Title :
Reducing False Alarms from an Industrial-Strength Static Analyzer by SVM
Author :
Jongwon Yoon ; Minsik Jin ; Yungbum Jung
Author_Institution :
Fasoo.com., Inc., Seoul, South Korea
Abstract :
Static analysis tools are useful to find potential bugs and security vulnerabilities in a source code, however, false alarms from such tools lower their usability. In order to reduce various kinds of false alarms and enhance the performance of the tools, we propose a machine learning based false alarm reduction method. Abstract syntax trees (AST) are used to represent structural characteristics and support vector machine (SVM) is used to learn models and classify new alarms using probability. This probability is used to remove false alarms. To evaluate the proposed method, we performed experiments using a static analysis tool, SPARROW, and Java open source projects. As a result, 37.33% of false alarms were reduced, with only removing 3.16% of true alarms.
Keywords :
Java; alarm systems; learning (artificial intelligence); probability; program debugging; program diagnostics; project management; public domain software; source code (software); support vector machines; AST; Java open source projects; SPARROW; SVM; abstract syntax trees; industrial-strength static analyzer; machine learning based false alarm reduction method; probability; security vulnerabilities; source code bugs; static analysis tools; structural characteristics; support vector machine; Bayes methods; Computer bugs; Feature extraction; Predictive models; Semantics; Software; Support vector machines; false alarm detection; machine learning; static analysis;
Conference_Titel :
Software Engineering Conference (APSEC), 2014 21st Asia-Pacific
Print_ISBN :
978-1-4799-7425-2
DOI :
10.1109/APSEC.2014.81
