Identifying characteristics of software vulnerabilities by their textual description using machine learning

2021 ◽  
Author(s):  
Konstantin Izrailov ◽  
Mikhail Buinevich ◽  
Igor Kotenko ◽  
Alexander Yaroshenko
Keyword(s):  
Machine Learning ◽  
Software Vulnerabilities ◽  
Textual Description

The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches

2021 ◽  
Vol 179 ◽  
pp. 103009
Author(s):  
Hazim Hanif ◽  
Mohd Hairul Nizam Md Nasir ◽  
Mohd Faizal Ab Razak ◽  
Ahmad Firdaus ◽  
Nor Badrul Anuar
Keyword(s):  
Machine Learning ◽  
Learning Approaches ◽  
Software Vulnerability ◽  
Software Vulnerabilities

scholarly journals Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation

2020 ◽  
Vol 10 (4) ◽  
pp. 1270
Author(s):  
Razvan Raducu ◽  
Gonzalo Esteban ◽  
Francisco J. Rodríguez Lera ◽  
Camino Fernández
Keyword(s):  
Machine Learning ◽  
Open Source ◽  
Descriptive Analysis ◽  
Source Code ◽  
Machine Learning Algorithms ◽  
Machine Learning Techniques ◽  
Current Status ◽  
Software Vulnerabilities ◽  
Learning Techniques ◽  
Public Repositories

Different Machine Learning techniques to detect software vulnerabilities have emerged in scientific and industrial scenarios. Different actors in these scenarios aim to develop algorithms for predicting security threats without requiring human intervention. However, these algorithms require data-driven engines based on the processing of huge amounts of data, known as datasets. This paper introduces the SonarCloud Vulnerable Code Prospector for C (SVCP4C). This tool aims to collect vulnerable source code from open source repositories linked to SonarCloud, an online tool that performs static analysis and tags the potentially vulnerable code. The tool provides a set of tagged files suitable for extracting features and creating training datasets for Machine Learning algorithms. This study presents a descriptive analysis of these files and overviews current status of C vulnerabilities, specifically buffer overflow, in the reviewed public repositories.

scholarly journals Automated approach to semantic search through software documentation based on Doc2Vec algorithm

2021 ◽  
pp. 17-27
Author(s):  
Artem Kovalev ◽  
Igor Nikiforov ◽  
Pavel Drobintsev
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Tracking System ◽  
Maintenance Phase ◽  
Software Tool ◽  
Support Service ◽  
Semantic Search ◽  
Machine Learning Algorithm ◽  
Software Documentation ◽  
Textual Description

Introduction: An important stage in a software development life cycle is the support phase, when customers can contact the support service of the supplier company and request a solution to an issue encountered in the software. To solve the request, engineers often have to refer to the relevant documentation. In order to reduce the complexity of the maintenance phase, the search for the necessary documentation pages can be automated. Purpose: Development of an approach to semantic search through documentation using Doc2Vec machine learning algorithm in order to automate the solution of customer requests. Results: An approach is proposed to semantic search through text documentation files and wiki pages using Doc2Vec machine learning algorithm. The documentation pages with semantic similarities to the textual description of an unresolved customer request help the engineer to process the request more efficiently and rapidly. Based on the proposed approach, a software tool has been developed which provides the engineer with a report containing links to documentation pages semantically related to the unresolved request. During the configuration of this tool, the optimal parameters of the Doc2Vec algorithm were found, providing the necessary quality of the semantic search. The idea of the experiment was to apply the tool to unresolved requests and evaluate its effectiveness. The developed approach and software tool were successfully tested in an open source Apache Kafka project. In the course of the experiment, 100 requests from Jira bug tracking system were downloaded and analyzed. The experimental results show the advantage of using the tool in software product support. The average documentation analysis time has been reduced as compared to the traditional manual approach. Practical relevance: The research results were used to solve real customer requests. The developed approach and the software implemented on its basis can reduce the complexity of the maintenance phase.

A tree-based machine learning methodology to automatically classify software vulnerabilities

2021 ◽  
Author(s):  
Georgios Aivatoglou ◽  
Mike Anastasiadis ◽  
Georgios Spanos ◽  
Antonis Voulgaridis ◽  
Konstantinos Votis ◽  
...  
Keyword(s):  
Machine Learning ◽  
Software Vulnerabilities

Mind wandering as data augmentation: How mental travel supports abstraction

2020 ◽  
Vol 43 ◽  
Author(s):  
Myrthe Faber
Keyword(s):  
Machine Learning ◽  
Data Augmentation ◽  
Mental Content ◽  
Mind Wandering ◽  
Theoretical Framework ◽  
Important Addition

Abstract Gilead et al. state that abstraction supports mental travel, and that mental travel critically relies on abstraction. I propose an important addition to this theoretical framework, namely that mental travel might also support abstraction. Specifically, I argue that spontaneous mental travel (mind wandering), much like data augmentation in machine learning, provides variability in mental content and context necessary for abstraction.

Sign in / Sign up

Export Citation Format

Share Document