Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions
The rapid rise of cyber-crime activities and the growing number of devices threatened by them place software security issues in the spotlight. As around 90% of all attacks exploit known types of security issues, finding vulnerable components and applying existing mitigation techniques is a viable pr...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2024-05 |
|---|---|
| Hauptverfasser: | , , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Ferenc, Rudolf Hegedűs, Péter Gyimesi, Péter Antal, Gábor Bán, Dénes Gyimóthy, Tibor |
| description | The rapid rise of cyber-crime activities and the growing number of devices threatened by them place software security issues in the spotlight. As around 90% of all attacks exploit known types of security issues, finding vulnerable components and applying existing mitigation techniques is a viable practical approach for fighting against cyber-crime. In this paper, we investigate how the state-of-the-art machine learning techniques, including a popular deep learning algorithm, perform in predicting functions with possible security vulnerabilities in JavaScript programs. We applied 8 machine learning algorithms to build prediction models using a new dataset constructed for this research from the vulnerability information in public databases of the Node Security Project and the Snyk platform, and code fixing patches from GitHub. We used static source code metrics as predictors and an extensive grid-search algorithm to find the best performing models. We also examined the effect of various re-sampling strategies to handle the imbalanced nature of the dataset. The best performing algorithm was KNN, which created a model for the prediction of vulnerable functions with an F-measure of 0.76 (0.91 precision and 0.66 recall). Moreover, deep learning, tree and forest based classifiers, and SVM were competitive with F-measures over 0.70. Although the F-measures did not vary significantly with the re-sampling strategies, the distribution of precision and recall did change. No re-sampling seemed to produce models preferring high precision, while re-sampling strategies balanced the IR measures. |
| format | Article |
| fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_3054657766</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3054657766</sourcerecordid><originalsourceid>FETCH-proquest_journals_30546577663</originalsourceid><addsrcrecordid>eNqNyt8KgjAchuERBEl5D4OOhbW52WlIElEQ9OdUli2drN9sc11_Cl1ARx-8zzdBEWVslaxTSmco9r4lhFCRUc5ZhK55I41RUGuo8VFWjQaFD0o6GMPG1Nbpvnl5rAGfnHroqh_hFgwoJ-9G4b38yHPldNfjIsDAFvwCTZ_SeBX_do6WxfaS75LO2XdQvi9bGxwMVDLCU8GzTAj23-sL5ltBNw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3054657766</pqid></control><display><type>article</type><title>Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions</title><source>Free E- Journals</source><creator>Ferenc, Rudolf ; Hegedűs, Péter ; Gyimesi, Péter ; Antal, Gábor ; Bán, Dénes ; Gyimóthy, Tibor</creator><creatorcontrib>Ferenc, Rudolf ; Hegedűs, Péter ; Gyimesi, Péter ; Antal, Gábor ; Bán, Dénes ; Gyimóthy, Tibor</creatorcontrib><description>The rapid rise of cyber-crime activities and the growing number of devices threatened by them place software security issues in the spotlight. As around 90% of all attacks exploit known types of security issues, finding vulnerable components and applying existing mitigation techniques is a viable practical approach for fighting against cyber-crime. In this paper, we investigate how the state-of-the-art machine learning techniques, including a popular deep learning algorithm, perform in predicting functions with possible security vulnerabilities in JavaScript programs. We applied 8 machine learning algorithms to build prediction models using a new dataset constructed for this research from the vulnerability information in public databases of the Node Security Project and the Snyk platform, and code fixing patches from GitHub. We used static source code metrics as predictors and an extensive grid-search algorithm to find the best performing models. We also examined the effect of various re-sampling strategies to handle the imbalanced nature of the dataset. The best performing algorithm was KNN, which created a model for the prediction of vulnerable functions with an F-measure of 0.76 (0.91 precision and 0.66 recall). Moreover, deep learning, tree and forest based classifiers, and SVM were competitive with F-measures over 0.70. Although the F-measures did not vary significantly with the re-sampling strategies, the distribution of precision and recall did change. No re-sampling seemed to produce models preferring high precision, while re-sampling strategies balanced the IR measures.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Algorithms ; Crime ; Datasets ; Deep learning ; Machine learning ; Performance prediction ; Prediction models ; Recall ; Sampling ; Search algorithms ; Security ; Source code</subject><ispartof>arXiv.org, 2024-05</ispartof><rights>2024. This work is published under http://creativecommons.org/licenses/by-nc-sa/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>778,782</link.rule.ids></links><search><creatorcontrib>Ferenc, Rudolf</creatorcontrib><creatorcontrib>Hegedűs, Péter</creatorcontrib><creatorcontrib>Gyimesi, Péter</creatorcontrib><creatorcontrib>Antal, Gábor</creatorcontrib><creatorcontrib>Bán, Dénes</creatorcontrib><creatorcontrib>Gyimóthy, Tibor</creatorcontrib><title>Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions</title><title>arXiv.org</title><description>The rapid rise of cyber-crime activities and the growing number of devices threatened by them place software security issues in the spotlight. As around 90% of all attacks exploit known types of security issues, finding vulnerable components and applying existing mitigation techniques is a viable practical approach for fighting against cyber-crime. In this paper, we investigate how the state-of-the-art machine learning techniques, including a popular deep learning algorithm, perform in predicting functions with possible security vulnerabilities in JavaScript programs. We applied 8 machine learning algorithms to build prediction models using a new dataset constructed for this research from the vulnerability information in public databases of the Node Security Project and the Snyk platform, and code fixing patches from GitHub. We used static source code metrics as predictors and an extensive grid-search algorithm to find the best performing models. We also examined the effect of various re-sampling strategies to handle the imbalanced nature of the dataset. The best performing algorithm was KNN, which created a model for the prediction of vulnerable functions with an F-measure of 0.76 (0.91 precision and 0.66 recall). Moreover, deep learning, tree and forest based classifiers, and SVM were competitive with F-measures over 0.70. Although the F-measures did not vary significantly with the re-sampling strategies, the distribution of precision and recall did change. No re-sampling seemed to produce models preferring high precision, while re-sampling strategies balanced the IR measures.</description><subject>Algorithms</subject><subject>Crime</subject><subject>Datasets</subject><subject>Deep learning</subject><subject>Machine learning</subject><subject>Performance prediction</subject><subject>Prediction models</subject><subject>Recall</subject><subject>Sampling</subject><subject>Search algorithms</subject><subject>Security</subject><subject>Source code</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNqNyt8KgjAchuERBEl5D4OOhbW52WlIElEQ9OdUli2drN9sc11_Cl1ARx-8zzdBEWVslaxTSmco9r4lhFCRUc5ZhK55I41RUGuo8VFWjQaFD0o6GMPG1Nbpvnl5rAGfnHroqh_hFgwoJ-9G4b38yHPldNfjIsDAFvwCTZ_SeBX_do6WxfaS75LO2XdQvi9bGxwMVDLCU8GzTAj23-sL5ltBNw</recordid><startdate>20240512</startdate><enddate>20240512</enddate><creator>Ferenc, Rudolf</creator><creator>Hegedűs, Péter</creator><creator>Gyimesi, Péter</creator><creator>Antal, Gábor</creator><creator>Bán, Dénes</creator><creator>Gyimóthy, Tibor</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20240512</creationdate><title>Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions</title><author>Ferenc, Rudolf ; Hegedűs, Péter ; Gyimesi, Péter ; Antal, Gábor ; Bán, Dénes ; Gyimóthy, Tibor</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_30546577663</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Algorithms</topic><topic>Crime</topic><topic>Datasets</topic><topic>Deep learning</topic><topic>Machine learning</topic><topic>Performance prediction</topic><topic>Prediction models</topic><topic>Recall</topic><topic>Sampling</topic><topic>Search algorithms</topic><topic>Security</topic><topic>Source code</topic><toplevel>online_resources</toplevel><creatorcontrib>Ferenc, Rudolf</creatorcontrib><creatorcontrib>Hegedűs, Péter</creatorcontrib><creatorcontrib>Gyimesi, Péter</creatorcontrib><creatorcontrib>Antal, Gábor</creatorcontrib><creatorcontrib>Bán, Dénes</creatorcontrib><creatorcontrib>Gyimóthy, Tibor</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection (ProQuest)</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ferenc, Rudolf</au><au>Hegedűs, Péter</au><au>Gyimesi, Péter</au><au>Antal, Gábor</au><au>Bán, Dénes</au><au>Gyimóthy, Tibor</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions</atitle><jtitle>arXiv.org</jtitle><date>2024-05-12</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>The rapid rise of cyber-crime activities and the growing number of devices threatened by them place software security issues in the spotlight. As around 90% of all attacks exploit known types of security issues, finding vulnerable components and applying existing mitigation techniques is a viable practical approach for fighting against cyber-crime. In this paper, we investigate how the state-of-the-art machine learning techniques, including a popular deep learning algorithm, perform in predicting functions with possible security vulnerabilities in JavaScript programs. We applied 8 machine learning algorithms to build prediction models using a new dataset constructed for this research from the vulnerability information in public databases of the Node Security Project and the Snyk platform, and code fixing patches from GitHub. We used static source code metrics as predictors and an extensive grid-search algorithm to find the best performing models. We also examined the effect of various re-sampling strategies to handle the imbalanced nature of the dataset. The best performing algorithm was KNN, which created a model for the prediction of vulnerable functions with an F-measure of 0.76 (0.91 precision and 0.66 recall). Moreover, deep learning, tree and forest based classifiers, and SVM were competitive with F-measures over 0.70. Although the F-measures did not vary significantly with the re-sampling strategies, the distribution of precision and recall did change. No re-sampling seemed to produce models preferring high precision, while re-sampling strategies balanced the IR measures.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2024-05 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_proquest_journals_3054657766 |
| source | Free E- Journals |
| subjects | Algorithms Crime Datasets Deep learning Machine learning Performance prediction Prediction models Recall Sampling Search algorithms Security Source code |
| title | Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T12%3A43%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Challenging%20Machine%20Learning%20Algorithms%20in%20Predicting%20Vulnerable%20JavaScript%20Functions&rft.jtitle=arXiv.org&rft.au=Ferenc,%20Rudolf&rft.date=2024-05-12&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E3054657766%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3054657766&rft_id=info:pmid/&rfr_iscdi=true |