A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes

Rusen Halepmollası; Rusen Halepmollası; Khadija Hanifi; Ramin Fouladi; Ayse Tosun

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes

Topics: Empirical Software Engineering; Metrics; Quality Management; Reliability and Security; Safety, Security and Compliance

In Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering ENASE - Volume 1, 469-478, 2023 , Prague, Czech Republic

Authors: Rusen Halepmollası ^{1

;

2} ; Khadija Hanifi ³ ; Ramin Fouladi ³ and Ayse Tosun ¹

Affiliations: ¹ Istanbul Technical University, Istanbul, Turkey ; ² T ÜB İTAK Informatics and Information Security Research Center, Kocaeli, Turkey ; ³ Ericsson Security Research, Istanbul, Turkey

Keyword(s): Software Vulnerabilities, Software Metrics, Embeddings, Abstract Syntax Tree.

Abstract: Vulnerability prediction is a data-driven process that utilizes previous vulnerability records and their associated fixes in software development projects. Vulnerability records are rarely observed compared to other defects, even in large projects, and are usually not directly linked to the related code changes in the bug tracking system. Thus, preparing a vulnerability dataset and building a predicting model is quite challenging. There exist many studies proposing software metrics-based or embedding/token-based approaches to predict software vulnerabilities over code changes. In this study, we aim to compare the performance of two different approaches in predicting code changes that induce vulnerabilities. While the first approach is based on an aggregation of software metrics, the second approach is based on embedding representation of the source code using an Abstract Syntax Tree and skip-gram techniques. We employed Deep Learning and popular Machine Learning algorithms to predict vulnerability-inducing code changes. We report our empirical analysis over code changes on the publicly available SmartSHARK dataset that we extended by adding real vulnerability data. Software metrics-based code representation method shows a better classification performance than embedding-based code representation method in terms of recall, precision and F1-Score. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.149.240.75

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Halepmollası, R.; Hanifi, K.; Fouladi, R. and Tosun, A. (2023). A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes. In Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE; ISBN 978-989-758-647-7; ISSN 2184-4895, SciTePress, pages 469-478. DOI: 10.5220/0011859300003464

@conference{enase23,
author={Rusen Halepmollası. and Khadija Hanifi. and Ramin Fouladi. and Ayse Tosun.},
title={A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes},
booktitle={Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE},
year={2023},
pages={469-478},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011859300003464},
isbn={978-989-758-647-7},
issn={2184-4895},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE
TI - A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes
SN - 978-989-758-647-7
IS - 2184-4895
AU - Halepmollası, R.
AU - Hanifi, K.
AU - Fouladi, R.
AU - Tosun, A.
PY - 2023
SP - 469
EP - 478
DO - 10.5220/0011859300003464
PB - SciTePress