Empirical Analysis of Static Code Metrics for Predicting Risk Scores in Android Applications
作者: Mamdouh Alenezi , Iman Almomani
DOI: 10.1007/978-3-319-78753-4_8
关键词:
摘要: Recently, with the purpose of helping developers reduce needed effort to build highly secure software, researchers have proposed a number vulnerable source code prediction models that are built on different kinds features. Identifying security vulnerabilities along differentiating non-vulnerable from is not an easy task. Commonly, remain dormant until they exploited. Software metrics been widely used predict and indicate several quality characteristics about but question at hand whether can recognize ones. In this work, we conduct study static metrics, their interdependency, relationship in Android applications. The aim understand: (i) correlation between software metrics; (ii) ability these vulnerabilities, (iii) which most informative discriminative allow identifying units code.
springer.com
sci-hub.se 参考文章(31)
Tim Strazzere, Manu Quintans, Shane Hartman, Jose Andre Morales, Ken Dunham, Android Malware and Analysis ,(2014)
Michael Howard, Jon Pincus, Jeannette M. Wing, Measuring Relative Attack Surfaces Springer, Boston, MA. pp. 109- 137 ,(2005) , 10.1007/0-387-24006-3_8
Ilenia Fronza, Luis Corral, Better code for better apps: a study on source code quality and market success of Android applications Proceedings of the Second ACM International Conference on Mobile Software Engineering and Systems. pp. 22- 32 ,(2015) , 10.5555/2825041.2825045
Michael Yanguo Liu, Issa Traore, Empirical relation between coupling and attackability in software systems: Proceedings of the 2006 workshop on Programming languages and analysis for security - PLAS '06. pp. 57- 64 ,(2006) , 10.1145/1134744.1134756
Gabriela Czibula, Zsuzsanna Marian, Istvan Gergely Czibula, Software defect prediction using relational association rule mining Information Sciences. ,vol. 264, pp. 260- 278 ,(2014) , 10.1016/J.INS.2013.12.031
Istehad Chowdhury, Mohammad Zulkernine, Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities Journal of Systems Architecture. ,vol. 57, pp. 294- 313 ,(2011) , 10.1016/J.SYSARC.2010.06.003
Michael A. Cusumano, Who is liable for bugs and security flaws in software Communications of The ACM. ,vol. 47, pp. 25- 27 ,(2004) , 10.1145/971617.971637
Yonghee Shin, Andrew Meneely, Laurie Williams, Jason A. Osborne, Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities IEEE Transactions on Software Engineering. ,vol. 37, pp. 772- 787 ,(2011) , 10.1109/TSE.2010.81
Hao Peng, Chris Gates, Bhaskar Sarma, Ninghui Li, Yuan Qi, Rahul Potharaju, Cristina Nita-Rotaru, Ian Molloy, Using probabilistic generative models for ranking risks of Android apps Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 241- 252 ,(2012) , 10.1145/2382196.2382224
Mark D. Syer, Meiyappan Nagappan, Bram Adams, Ahmed E. Hassan, Studying the relationship between source code quality and mobile platform dependence Software Quality Journal. ,vol. 23, pp. 485- 508 ,(2015) , 10.1007/S11219-014-9238-2