Early identification of vulnerable software components via ensemble learning

Yulei Pang; Xiaozhen Xue; Akbar Siami Namin

doi:10.1109/ICMLA.2016.83

Early identification of vulnerable software components via ensemble learning

Yulei Pang, Xiaozhen Xue, Akbar Siami Namin

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.

Original language	English
Title of host publication	Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	476-481
Number of pages	6
ISBN (Electronic)	9781509061662
DOIs	https://doi.org/10.1109/ICMLA.2016.83
State	Published - Jan 31 2017
Event	15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016 - Anaheim, United States Duration: Dec 18 2016 → Dec 20 2016

Publication series

Name	Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016

Conference

Conference	15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016
Country/Territory	United States
City	Anaheim
Period	12/18/16 → 12/20/16

Keywords

Ensemble learning
Mislabeled data
Support vector machine
Vulnerability

Access to Document

10.1109/ICMLA.2016.83

Cite this

Pang, Y., Xue, X., & Namin, A. S. (2017). Early identification of vulnerable software components via ensemble learning. In Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016 (pp. 476-481). Article 7838188 (Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICMLA.2016.83

Pang, Yulei ; Xue, Xiaozhen ; Namin, Akbar Siami. / Early identification of vulnerable software components via ensemble learning. Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 476-481 (Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016).

@inproceedings{c42aa5edb40a40989b5acb02358b3fc2,

title = "Early identification of vulnerable software components via ensemble learning",

abstract = "Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.",

keywords = "Ensemble learning, Mislabeled data, Support vector machine, Vulnerability",

author = "Yulei Pang and Xiaozhen Xue and Namin, {Akbar Siami}",

year = "2017",

month = jan,

day = "31",

doi = "10.1109/ICMLA.2016.83",

language = "English",

series = "Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "476--481",

booktitle = "Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016",

note = "15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016 ; Conference date: 18-12-2016 Through 20-12-2016",

}

Pang, Y, Xue, X & Namin, AS 2017, Early identification of vulnerable software components via ensemble learning. in Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016., 7838188, Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016, Institute of Electrical and Electronics Engineers Inc., pp. 476-481, 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016, Anaheim, United States, 12/18/16. https://doi.org/10.1109/ICMLA.2016.83

Early identification of vulnerable software components via ensemble learning. / Pang, Yulei; Xue, Xiaozhen; Namin, Akbar Siami.
Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 476-481 7838188 (Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Early identification of vulnerable software components via ensemble learning

AU - Pang, Yulei

AU - Xue, Xiaozhen

AU - Namin, Akbar Siami

PY - 2017/1/31

Y1 - 2017/1/31

N2 - Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.

AB - Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.

KW - Ensemble learning

KW - Mislabeled data

KW - Support vector machine

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=85015387749&partnerID=8YFLogxK

U2 - 10.1109/ICMLA.2016.83

DO - 10.1109/ICMLA.2016.83

M3 - Conference contribution

AN - SCOPUS:85015387749

T3 - Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016

SP - 476

EP - 481

BT - Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016

Y2 - 18 December 2016 through 20 December 2016

ER -

Pang Y, Xue X, Namin AS. Early identification of vulnerable software components via ensemble learning. In Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016. Institute of Electrical and Electronics Engineers Inc. 2017. p. 476-481. 7838188. (Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016). doi: 10.1109/ICMLA.2016.83

Early identification of vulnerable software components via ensemble learning

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this