Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security.
Saved in:
| Title: | Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security. |
|---|---|
| Authors: | Zhang, Mengyuan, de Carne de Carnavalet, Xavier, Wang, Lingyu, Ragab, Ahmed |
| Source: | IEEE Transactions on Information Forensics & Security; 2019, Vol. 14 Issue 9, p2315-2330, 16p |
| Abstract: | Existing research on vulnerability discovery models shows that the existence of vulnerabilities inside an application may be linked to certain features, e.g., size or complexity, of that application. However, the applicability of such features to demonstrate the relative security between two applications is not well studied, which may depend on multiple factors in a complex way. In this paper, we perform the first large-scale empirical study of the correlation between various features of applications and the abundance of vulnerabilities. Unlike existing work, which typically focuses on one particular application, resulting in limited successes, we focus on the more realistic issue of assessing the relative security level among different applications. To the best of our knowledge, this is the most comprehensive study of 780 real-world applications involving 6498 vulnerabilities. We apply seven feature selection methods to nine feature subsets selected among 34 collected features, which are then fed into six types of machine learning models, producing 523 estimations. The predictive power of important features is evaluated using four different performance measures. This paper reflects that the complexity of applications is not the only factor in vulnerability discovery and the human-related factors contribute to explaining the number of discovered vulnerabilities in an application. [ABSTRACT FROM AUTHOR] |
| Copyright of IEEE Transactions on Information Forensics & Security is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Complementary Index |
Full Text Finder 
Nájsť tento článok vo Web of Science Be the first to leave a comment!