期刊
KNOWLEDGE-BASED SYSTEMS
卷 241, 期 -, 页码 -出版社
ELSEVIER
DOI: 10.1016/j.knosys.2022.108293
关键词
Software security; Security bug report prediction; Domain knowledge; Knowledge graph; Entity recognition
资金
- Key R&D Program in Shaanxi Province, China [2021GY-041]
- National Nat-ural Science Foundation of China special project capability-based construction method and execution mechanisms for ubiquitous operating systems [62141208]
To improve the effectiveness of software security bug report (SBR) prediction, this study enhances supervised machine learning-based SBR prediction with software security domain knowledge. By establishing entity relationships and constructing knowledge graphs, the domain knowledge-guided approach achieved a 52% improvement in prediction effectiveness, according to experimental evaluation on 5 open-source SBR datasets.
To eliminate security attack risks of software products, the security bug report (SBR) prediction has been increasingly investigated. However, there is still much room for improving the performance of automatic SBR prediction. This work is inspired by the work of two recent studies proposed by Peters et al. and Wu et al., which focused on SBR prediction and have been published on the top tier journal TSE (IEEE Transactions on Software Engineering). The goal of this work is to improve the effectiveness of supervised machine learning-based SBR prediction with the help of software security domain knowledge. First, we split the words in summary and description fields of the SBRs. Then, we use customized relationships to label entities and build a rule-based entity recognition corpus. After that, we establish relationships between entities and construct knowledge graphs. The information of CWE (Common Weakness Enumeration) is used to expand our corpus and the security-related words and phrases are integrated. Finally, we predict SBRs from target project by calculating the cosine similarity between our integrated corpus and the target bug reports. Our experimental evaluation on 5 open-source SBR datasets shows that our domain knowledge-guided approach could improve the effectiveness of SBRs prediction by 52% in terms of F1-score on average. (c) 2022 Elsevier B.V. All rights reserved.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据