loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Tamás Viszkok 1 ; Péter Hegedűs 1 ; 2 and Rudolf Ferenc 1 ; 3

Affiliations: 1 Department of Software Engineering, University of Szeged, Dugonics tér 13, Szeged, Hungary ; 2 MTA-SZTE Research Group on Artificial Intelligence, ELKH, Tisza Lajos krt. 103, Szeged, Hungary ; 3 FrontEndART Ltd., Somogyi utca 19., Szeged, Hungary

Keyword(s): Vulnerability Prediction, Static Source Code Metrics, Process Metrics, JavaScript Security.

Abstract: Due to the growing number of cyber attacks against computer systems, we need to pay special attention to the security of our software systems. In order to maximize the effectiveness, excluding the human component from this process would be a huge breakthrough. The first step towards this is to automatically recognize the vulnerable parts in our code. Researchers put a lot of effort into creating machine learning models that could determine if a given piece of code, or to be more precise, a selected function, contains any vulnerabilities or not. We aim at improving the existing models, building on previous results in predicting vulnerabilities at the level of functions in JavaScript code using the well-known static source code metrics. In this work, we propose to include several so-called process metrics (e.g., code churn, number of developers modifying a file, or the age of the changed source code) into the set of features, and examine how they affect the performance of the function- level JavaScript vulnerability prediction models. We can confirm that process metrics significantly improve the prediction power of such models. On average, we observed a 8.4% improvement in terms of F-measure (from 0.764 to 0.848), 3.5% improvement in terms of precision (from 0.953 to 0.988) and a 6.3% improvement in terms of recall (from 0.697 to 0.760). (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.147.42.34

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Viszkok, T. ; Hegedűs, P. and Ferenc, R. (2021). Improving Vulnerability Prediction of JavaScript Functions using Process Metrics. In Proceedings of the 16th International Conference on Software Technologies - ICSOFT; ISBN 978-989-758-523-4; ISSN 2184-2833, SciTePress, pages 185-195. DOI: 10.5220/0010558501850195

@conference{icsoft21,
author={Tamás Viszkok and Péter Hegedűs and Rudolf Ferenc},
title={Improving Vulnerability Prediction of JavaScript Functions using Process Metrics},
booktitle={Proceedings of the 16th International Conference on Software Technologies - ICSOFT},
year={2021},
pages={185-195},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010558501850195},
isbn={978-989-758-523-4},
issn={2184-2833},
}

TY - CONF

JO - Proceedings of the 16th International Conference on Software Technologies - ICSOFT
TI - Improving Vulnerability Prediction of JavaScript Functions using Process Metrics
SN - 978-989-758-523-4
IS - 2184-2833
AU - Viszkok, T.
AU - Hegedűs, P.
AU - Ferenc, R.
PY - 2021
SP - 185
EP - 195
DO - 10.5220/0010558501850195
PB - SciTePress