A New Approach to Locate Software Vulnerabilities Using Code Metrics

Automatic vulnerabilities prediction assists developers and minimizes resources allocated to fix software security issues. These costs can be minimized even more if the exact location of vulnerability is correctly indicated. In this study, the authors propose a new approach to using code metrics in vulnerability detection. The strength part of the proposed approach lies in using code metrics not to simply quantify characteristics of software components at a coarse granularity (package, file, class, function) such as complexity, coupling, etc., which is the approach commonly used in previous studies, but to quantify extracted pieces of code that hint presence of vulnerabilities at a fine granularity (few lines of code). Obtained results show that code metrics can be used with a machine learning technique not only to indicate vulnerable components wish was the aim of previous approaches but also to detect and locate vulnerabilities with very good accuracy.

Download Full-text

Introducing the Viewpoint in the Resource Description using Machine Learning

10.5121/csit.2021.111401 ◽

2021 ◽

Author(s):

Ouahiba Djama

Keyword(s):

Machine Learning ◽

Experimental Study ◽

Search Engines ◽

Machine Learning Technique ◽

New Approach ◽

Learning Technique ◽

Resource Description

Search engines allow providing the user with data and information according to their interests and specialty. Thus, it is necessary to exploit descriptions of the resources, which take into consideration viewpoints. Generally, the resource descriptions are available in RDF (e.g., DBPedia of Wikipedia content). However, these descriptions do not take into consideration viewpoints. In this paper, we propose a new approach, which allows converting a classic RDF resource description to a resource description that takes into consideration viewpoints. To detect viewpoints in the document, a machine learning technique will be exploited on an instanced ontology. This latter allows representing the viewpoint in a given domain. An experimental study shows that the conversion of the classic RDF resource description to a resource description that takes into consideration viewpoints, allows giving very relevant responses to the user’s requests.

Download Full-text

Software Security Estimation Using the Hybrid Fuzzy ANP-TOPSIS Approach: Design Tactics Perspective

Symmetry ◽

10.3390/sym12040598 ◽

2020 ◽

Vol 12 (4) ◽

pp. 598 ◽

Cited By ~ 3

Author(s):

Alka Agrawal ◽

Adil Hussain Seh ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Software Security ◽

Analytic Network Process ◽

Software Systems ◽

It Industry ◽

Software Vulnerabilities ◽

Security Issues ◽

Software Products ◽

Network Process ◽

Topsis Approach

Increasing the number of threats against software vulnerabilities and rapidly growing data breaches have become a key concern for both the IT industry and stakeholders. Developing secure software systems when there is a high demand for software products from individuals as well as the organizations is in itself a big challenge for the designers and developers. Meanwhile, adopting traditional and informal learnings to address security issues of software products has made it easier for cyber-criminals to expose software vulnerabilities. Hence, it is imperative for the security practitioners to employ a symmetric mechanism so as to achieve the desired level of software security. In this context, a decision-making approach is the most symmetrical technique to assess the security of software in security tactics perspective. Since the security tactics directly address the quality attribute concerns, this symmetric approach will be highly effective in making the software systems more secure. In this study, the authors have selected three main attributes and fifteen sub-attributes at level 1 and level 2, respectively, with ten different software of an institute as alternatives. Furthermore, this study uses a fuzzy-based symmetrical decision-making approach to assess the security of software with respect to tactics. Fuzzy Analytic Network Process (F-ANP) is applied to evaluate the weights of criteria and fuzzy-Symmetrical technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is used to determine impact of alternatives. The proposed symmetrical assessment in this study will be beneficial for both the designers and developers to categorize and prioritize the security attributes and understand the importance of security tactics during software development life cycle.

Download Full-text

A Survey of Automatic Software Vulnerability Detection, Program Repair, and Defect Prediction Techniques

Security and Communication Networks ◽

10.1155/2020/8858010 ◽

2020 ◽

Vol 2020 ◽

pp. 1-16

Author(s):

Zhidong Shen ◽

Si Chen

Keyword(s):

Deep Learning ◽

Large Scale ◽

Software Security ◽

Security Requirements ◽

Defect Prediction ◽

Learning Technology ◽

Vulnerability Detection ◽

Software Vulnerability ◽

Security Issues ◽

Program Repair

Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential software security problems. Together with the large-scale increase in the number of software and the increase in complexity, the traditional manual methods to deal with these security issues are inefficient and cannot meet the current cyberspace security requirements. Therefore, it is an important research topic for researchers in the field of software security to develop more intelligent technologies to apply to potential security issues in software. The development of deep learning technology has brought new opportunities for the study of potential security issues in software, and researchers have successively proposed many automation methods. In this paper, these automation technologies are evaluated and analysed in detail from three aspects: software vulnerability detection, software program repair, and software defect prediction. At the same time, we point out some problems of these research methods, give corresponding solutions, and finally look forward to the application prospect of deep learning technology in automated software vulnerability detection, automated program repair, and automated defect prediction.

Download Full-text

Flow Based Intrusion Detection System for Software Defined Networking using Hybrid Machine Learning Technique

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.b1108.1292s219 ◽

2019 ◽

Vol 9 (2S2) ◽

pp. 1026-1033

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Software Defined Networking ◽

Machine Learning Technique ◽

Security Issues ◽

Learning Technique ◽

Flow Information ◽

Hybrid Machine

Software Defined Networking and OpenFlow protocol have been recently emerged as dynamic and promising framework for future networks. Even though, programmable features and logically centralized controller leads to large number of security issues. To address the security problems, we have to impose Intrusion Detection System module to continuously keep track of the network traffic and to detect the malicious activities in the SDN environment. In this paper, we have implemented flow-based IDS with the help of hybrid machine learning technique. By collecting the flow information from the controller, we classify the traffic, extract the essential features and classify the attack using machine learning based classifier module. For classifier, we have developed hybrid machine learning model with the help of Modified K-Means and C4.5 algorithm. Our proposed work is compared with single machine learning classifier and our experimental results show that, proposed work can classify the normal and attack instances with accuracy of 97.66%.

Download Full-text

Web Security Aware by using Naive Baye’s ML Technique

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.d1325.029420 ◽

2020 ◽

Vol 9 (4) ◽

pp. 3222-3230

Keyword(s):

Web Applications ◽

Web Security ◽

Experimental Result ◽

Machine Learning Technique ◽

Security Vulnerabilities ◽

Sql Injection ◽

Security Issues ◽

Extensive Evaluation ◽

Learning Technique ◽

Input Validation

Web applications support many of our daily activities, but they often have security issues, and their accessibility makes them easy to use. This paper presents an analysis for finding vulnerabilities that directly address weak or absent of input validation. We present the techniques for finding security vulnerabilities in Web applications. We implement our proposed system with a machine learning technique (ML technique) to measure the accuracy and provide an extensive evaluation that finds all vulnerabilities in web applications. SQL injection, Cross-Site Scripting (XSS), HTTP and command inj1ection vulnerabilities are addressed in the proposed system and also Naive Bayes ML technique is used to calculate the accurateness. The experimental result shows the technique is more efficient and accurate.

Download Full-text

What Should Investors Care About? Mutual Fund Ratings by Analysts vs. Machine Learning Technique

SSRN Electronic Journal ◽

10.2139/ssrn.3702749 ◽

2020 ◽

Author(s):

Si Cheng ◽

Ruichang Lu ◽

Xiaojun Zhang

Keyword(s):

Machine Learning ◽

Mutual Fund ◽

Machine Learning Technique ◽

Learning Technique

Download Full-text

The Development of a Quantitative Precipitation Forecast Correction Technique Based on Machine Learning for Hydrological Applications

Atmosphere ◽

10.3390/atmos11010111 ◽

2020 ◽

Vol 11 (1) ◽

pp. 111 ◽

Cited By ~ 2

Author(s):

Chul-Min Ko ◽

Yeong Yun Jeong ◽

Young-Mi Lee ◽

Byung-Sik Kim

Keyword(s):

Machine Learning ◽

Heavy Rainfall ◽

Extreme Rainfall ◽

Machine Learning Techniques ◽

Precipitation Forecast ◽

Machine Learning Technique ◽

Rainfall Forecast ◽

Quantitative Precipitation Forecast ◽

Correction Technique ◽

Learning Technique

This study aimed to enhance the accuracy of extreme rainfall forecast, using a machine learning technique for forecasting hydrological impact. In this study, machine learning with XGBoost technique was applied for correcting the quantitative precipitation forecast (QPF) provided by the Korea Meteorological Administration (KMA) to develop a hydrological quantitative precipitation forecast (HQPF) for flood inundation modeling. The performance of machine learning techniques for HQPF production was evaluated with a focus on two cases: one for heavy rainfall events in Seoul and the other for heavy rainfall accompanied by Typhoon Kong-rey (1825). This study calculated the well-known statistical metrics to compare the error derived from QPF-based rainfall and HQPF-based rainfall against the observational data from the four sites. For the heavy rainfall case in Seoul, the mean absolute errors (MAE) of the four sites, i.e., Nowon, Jungnang, Dobong, and Gangnam, were 18.6 mm/3 h, 19.4 mm/3 h, 48.7 mm/3 h, and 19.1 mm/3 h for QPF and 13.6 mm/3 h, 14.2 mm/3 h, 33.3 mm/3 h, and 12.0 mm/3 h for HQPF, respectively. These results clearly indicate that the machine learning technique is able to improve the forecasting performance for localized rainfall. In addition, the HQPF-based rainfall shows better performance in capturing the peak rainfall amount and spatial pattern. Therefore, it is considered that the HQPF can be helpful to improve the accuracy of intense rainfall forecast, which is subsequently beneficial for forecasting floods and their hydrological impacts.

Download Full-text