Domain knowledge-based security bug reports prediction
To eliminate security attack risks of software products, the security bug report (SBR) prediction has been increasingly investigated. However, there is still much room for improving the performance of automatic SBR prediction. This work is inspired by the work of two recent studies proposed by Peter...
Gespeichert in:
Veröffentlicht in: | Knowledge-based systems 2022-04, Vol.241, p.108293, Article 108293 |
---|---|
Hauptverfasser: | , , , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | To eliminate security attack risks of software products, the security bug report (SBR) prediction has been increasingly investigated. However, there is still much room for improving the performance of automatic SBR prediction. This work is inspired by the work of two recent studies proposed by Peters et al. and Wu et al., which focused on SBR prediction and have been published on the top tier journal TSE (IEEE Transactions on Software Engineering). The goal of this work is to improve the effectiveness of supervised machine learning-based SBR prediction with the help of software security domain knowledge. First, we split the words in summary and description fields of the SBRs. Then, we use customized relationships to label entities and build a rule-based entity recognition corpus. After that, we establish relationships between entities and construct knowledge graphs. The information of CWE (Common Weakness Enumeration) is used to expand our corpus and the security-related words and phrases are integrated. Finally, we predict SBRs from target project by calculating the cosine similarity between our integrated corpus and the target bug reports. Our experimental evaluation on 5 open-source SBR datasets shows that our domain knowledge-guided approach could improve the effectiveness of SBRs prediction by 52% in terms of F1-score on average. |
---|---|
ISSN: | 0950-7051 1872-7409 |
DOI: | 10.1016/j.knosys.2022.108293 |