Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Machine Learning Based System for the Control and Evaluation of Programming Vulnerabilities

  • Conference paper
  • First Online:
Ambient Intelligence—Software and Applications—13th International Symposium on Ambient Intelligence (ISAmI 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 603))

Included in the following conference series:

Abstract

With the increasing role of technologies in our daily lives, software security has become an important issue to provide protection from malicious attacks and ultimately avoid irreversible damage to systems. The collection of data reflecting the quality of programming allows the application and training of machine learning algorithms to predict if potential software vulnerabilities are in a script, knowing some of its features. We examine if these algorithms can be used to predict some score that reflects the severity of vulnerabilities in a script prior to release. To this end, we develop a crucial preprocessing stage to define a metric that reflects the programmer evolution over time and be aware of future flaws in his code. To provide a comprehensive performance assessment, we use a private dataset containing labelled vulnerabilities of a programmer over time recorded by code snippet. Ultimately, an effective early diagnosis system is obtained.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Dempsey, K., Paul, E., George, M., Takamura, E.: In: Automation Support for Security: Software Vulnerability Management. NIST (2020)

    Google Scholar 

  2. Rebecca, L., Russell, Kim, L.: Automated vulnerability detection in source code using deep representation learning. In: IEEE International Conference on Machine Learning and Applications (IEEE ICMLA 2018), Orlando, Florida, USA (2018)

    Google Scholar 

  3. Bilgin, Z., Ersoy, M.A.: Vulnerability prediction from source code using machine learning. pp. 8. (2020)

    Google Scholar 

  4. Delaitre, A.M., Stivalet, B.C.: Sate V report: ten years of static analysis tool expositions (2018)

    Google Scholar 

  5. Engler, D., Chen, D.Y.: Bugs as deviant behavior: a general approach to inferring errors in systems code. 35(5) (2001)

    Google Scholar 

  6. Kim, S., Woo, S.: (s.f.). VUDDY: a scalable approach for vulnerable code clone discovery (2017)

    Google Scholar 

  7. Engler, D.A.: Under-constrained symbolic execution: correctness checking for real code (2015)

    Google Scholar 

  8. Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., ... Zhong, Y. Vuldeepecker: a deep learning-based system for vulnerability detection (2018). arXiv preprint arXiv:1801.01681

  9. M. Sutton, Greene, A.: Fuzzing: brute force vulnerability discovery (2007)

    Google Scholar 

  10. Song, J.N.: Dynamic taint analysis for automatic detection analysis and signature generation of exploits on commodity software (2005)

    Google Scholar 

  11. Li, X., Wang, L.: Automated software vulnerability detection based on hybrid neural network. Appl. Sci. (2021)

    Google Scholar 

  12. Jiang, J., Wen, S.: Identifying propagation sources in networks: state-of-the-art and comparative studies. 19(1) (2017)

    Google Scholar 

  13. Shin, Y., Ersoy, A.M.: Evaluating complexity code churn and developer activity metrics as indicators of software vulnerabilities. 37(6) (2011)

    Google Scholar 

  14. Rahimi, S., Zargham, M.: Vulnerability scrying method for software vulnerability discovery prediction without a vulnerability database. 2(62) (2013)

    Google Scholar 

  15. Alhazmi, O.H., Malaiya, M.Y.: Quantitative vulnerability assessment of systems software. In: Reliability and Maintainability Symposium (2005)

    Google Scholar 

  16. Friedman, J.: Greedy function approximation: a gradient boosting machine. 5(29) (2001)

    Google Scholar 

  17. Hastie, T.T.: The elements of statistical learning: data mining, inference and prediction (2009)

    Google Scholar 

  18. Johnson, M.K.: In: Applied predictive modeling. Springer (2013)

    Google Scholar 

  19. Ban, X., Liu, S., Chen, C., Chua, C.: A performance evaluation of deep-learnt features for software vulnerability detection. Concurrency and Comput.: Practice and Exper. 31(19), e5103 (2019)

    Article  Google Scholar 

Download references

Acknowledgements

This research work has been funded by the Spanish Ministry of Energy, Tourism and Digital Agenda, project “TrustedCoding: Plataforma de detección de vulnerabilidades y aprendizaje de soluciones para una codificación segura e inteligente” with ID: TSI- 100906-2019-6.

Author information

Authors and Affiliations

  1. AIR Institute. Edificio PCUVa, Módulo 117-118 Campus Miguel Delibes Paseo de Belén, 9A 47011, Valladolid, Spain

    María Alonso-García & Juan M. Corchado

  2. BISITE Research Group, Facultad de Ciencias, Universidad de Salamanca, Calle Espejo, sn, 37007, Salamanca, Spain

    María Alonso-García & Juan M. Corchado

  3. Madison Experience Marketing., Calle de Enrique Cubero, 9, 47014, Valladolid, Spain

    Rubén Fuente-Alonso

Authors
  1. María Alonso-García
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rubén Fuente-Alonso
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juan M. Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to María Alonso-García .

Editor information

Editors and Affiliations

  1. Universitat Politècnica de València, Valencia, Valencia, Spain

    Vicente Julián

  2. ISEP/GECAD, Porto, Portugal

    João Carneiro

  3. Científico Universidad de Salamanca, AIR Institute Villamayor, Parque, Salamanca, Spain

    Ricardo S. Alonso

  4. Edificio I+D+i (24.2), University of Salamanca, Salamanca, Salamanca, Spain

    Pablo Chamoso

  5. Departamento de Informática, University of Minho, Braga, Portugal

    Paulo Novais

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alonso-García, M., Fuente-Alonso, R., Corchado, J.M. (2023). Machine Learning Based System for the Control and Evaluation of Programming Vulnerabilities. In: Julián, V., Carneiro, J., Alonso, R.S., Chamoso, P., Novais, P. (eds) Ambient Intelligence—Software and Applications—13th International Symposium on Ambient Intelligence. ISAmI 2022. Lecture Notes in Networks and Systems, vol 603. Springer, Cham. https://doi.org/10.1007/978-3-031-22356-3_17

Download citation

Publish with us

Policies and ethics

Search

Navigation