lnu.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Predicting Security Vulnerabilities using Source Code Metrics
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM).
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM).ORCID iD: 0000-0003-1154-5308
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM).ORCID iD: 0000-0001-7092-2244
2021 (English)In: Proceedings of the 2021 Swedish Workshop on Data Science (SweDS 2021), IEEE, 2021Conference paper, Published paper (Refereed)
Abstract [en]

Large open-source systems generate and operate on a plethora of sensitive enterprise data. Thus, security threats or vulnerabilities must not be present in open-source systems and must be resolved as early as possible in the development phases to avoid catastrophic consequences. One way to recognize security vulnerabilities is to predict them while developers write code to minimize costs and resources. This study examines the effectiveness of machine learning algorithms to predict potential security vulnerabilities by analyzing the source code of a system. We obtained the security vulnerabilities dataset from Apache Tomcat security reports for version 4.x to 10.x. We also collected the source code of Apache Tomcat 4.x to 10.x to compute 43 object-oriented metrics. We assessed four traditional supervised learning algorithms, i.e., Naive Bayes (NB), Decision Tree (DT), K-Nearest Neighbors (KNN), and Logistic Regression (LR), to understand their efficacy in predicting security vulnerabilities. We obtained the highest accuracy of 80.6% using the KNN. Thus, the KNN classifier was demonstrated to be the most effective of all the models we built. The DT classifier also performed well but under-performed when it came to multi-class classification.

Place, publisher, year, edition, pages
IEEE, 2021.
Keywords [en]
Machine Learning, Prediction, Security Vulnerabilities, Software Metrics, Source Code, Classifiers, Codes (symbols), Decision trees, Learning algorithms, Logistic regression, Nearest neighbor search, Object oriented programming, Open Data, Open source software, Open systems, Apache tomcats, Enterprise data, Machine-learning, Nearest-neighbour, Open source system, Security threats, Source code metrics, Source codes, Forecasting
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-112555DOI: 10.1109/SweDS53855.2021.9638301ISI: 000833296400009Scopus ID: 2-s2.0-85123869704ISBN: 9781665418300 (electronic)ISBN: 9781665418317 (print)OAI: oai:DiVA.org:lnu-112555DiVA, id: diva2:1656736
Conference
9th Swedish Workshop on Data Science, SweDS 2021, Växjö, Sweden, December 2-3, 2021
Available from: 2022-05-06 Created: 2022-05-06 Last updated: 2024-08-28Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Olsson, TobiasPalma, Francis

Search in DiVA

By author/editor
Olsson, TobiasPalma, Francis
By organisation
Department of computer science and media technology (CM)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 99 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf