The effect of Bellwether analysis on software vulnerability severity prediction models
Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existin...
Gespeichert in:
| Veröffentlicht in: | Software quality journal 2020-12, Vol.28 (4), p.1413-1446 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 1446 |
|---|---|
| container_issue | 4 |
| container_start_page | 1413 |
| container_title | Software quality journal |
| container_volume | 28 |
| creator | Kudjo, Patrick Kwaku Chen, Jinfu Mensah, Solomon Amankwah, Richard Kudjo, Christopher |
| description | Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existing research studies focusing on investigating how a subset of features can be used to improve VSP. To address this deficiency, this paper presents a general framework for VSP using the
Bellwether
analysis (i.e.,
exemplary data
). First, we apply the natural language processing techniques to the textual descriptions of software vulnerability. Next, we developed an algorithm termed
Bellvul
to identify and select an exemplary subset of data (referred to as
Bellwether
) to be considered as the training set to yield improved prediction accuracy against the
growing portfolio
, within-project cases, and the
k-
fold cross-validation subset. Finally, we assessed the performance of four machine learning algorithms, namely, deep neural network, logistic regression, k-nearest neighbor, and random forest using the sampled instances. The prediction results of the suggested models and the benchmark techniques were assessed based on the standard classification evaluation metrics such as precision, recall, and F-measure. The experimental result shows that the
Bellwether
approach achieves F-measure ranging from 14.3% to 97.8%, which is an improvement over the benchmark techniques. In conclusion, the proposed approach is a promising research direction for assisting software engineers when seeking to predict instances of vulnerability records that demand much attention prior to software release. |
| doi_str_mv | 10.1007/s11219-019-09490-1 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2473397709</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2473397709</sourcerecordid><originalsourceid>FETCH-LOGICAL-c319t-97cdcf293a8cc4bb35f08924195489e7d854a9ca906ddbd203b0c2355e6604523</originalsourceid><addsrcrecordid>eNp9kMtOwzAQRS0EEqXwA6wssQ6MH4njJVS8pEpsClvLccY0VZoU2y3q35MoSOxYjGYW51yNLiHXDG4ZgLqLjHGmMxhHSw0ZOyEzliuRMVGoUzIDXYhMCybPyUWMG4BRkzPysVojRe_RJdp7-oBt-41pjYHazrbH2ETadzT2Pn3bgPSwbzsMtmraJh1pxAOG8dgFrBuXmgHd9jW28ZKcedtGvPrdc_L-9LhavGTLt-fXxf0yc4LplGnlaue5FrZ0TlaVyD2Umkumc1lqVHWZS6ud1VDUdVVzEBU4LvIciwJkzsWc3Ey5u9B_7TEms-n3Yfg8Gi6VEFop0APFJ8qFPsaA3uxCs7XhaBiYsQgz9WdgnLE_wwZJTFIc4O4Tw1_0P9YPBD9zww</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2473397709</pqid></control><display><type>article</type><title>The effect of Bellwether analysis on software vulnerability severity prediction models</title><source>Springer Nature - Complete Springer Journals</source><creator>Kudjo, Patrick Kwaku ; Chen, Jinfu ; Mensah, Solomon ; Amankwah, Richard ; Kudjo, Christopher</creator><creatorcontrib>Kudjo, Patrick Kwaku ; Chen, Jinfu ; Mensah, Solomon ; Amankwah, Richard ; Kudjo, Christopher</creatorcontrib><description>Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existing research studies focusing on investigating how a subset of features can be used to improve VSP. To address this deficiency, this paper presents a general framework for VSP using the
Bellwether
analysis (i.e.,
exemplary data
). First, we apply the natural language processing techniques to the textual descriptions of software vulnerability. Next, we developed an algorithm termed
Bellvul
to identify and select an exemplary subset of data (referred to as
Bellwether
) to be considered as the training set to yield improved prediction accuracy against the
growing portfolio
, within-project cases, and the
k-
fold cross-validation subset. Finally, we assessed the performance of four machine learning algorithms, namely, deep neural network, logistic regression, k-nearest neighbor, and random forest using the sampled instances. The prediction results of the suggested models and the benchmark techniques were assessed based on the standard classification evaluation metrics such as precision, recall, and F-measure. The experimental result shows that the
Bellwether
approach achieves F-measure ranging from 14.3% to 97.8%, which is an improvement over the benchmark techniques. In conclusion, the proposed approach is a promising research direction for assisting software engineers when seeking to predict instances of vulnerability records that demand much attention prior to software release.</description><identifier>ISSN: 0963-9314</identifier><identifier>EISSN: 1573-1367</identifier><identifier>DOI: 10.1007/s11219-019-09490-1</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Algorithms ; Artificial neural networks ; Benchmarks ; Compilers ; Computer Science ; Data Structures and Information Theory ; Interpreters ; Machine learning ; Natural language processing ; Operating Systems ; Prediction models ; Programming Languages ; Regression analysis ; Software ; Software Engineering/Programming and Operating Systems ; Software reliability</subject><ispartof>Software quality journal, 2020-12, Vol.28 (4), p.1413-1446</ispartof><rights>Springer Science+Business Media, LLC, part of Springer Nature 2020</rights><rights>Springer Science+Business Media, LLC, part of Springer Nature 2020.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c319t-97cdcf293a8cc4bb35f08924195489e7d854a9ca906ddbd203b0c2355e6604523</citedby><cites>FETCH-LOGICAL-c319t-97cdcf293a8cc4bb35f08924195489e7d854a9ca906ddbd203b0c2355e6604523</cites><orcidid>0000-0002-8145-6530</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11219-019-09490-1$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11219-019-09490-1$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,778,782,27907,27908,41471,42540,51302</link.rule.ids></links><search><creatorcontrib>Kudjo, Patrick Kwaku</creatorcontrib><creatorcontrib>Chen, Jinfu</creatorcontrib><creatorcontrib>Mensah, Solomon</creatorcontrib><creatorcontrib>Amankwah, Richard</creatorcontrib><creatorcontrib>Kudjo, Christopher</creatorcontrib><title>The effect of Bellwether analysis on software vulnerability severity prediction models</title><title>Software quality journal</title><addtitle>Software Qual J</addtitle><description>Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existing research studies focusing on investigating how a subset of features can be used to improve VSP. To address this deficiency, this paper presents a general framework for VSP using the
Bellwether
analysis (i.e.,
exemplary data
). First, we apply the natural language processing techniques to the textual descriptions of software vulnerability. Next, we developed an algorithm termed
Bellvul
to identify and select an exemplary subset of data (referred to as
Bellwether
) to be considered as the training set to yield improved prediction accuracy against the
growing portfolio
, within-project cases, and the
k-
fold cross-validation subset. Finally, we assessed the performance of four machine learning algorithms, namely, deep neural network, logistic regression, k-nearest neighbor, and random forest using the sampled instances. The prediction results of the suggested models and the benchmark techniques were assessed based on the standard classification evaluation metrics such as precision, recall, and F-measure. The experimental result shows that the
Bellwether
approach achieves F-measure ranging from 14.3% to 97.8%, which is an improvement over the benchmark techniques. In conclusion, the proposed approach is a promising research direction for assisting software engineers when seeking to predict instances of vulnerability records that demand much attention prior to software release.</description><subject>Algorithms</subject><subject>Artificial neural networks</subject><subject>Benchmarks</subject><subject>Compilers</subject><subject>Computer Science</subject><subject>Data Structures and Information Theory</subject><subject>Interpreters</subject><subject>Machine learning</subject><subject>Natural language processing</subject><subject>Operating Systems</subject><subject>Prediction models</subject><subject>Programming Languages</subject><subject>Regression analysis</subject><subject>Software</subject><subject>Software Engineering/Programming and Operating Systems</subject><subject>Software reliability</subject><issn>0963-9314</issn><issn>1573-1367</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>8G5</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><sourceid>GUQSH</sourceid><sourceid>M2O</sourceid><recordid>eNp9kMtOwzAQRS0EEqXwA6wssQ6MH4njJVS8pEpsClvLccY0VZoU2y3q35MoSOxYjGYW51yNLiHXDG4ZgLqLjHGmMxhHSw0ZOyEzliuRMVGoUzIDXYhMCybPyUWMG4BRkzPysVojRe_RJdp7-oBt-41pjYHazrbH2ETadzT2Pn3bgPSwbzsMtmraJh1pxAOG8dgFrBuXmgHd9jW28ZKcedtGvPrdc_L-9LhavGTLt-fXxf0yc4LplGnlaue5FrZ0TlaVyD2Umkumc1lqVHWZS6ud1VDUdVVzEBU4LvIciwJkzsWc3Ey5u9B_7TEms-n3Yfg8Gi6VEFop0APFJ8qFPsaA3uxCs7XhaBiYsQgz9WdgnLE_wwZJTFIc4O4Tw1_0P9YPBD9zww</recordid><startdate>20201201</startdate><enddate>20201201</enddate><creator>Kudjo, Patrick Kwaku</creator><creator>Chen, Jinfu</creator><creator>Mensah, Solomon</creator><creator>Amankwah, Richard</creator><creator>Kudjo, Christopher</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>8G5</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M2O</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope><orcidid>https://orcid.org/0000-0002-8145-6530</orcidid></search><sort><creationdate>20201201</creationdate><title>The effect of Bellwether analysis on software vulnerability severity prediction models</title><author>Kudjo, Patrick Kwaku ; Chen, Jinfu ; Mensah, Solomon ; Amankwah, Richard ; Kudjo, Christopher</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c319t-97cdcf293a8cc4bb35f08924195489e7d854a9ca906ddbd203b0c2355e6604523</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Algorithms</topic><topic>Artificial neural networks</topic><topic>Benchmarks</topic><topic>Compilers</topic><topic>Computer Science</topic><topic>Data Structures and Information Theory</topic><topic>Interpreters</topic><topic>Machine learning</topic><topic>Natural language processing</topic><topic>Operating Systems</topic><topic>Prediction models</topic><topic>Programming Languages</topic><topic>Regression analysis</topic><topic>Software</topic><topic>Software Engineering/Programming and Operating Systems</topic><topic>Software reliability</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Kudjo, Patrick Kwaku</creatorcontrib><creatorcontrib>Chen, Jinfu</creatorcontrib><creatorcontrib>Mensah, Solomon</creatorcontrib><creatorcontrib>Amankwah, Richard</creatorcontrib><creatorcontrib>Kudjo, Christopher</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>Research Library (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection (ProQuest)</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Research Library</collection><collection>Research Library (Corporate)</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>Software quality journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kudjo, Patrick Kwaku</au><au>Chen, Jinfu</au><au>Mensah, Solomon</au><au>Amankwah, Richard</au><au>Kudjo, Christopher</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>The effect of Bellwether analysis on software vulnerability severity prediction models</atitle><jtitle>Software quality journal</jtitle><stitle>Software Qual J</stitle><date>2020-12-01</date><risdate>2020</risdate><volume>28</volume><issue>4</issue><spage>1413</spage><epage>1446</epage><pages>1413-1446</pages><issn>0963-9314</issn><eissn>1573-1367</eissn><abstract>Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existing research studies focusing on investigating how a subset of features can be used to improve VSP. To address this deficiency, this paper presents a general framework for VSP using the
Bellwether
analysis (i.e.,
exemplary data
). First, we apply the natural language processing techniques to the textual descriptions of software vulnerability. Next, we developed an algorithm termed
Bellvul
to identify and select an exemplary subset of data (referred to as
Bellwether
) to be considered as the training set to yield improved prediction accuracy against the
growing portfolio
, within-project cases, and the
k-
fold cross-validation subset. Finally, we assessed the performance of four machine learning algorithms, namely, deep neural network, logistic regression, k-nearest neighbor, and random forest using the sampled instances. The prediction results of the suggested models and the benchmark techniques were assessed based on the standard classification evaluation metrics such as precision, recall, and F-measure. The experimental result shows that the
Bellwether
approach achieves F-measure ranging from 14.3% to 97.8%, which is an improvement over the benchmark techniques. In conclusion, the proposed approach is a promising research direction for assisting software engineers when seeking to predict instances of vulnerability records that demand much attention prior to software release.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s11219-019-09490-1</doi><tpages>34</tpages><orcidid>https://orcid.org/0000-0002-8145-6530</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0963-9314 |
| ispartof | Software quality journal, 2020-12, Vol.28 (4), p.1413-1446 |
| issn | 0963-9314 1573-1367 |
| language | eng |
| recordid | cdi_proquest_journals_2473397709 |
| source | Springer Nature - Complete Springer Journals |
| subjects | Algorithms Artificial neural networks Benchmarks Compilers Computer Science Data Structures and Information Theory Interpreters Machine learning Natural language processing Operating Systems Prediction models Programming Languages Regression analysis Software Software Engineering/Programming and Operating Systems Software reliability |
| title | The effect of Bellwether analysis on software vulnerability severity prediction models |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T11%3A39%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=The%20effect%20of%20Bellwether%20analysis%20on%20software%20vulnerability%20severity%20prediction%20models&rft.jtitle=Software%20quality%20journal&rft.au=Kudjo,%20Patrick%20Kwaku&rft.date=2020-12-01&rft.volume=28&rft.issue=4&rft.spage=1413&rft.epage=1446&rft.pages=1413-1446&rft.issn=0963-9314&rft.eissn=1573-1367&rft_id=info:doi/10.1007/s11219-019-09490-1&rft_dat=%3Cproquest_cross%3E2473397709%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2473397709&rft_id=info:pmid/&rfr_iscdi=true |