Verifying Software Code Vulnerabilities Using Machine Learning and Classification Techniques
Guardado en:
| Publicado en: | ProQuest Dissertations and Theses (2019) |
|---|---|
| Autor principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | Software assurance analysts deal with thousands of potential vulnerabilities many of which are false positives during the process of static code analysis. Manual review of all such potential vulnerabilities is tedious, time consuming, and frequently impractical. This dissertation presents a novel classification algorithm along with its variants that successfully label true and false vulnerabilities in software code. A selection process identifies the most important features utilized in the algorithm to detect and distinguish the true and false positive findings of the static code analysis results. This has been accomplished by an empirical and semantic method of identifying and using personal identifier as a critical feature for the classification. The approach has been validated by experimentation and comparison against thirteen existing classifiers. Extensive experiments were conducted using multiple production code and open source code with the aid of a variety of static code analysis tools. The results show significant improvements in Accuracy, Precision, and Recall, outperforming all participating classifiers, leading to significant improvements in the security posture of a software system. |
|---|---|
| ISBN: | 9781392226100 |
| Fuente: | ProQuest Dissertations & Theses Global |