当前位置:
X-MOL 学术
›
Software Qual. J.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
The effect of Bellwether analysis on software vulnerability severity prediction models
Software Quality Journal ( IF 1.9 ) Pub Date : 2020-01-07 , DOI: 10.1007/s11219-019-09490-1 Patrick Kwaku Kudjo , Jinfu Chen , Solomon Mensah , Richard Amankwah , Christopher Kudjo
Software Quality Journal ( IF 1.9 ) Pub Date : 2020-01-07 , DOI: 10.1007/s11219-019-09490-1 Patrick Kwaku Kudjo , Jinfu Chen , Solomon Mensah , Richard Amankwah , Christopher Kudjo
Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existing research studies focusing on investigating how a subset of features can be used to improve VSP. To address this deficiency, this paper presents a general framework for VSP using the Bellwether analysis (i.e., exemplary data ). First, we apply the natural language processing techniques to the textual descriptions of software vulnerability. Next, we developed an algorithm termed Bellvul to identify and select an exemplary subset of data (referred to as Bellwether ) to be considered as the training set to yield improved prediction accuracy against the growing portfolio , within-project cases, and the k- fold cross-validation subset. Finally, we assessed the performance of four machine learning algorithms, namely, deep neural network, logistic regression, k-nearest neighbor, and random forest using the sampled instances. The prediction results of the suggested models and the benchmark techniques were assessed based on the standard classification evaluation metrics such as precision, recall, and F-measure. The experimental result shows that the Bellwether approach achieves F-measure ranging from 14.3% to 97.8%, which is an improvement over the benchmark techniques. In conclusion, the proposed approach is a promising research direction for assisting software engineers when seeking to predict instances of vulnerability records that demand much attention prior to software release.
中文翻译:
Bellwether分析对软件漏洞严重性预测模型的影响
漏洞严重性预测 (VSP) 模型为漏洞优先级排序和软件维护提供了有用的见解。之前的研究提出了多种机器学习算法作为 VSP 的重要范式。然而,据我们所知,没有其他现有的研究专注于研究如何使用特征子集来改进 VSP。为了解决这一不足,本文提出了使用 Bellwether 分析(即示例数据)的 VSP 的一般框架。首先,我们将自然语言处理技术应用于软件漏洞的文本描述。下一个,我们开发了一种称为 Bellvul 的算法来识别和选择一个示例性的数据子集(称为 Bellwether),将其视为训练集,以针对不断增长的投资组合、项目内案例和 k-fold 交叉产生更高的预测准确性。验证子集。最后,我们使用采样实例评估了四种机器学习算法的性能,即深度神经网络、逻辑回归、k-最近邻和随机森林。建议模型和基准技术的预测结果是根据标准分类评估指标(例如精度、召回率和 F 度量)进行评估的。实验结果表明,Bellwether 方法实现了从 14.3% 到 97.8% 的 F-measure,这是对基准技术的改进。综上所述,
更新日期:2020-01-07
中文翻译:
Bellwether分析对软件漏洞严重性预测模型的影响
漏洞严重性预测 (VSP) 模型为漏洞优先级排序和软件维护提供了有用的见解。之前的研究提出了多种机器学习算法作为 VSP 的重要范式。然而,据我们所知,没有其他现有的研究专注于研究如何使用特征子集来改进 VSP。为了解决这一不足,本文提出了使用 Bellwether 分析(即示例数据)的 VSP 的一般框架。首先,我们将自然语言处理技术应用于软件漏洞的文本描述。下一个,我们开发了一种称为 Bellvul 的算法来识别和选择一个示例性的数据子集(称为 Bellwether),将其视为训练集,以针对不断增长的投资组合、项目内案例和 k-fold 交叉产生更高的预测准确性。验证子集。最后,我们使用采样实例评估了四种机器学习算法的性能,即深度神经网络、逻辑回归、k-最近邻和随机森林。建议模型和基准技术的预测结果是根据标准分类评估指标(例如精度、召回率和 F 度量)进行评估的。实验结果表明,Bellwether 方法实现了从 14.3% 到 97.8% 的 F-measure,这是对基准技术的改进。综上所述,
京公网安备 11010802027423号