{"title":"Reducing False Alarms from an Industrial-Strength Static Analyzer by SVM","authors":"J. Yoon, Minsik Jin, Yungbum Jung","doi":"10.1109/APSEC.2014.81","DOIUrl":null,"url":null,"abstract":"Static analysis tools are useful to find potential bugs and security vulnerabilities in a source code, however, false alarms from such tools lower their usability. In order to reduce various kinds of false alarms and enhance the performance of the tools, we propose a machine learning based false alarm reduction method. Abstract syntax trees (AST) are used to represent structural characteristics and support vector machine (SVM) is used to learn models and classify new alarms using probability. This probability is used to remove false alarms. To evaluate the proposed method, we performed experiments using a static analysis tool, SPARROW, and Java open source projects. As a result, 37.33% of false alarms were reduced, with only removing 3.16% of true alarms.","PeriodicalId":380881,"journal":{"name":"2014 21st Asia-Pacific Software Engineering Conference","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 21st Asia-Pacific Software Engineering Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC.2014.81","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 25
Abstract
Static analysis tools are useful to find potential bugs and security vulnerabilities in a source code, however, false alarms from such tools lower their usability. In order to reduce various kinds of false alarms and enhance the performance of the tools, we propose a machine learning based false alarm reduction method. Abstract syntax trees (AST) are used to represent structural characteristics and support vector machine (SVM) is used to learn models and classify new alarms using probability. This probability is used to remove false alarms. To evaluate the proposed method, we performed experiments using a static analysis tool, SPARROW, and Java open source projects. As a result, 37.33% of false alarms were reduced, with only removing 3.16% of true alarms.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
