in Sequence Analysis Lectures. pp. 221- 232 ,(2010) , 10.7551/MITPRESS/9780262033589.001.0001
Duc Pham, Dervis Karaboga, None, Intelligent Optimisation Techniques: Genetic Algorithms, Tabu Search, Simulated Annealing and Neural Networks ,(2011)
Leann Myers, Maria J. Sirois, Spearman Correlation Coefficients, Differences between Wiley StatsRef: Statistics Reference Online. ,(2004) , 10.1002/0471667196.ESS5050
John J. Grefenstette, Genetic Algorithms for Machine Learning ,(1993)
Nuno Antunes, Marco Vieira, On the Metrics for Benchmarking Vulnerability Detection Tools 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp. 505- 516 ,(2015) , 10.1109/DSN.2015.30
Mark A. Hall, Ian H. Witten, Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques ,(1999)
Israel Cohen, Yiteng Huang, Jingdong Chen, Jacob Benesty, Jacob Benesty, Jingdong Chen, Yiteng Huang, Israel Cohen, None, Pearson Correlation Coefficient Springer, Berlin, Heidelberg. pp. 1- 4 ,(2009) , 10.1007/978-3-642-00296-0_5
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)