Improving Vulnerability Prediction of JavaScript Functions using Process Metrics

Tamás Viszkok, Péter Hegedűs, Péter Hegedűs, Rudolf Ferenc, Rudolf Ferenc

2021

Abstract

Due to the growing number of cyber attacks against computer systems, we need to pay special attention to the security of our software systems. In order to maximize the effectiveness, excluding the human component from this process would be a huge breakthrough. The first step towards this is to automatically recognize the vulnerable parts in our code. Researchers put a lot of effort into creating machine learning models that could determine if a given piece of code, or to be more precise, a selected function, contains any vulnerabilities or not. We aim at improving the existing models, building on previous results in predicting vulnerabilities at the level of functions in JavaScript code using the well-known static source code metrics. In this work, we propose to include several so-called process metrics (e.g., code churn, number of developers modifying a file, or the age of the changed source code) into the set of features, and examine how they affect the performance of the function-level JavaScript vulnerability prediction models. We can confirm that process metrics significantly improve the prediction power of such models. On average, we observed a 8.4% improvement in terms of F-measure (from 0.764 to 0.848), 3.5% improvement in terms of precision (from 0.953 to 0.988) and a 6.3% improvement in terms of recall (from 0.697 to 0.760).

Download


Paper Citation


in Harvard Style

Viszkok T., Hegedűs P. and Ferenc R. (2021). Improving Vulnerability Prediction of JavaScript Functions using Process Metrics. In Proceedings of the 16th International Conference on Software Technologies - Volume 1: ICSOFT, ISBN 978-989-758-523-4, pages 185-195. DOI: 10.5220/0010558501850195


in Bibtex Style

@conference{icsoft21,
author={Tamás Viszkok and Péter Hegedűs and Rudolf Ferenc},
title={Improving Vulnerability Prediction of JavaScript Functions using Process Metrics},
booktitle={Proceedings of the 16th International Conference on Software Technologies - Volume 1: ICSOFT,},
year={2021},
pages={185-195},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010558501850195},
isbn={978-989-758-523-4},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Conference on Software Technologies - Volume 1: ICSOFT,
TI - Improving Vulnerability Prediction of JavaScript Functions using Process Metrics
SN - 978-989-758-523-4
AU - Viszkok T.
AU - Hegedűs P.
AU - Ferenc R.
PY - 2021
SP - 185
EP - 195
DO - 10.5220/0010558501850195