Title :
Predicting Vulnerable Software Components via Text Mining
Author :
Scandariato, Riccardo ; Walden, James ; Hovsepyan, Aram ; Joosen, Wouter
Author_Institution :
IBBT-DistriNet, KU Leuven, Leuven, Belgium
Abstract :
This paper presents an approach based on machine learning to predict which components of a software application contain security vulnerabilities. The approach is based on text mining the source code of the components. Namely, each component is characterized as a series of terms contained in its source code, with the associated frequencies. These features are used to forecast whether each component is likely to contain vulnerabilities. In an exploratory validation with 20 Android applications, we discovered that a dependable prediction model can be built. Such model could be useful to prioritize the validation activities, e.g., to identify the components needing special scrutiny.
Keywords :
data mining; learning (artificial intelligence); program verification; security of data; Android application; machine learning; security vulnerability; source code; text mining; vulnerable software component; Androids; Humanoid robots; Measurement; Predictive models; Security; Software; Text mining; Vulnerabilities; machine learning; prediction model;
Journal_Title :
Software Engineering, IEEE Transactions on
DOI :
10.1109/TSE.2014.2340398
