Machine Learning-Based False Positive Software Vulnerability Analysis

Authors

  • Mohammad Shahid Department of Computer Science & Engineering, Noida Institute of Engineering & Technology, India
  • Sunil Gupta Department of Computer Science and Engineering Chitkara University Institute of Engineering & Technology, Chitkara University, India
  • MS. Sofia Pillai Department of Artificial Intelligence, Noida Institute of Engineering & Technology, Greater Noida, India

DOI:

https://doi.org/10.58260/j.iet.2202.0105

Keywords:

Machine Learning, Supervised Learning, Vulnerabilities, Software, Clustering Algorithm

Abstract

Measurements and fault data from an older software version were used to build the fault prediction model for the new release. When past fault data isn't available, it's a problem. The software industry's assessment of programme module failure rates without fault labels is a difficult task. Unsupervised learning can be used to build a software fault prediction model when module defect labels are not available. These techniques can help identify programme modules that are more prone to errors. One method is to make use of clustering algorithms. Software module failures can be predicted using unsupervised techniques such as clustering when fault labels are not available. Machine learning clustering-based software failure prediction is our approach to solving this complex problem.

References

Saikat Chakraborty;Rahul Krishna;Yangruibo Ding;Baishakhi Ray “Deep Learning based Vulnerability Detection: Are They have There Yet” IEEE Transactions on Software Engineering Year: 2021 | Early Access Article | Publisher: IEEE

Yang Xiao;Zhengzi Xu;They haveithey havei Zhang;Chendong Yu;Longquan Liu;They havei Zou;Zimu Yuan;Yang Liu;Aihua Piao;They havei Huo “VIVA: Binary Level Vulnerability Identification via Partial Signature” 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Year: 2021 | Conference Paper | Publisher: IEEE

Yunhui Zheng;Saurabh Pujar;Burn Lewis;Luca Buratti;Edward Epstein;Bo Yang;Jim Laredo;Alessandro Morari;Zhong Su “D2A: A Dataset Built for AI-Based Vulnerability Detection Methods Using Differential Analysis” 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) Year: 2021 | Conference Paper | Publisher: IEEE

Binh Hy Dang “A Practical Approach for Ranking Software Warnings from Multiple Static Code Analysis Reports” 2020 SoutheastCon Year: 2020 | Volume: 2 | Conference Paper | Publisher: IEEE

José D’Abruzzo Pereira “Techniques and Tools for Advanced Software Vulnerability Detection” 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Year: 2020 | Conference Paper | Publisher: IEEE

V. Bhattacherjee and P.S. Bishnu, “Software VULNERABILITIES Prediction and Defect Estimation Using Machine Learning and KMedoids Algorithm” –2011

P.S. Bishnu and V. Bhattacherjee , “Application of K-Medoids with kd-Tree for Software VULNERABILITIES Prediction” –, 2011

P.S. Bishnu and V. Bhattacherjee, “Outlier Detection Technique Using Quad Tree” –, 2009

Goyal A.,Sharma V.K. and K. Sandeep, “Development of hybrid ad hoc on demand distance vector routing protocol in mobile ad hoc network” , International Journal on Emerging Technologies,11(2), pp. 135–139,2020.

Goyal A.,Rathore L. and k. sandeep, “A Survey on Solution of Imbalanced Data Classification Problem Using SMOTE and Extreme Learning Machine”, Lecture Notes in Networks and Systems, 204, pp. 31–44, 2021

S. Zhong, T.M. Khoshgoftaar, and N. Seliya, “Analyzing Software Measurement Data with Clustering Techniques” , 2004

C. Catal, U. Sevim, and B. Diri, “Clustering and Metrics Threshold Based Software VULNERABILITIES Prediction of Unlabeled Program Modules” , 2009

Goyal A, Sharma V.K., ”Modifying the MANET routing algorithm by GBR CNR-efficient neighbor selection algorithm”, International Journal of Innovative Technology and Exploring Engineering, 8(10), pp. 912–917, 2019

Philip K Chan and Richard P Lippmann. Machine learning for computer security. Journal of Machine Learning Research, 7(Dec):2669–2672, 2006.

Brian Chess and Gary McGraw. Static analysis for security. IEEE security & privacy, 2(6):76–79, 2004

Wes Felter, Alexandre Ferreira, Ram Rajamony, and Juan Rubio. An updated performance comparison of virtual machines and linux containers. In 2015 IEEE international symposium on performance analysis of systems and software (ISPASS), pages 171–172. IEEE, 2015

Samuel Gonçalves Ferreira. Vulnerabilities fast scan - tackling sast performance issues with machine learning. Master’s thesis, University of Minho, 2019.

Dr. Mohammad Shahid” “Black Hole Detection and Prevention Using Digital Signature and SEP in MANET” in the 10th IEEE International Conference on Emerging Trends in Engineering & Technology Signal and Information Processing (ICETET SIP-22) held during April 29-30, 2022 at G H Raisoni College of Engineering, Nagpur (India).

MOHAMMAD SHAHID” Efficient and Reliable Packet Routing Solutions for Wireless Sensor Networks” 3RD INTERNATIONAL CONFERENCE (ONLINE) ON INNOVATIONS IN COMMUNICATION COMPUTING AND SCIENCES (ICCS-2021)

Rahma Mahmood and Qusay H Mahmoud. Evaluation of static analysis tools for finding vulnerabilities in Java and C/C++ source code. arXiv preprint, 2018. arXiv:1805.09040

D. Steinley and M.J. Brusco, “Initializing K-Means Batch Clustering: A Critical Evaluation of Several Techniques” , 2007

Downloads

Published

2022-06-15

How to Cite

Mohammad Shahid, Sunil Gupta, & MS. Sofia Pillai. (2022). Machine Learning-Based False Positive Software Vulnerability Analysis. Global Journal of Innovation and Emerging Technology, 1(1), 29–35. https://doi.org/10.58260/j.iet.2202.0105

Issue

Vol. 1 No. 1 (2022): JAN-JUN

Section

Research Article

Categories

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.