loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Sofiane Lounici 1 ; Marco Rosa 1 ; Carlo Maria Negri 1 ; Slim Trabelsi 1 and Melek Önen 2

Affiliations: 1 SAP Security Research, France ; 2 EURECOM, France

Keyword(s): Data Mining, Security Tool, Machine Learning.

Abstract: Public code platforms like GitHub are exposed to several different attacks, and in particular to the detection and exploitation of sensitive information (such as passwords or API keys). While both developers and companies are aware of this issue, there is no efficient open-source tool performing leak detection with a significant precision rate. Indeed, a common problem in leak detection is the amount of false positive data (i.e., non critical data wrongly detected as a leak), leading to an important workload for developers manually reviewing them. This paper presents an approach to detect data leaks in open-source projects with a low false positive rate. In addition to regular expression scanners commonly used by current approaches, we propose several machine learning models targeting the false positives, showing that current approaches generate an important false positive rate close to 80%. Furthermore, we demonstrate that our tool, while producing a negligible false negative rate, decreases the false positive rate to, at most, 6% of the output data. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.118.0.48

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Lounici, S.; Rosa, M.; Negri, C.; Trabelsi, S. and Önen, M. (2021). Optimizing Leak Detection in Open-source Platforms with Machine Learning Techniques. In Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-491-6; ISSN 2184-4356, SciTePress, pages 145-159. DOI: 10.5220/0010238101450159

@conference{icissp21,
author={Sofiane Lounici. and Marco Rosa. and Carlo Maria Negri. and Slim Trabelsi. and Melek Önen.},
title={Optimizing Leak Detection in Open-source Platforms with Machine Learning Techniques},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP},
year={2021},
pages={145-159},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010238101450159},
isbn={978-989-758-491-6},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP
TI - Optimizing Leak Detection in Open-source Platforms with Machine Learning Techniques
SN - 978-989-758-491-6
IS - 2184-4356
AU - Lounici, S.
AU - Rosa, M.
AU - Negri, C.
AU - Trabelsi, S.
AU - Önen, M.
PY - 2021
SP - 145
EP - 159
DO - 10.5220/0010238101450159
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic