loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Tamás Aladics 1 ; 2 ; Péter Hegedűs 1 ; 2 and Rudolf Ferenc 1

Affiliations: 1 Department of Sofware Engineering, University of Szeged, Szeged, Hungary ; 2 FrontEndART Ltd., Szeged, Hungary

Keyword(s): Just-in-Time Vulnerability Detection, Dataset, SZZ, Vulnerability Introducing Commits.

Abstract: In the domain of vulnerability detection from the source code by applying static analysis, the number and quality of available datasets for creating and testing security analysis methods is quite low. To be precise, there are already several public datasets containing vulnerability fixing commits; however, vulnerability introducing commit datasets are scarce, which would be essential for creating and validating just-in-time vulnerability detection approaches. In this paper, we propose an SZZ (an algorithm originally developed to find bug introducing commits) based method with a specific filtering mechanism to create vulnerability introducing commit datasets from vulnerability fixes. The filtering phase involves measuring a relevance score for each vulnerability introducing commit candidates based on commit similarities. We generated a novel Java vulnerability introducing dataset from the existing project-KB repository to demonstrate our algorithm’s capabilities. We also showcase the generated database and the effectiveness of our filtering method through several hand-picked examples from the dataset. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.148.104.103

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Aladics, T. ; Hegedűs, P. and Ferenc, R. (2022). A Vulnerability Introducing Commit Dataset for Java: An Improved SZZ based Approach. In Proceedings of the 17th International Conference on Software Technologies - ICSOFT; ISBN 978-989-758-588-3; ISSN 2184-2833, SciTePress, pages 68-78. DOI: 10.5220/0011275200003266

@conference{icsoft22,
author={Tamás Aladics and Péter Hegedűs and Rudolf Ferenc},
title={A Vulnerability Introducing Commit Dataset for Java: An Improved SZZ based Approach},
booktitle={Proceedings of the 17th International Conference on Software Technologies - ICSOFT},
year={2022},
pages={68-78},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011275200003266},
isbn={978-989-758-588-3},
issn={2184-2833},
}

TY - CONF

JO - Proceedings of the 17th International Conference on Software Technologies - ICSOFT
TI - A Vulnerability Introducing Commit Dataset for Java: An Improved SZZ based Approach
SN - 978-989-758-588-3
IS - 2184-2833
AU - Aladics, T.
AU - Hegedűs, P.
AU - Ferenc, R.
PY - 2022
SP - 68
EP - 78
DO - 10.5220/0011275200003266
PB - SciTePress