Early identification of vulnerable software components via ensemble learning

Yulei Pang, Xiaozhen Xue, Akbar Siami Namin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.

Original languageEnglish
Title of host publicationProceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages476-481
Number of pages6
ISBN (Electronic)9781509061662
DOIs
StatePublished - Jan 31 2017
Event15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016 - Anaheim, United States
Duration: Dec 18 2016Dec 20 2016

Publication series

NameProceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016

Conference

Conference15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016
CountryUnited States
CityAnaheim
Period12/18/1612/20/16

Keywords

  • Ensemble learning
  • Mislabeled data
  • Support vector machine
  • Vulnerability

Fingerprint Dive into the research topics of 'Early identification of vulnerable software components via ensemble learning'. Together they form a unique fingerprint.

  • Cite this

    Pang, Y., Xue, X., & Namin, A. S. (2017). Early identification of vulnerable software components via ensemble learning. In Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016 (pp. 476-481). [7838188] (Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICMLA.2016.83