Traceability identifies dependencies between software artifacts facilitating the impact analysis of modifications to requirements, design and code. There is limited application of traceability in industry due to the complexity of traceability models and lack of tools. In this paper, we present simplified rules to define trace link types. To store and represent trace links, we implement a traceability repository as a native graph database. This is in contrast to other approaches that use structured files for storage or traceability matrices for representation. In addition, we present a methodology to apply our proposed rules to create trace links using three datasets. We demonstrate the advantage of the graph traceability repository over current representation and storage methods in visualizing traceability links, facilitating the derivation of new trace links and in query response times.
{"title":"Implementing Traceability Repositories as Graph Databases for Software Quality Improvement","authors":"R. Elamin, Rasha Osman","doi":"10.1109/QRS.2018.00040","DOIUrl":"https://doi.org/10.1109/QRS.2018.00040","url":null,"abstract":"Traceability identifies dependencies between software artifacts facilitating the impact analysis of modifications to requirements, design and code. There is limited application of traceability in industry due to the complexity of traceability models and lack of tools. In this paper, we present simplified rules to define trace link types. To store and represent trace links, we implement a traceability repository as a native graph database. This is in contrast to other approaches that use structured files for storage or traceability matrices for representation. In addition, we present a methodology to apply our proposed rules to create trace links using three datasets. We demonstrate the advantage of the graph traceability repository over current representation and storage methods in visualizing traceability links, facilitating the derivation of new trace links and in query response times.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"401 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122787647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Physical computing, which builds interactive systems between the physical world and computers, has been widely used in a wide variety of domains and applications, e.g., the Internet of Things (IoT). Although physical computing has witnessed enormous realisations, testing these physical computing systems still face many challenges, such as potential circuit related bugs which are not part of the software problems, the timing issue which decreasing the testability, etc.; therefore, we proposed a mutation testing approach for physical computing systems to enable engineers to judge the quality of their tests in a more accurate way. The main focus is the communication between the software and peripherals. More particular, we first defined a set of mutation operators based on the common communication errors between the software and peripherals that could happen in the software. We conducted a preliminary experiment on nine physical computing projects based on the Raspberry Pi and Arduino platforms. The results show that our mutation testing method can assess the test suite quality effectively in terms of weakness and inadequacy.
{"title":"Mutation Testing for Physical Computing","authors":"Qianqian Zhu, A. Zaidman","doi":"10.1109/QRS.2018.00042","DOIUrl":"https://doi.org/10.1109/QRS.2018.00042","url":null,"abstract":"Physical computing, which builds interactive systems between the physical world and computers, has been widely used in a wide variety of domains and applications, e.g., the Internet of Things (IoT). Although physical computing has witnessed enormous realisations, testing these physical computing systems still face many challenges, such as potential circuit related bugs which are not part of the software problems, the timing issue which decreasing the testability, etc.; therefore, we proposed a mutation testing approach for physical computing systems to enable engineers to judge the quality of their tests in a more accurate way. The main focus is the communication between the software and peripherals. More particular, we first defined a set of mutation operators based on the common communication errors between the software and peripherals that could happen in the software. We conducted a preliminary experiment on nine physical computing projects based on the Raspberry Pi and Arduino platforms. The results show that our mutation testing method can assess the test suite quality effectively in terms of weakness and inadequacy.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123287065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained access control and accountability. An obligatory ABAC system can be implemented incorrectly for various reasons, such as programming errors and incorrect access control and obligation specification. To reveal these implementation defects, this paper presents an approach to model-based testing of obligatory ABAC systems. In this approach, we first build a test model by specifying a functional model and an obligatory ABAC policy. The policy represents access control and obligation constraints on the functional model. Then we weave the policy with the functional model into an integrated model that represents both functions under test and access control and obligation constraints on them. Test cases can then be generated from the integrated model. Our approach is built upon MISTA, an open source test code generator that supports a variety of programming languages and test frameworks. To validate our approach, this paper presents a first case study on the development and testing of an open-source obligatory ABAC system. We evaluated the effectiveness of the approach by mutation analysis of the ABAC and obligation rules and the policy enforcement code in the implementation. The result shows that our approach is capable of finding the majority of injected faults.
{"title":"Model-Based Testing of Obligatory ABAC Systems","authors":"Samer Y. Khamaiseh, Patrick Chapman, Dianxiang Xu","doi":"10.1109/QRS.2018.00054","DOIUrl":"https://doi.org/10.1109/QRS.2018.00054","url":null,"abstract":"Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained access control and accountability. An obligatory ABAC system can be implemented incorrectly for various reasons, such as programming errors and incorrect access control and obligation specification. To reveal these implementation defects, this paper presents an approach to model-based testing of obligatory ABAC systems. In this approach, we first build a test model by specifying a functional model and an obligatory ABAC policy. The policy represents access control and obligation constraints on the functional model. Then we weave the policy with the functional model into an integrated model that represents both functions under test and access control and obligation constraints on them. Test cases can then be generated from the integrated model. Our approach is built upon MISTA, an open source test code generator that supports a variety of programming languages and test frameworks. To validate our approach, this paper presents a first case study on the development and testing of an open-source obligatory ABAC system. We evaluated the effectiveness of the approach by mutation analysis of the ABAC and obligation rules and the policy enforcement code in the implementation. The result shows that our approach is capable of finding the majority of injected faults.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130422323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays statistical machine learning is widely adopted in various domains such as data mining, image recognition and automated driving. However, software quality assurance for machine learning is still in its infancy. While recent efforts have been put into improving the quality of training data and trained models, this paper focuses on code-level bugs in the implementations of machine learning algorithms. In this explorative study we simulated program bugs by mutating Weka implementations of several classification algorithms. We observed that 8%-40% of the logically non-equivalent executable mutants were statistically indistinguishable from their golden versions. Moreover, other 15%-36% of the mutants were stubborn, as they performed not significantly worse than a reference classifier on at least one natural data set. We also experimented with several approaches to killing those stubborn mutants. Preliminary results indicate that bugs in machine learning code may have negative impacts on statistical properties such as robustness and learning curves, but they could be very difficult to detect, due to the lack of effective oracles.
{"title":"Manifesting Bugs in Machine Learning Code: An Explorative Study with Mutation Testing","authors":"Dawei Cheng, Chun Cao, Chang Xu, Xiaoxing Ma","doi":"10.1109/QRS.2018.00044","DOIUrl":"https://doi.org/10.1109/QRS.2018.00044","url":null,"abstract":"Nowadays statistical machine learning is widely adopted in various domains such as data mining, image recognition and automated driving. However, software quality assurance for machine learning is still in its infancy. While recent efforts have been put into improving the quality of training data and trained models, this paper focuses on code-level bugs in the implementations of machine learning algorithms. In this explorative study we simulated program bugs by mutating Weka implementations of several classification algorithms. We observed that 8%-40% of the logically non-equivalent executable mutants were statistically indistinguishable from their golden versions. Moreover, other 15%-36% of the mutants were stubborn, as they performed not significantly worse than a reference classifier on at least one natural data set. We also experimented with several approaches to killing those stubborn mutants. Preliminary results indicate that bugs in machine learning code may have negative impacts on statistical properties such as robustness and learning curves, but they could be very difficult to detect, due to the lack of effective oracles.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126108508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Grechanik, C. W. Mao, Ankush Baisal, D. Rosenblum, B. M. M. Hossain
Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous and provide a wealth of sophisticated services. Nontrivial GAPs evolve through many versions, and understanding how GUIs of different versions of GAPs differ is crucial for various software quality tasks such as testing, cross-platform UI comparison and project effort estimation. Yet despite the criticality of automating GUI differencing, it is a manual, tedious, and laborious task. We offer a novel approach for differencing GUIs that combines tree edit distance measure algorithms with accessibility technologies for obtaining GUI models in a non-intrusive, platform and language-independent way, and it does not require the source code of GAPs. We developed a tool called GUI DifferEntiator (GUIDE) that allows users to difference GUIs of running GAPs. To evaluate GUIDE, we created an experimental platform that generates random GUIs with controlled differentials among them that serve as oracles. GUIDE enables researchers to plug-and-play various GUI differencing algorithms and to automatically run experiments. We evaluated GUIDE on 5,000 pairs of generated complex GUIs and three open-source GAPs and the results of our evaluation suggest that GUIDE can find differences between GUIs with a high degree of automation and precision.
{"title":"Differencing Graphical User Interfaces","authors":"M. Grechanik, C. W. Mao, Ankush Baisal, D. Rosenblum, B. M. M. Hossain","doi":"10.1109/QRS.2018.00034","DOIUrl":"https://doi.org/10.1109/QRS.2018.00034","url":null,"abstract":"Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous and provide a wealth of sophisticated services. Nontrivial GAPs evolve through many versions, and understanding how GUIs of different versions of GAPs differ is crucial for various software quality tasks such as testing, cross-platform UI comparison and project effort estimation. Yet despite the criticality of automating GUI differencing, it is a manual, tedious, and laborious task. We offer a novel approach for differencing GUIs that combines tree edit distance measure algorithms with accessibility technologies for obtaining GUI models in a non-intrusive, platform and language-independent way, and it does not require the source code of GAPs. We developed a tool called GUI DifferEntiator (GUIDE) that allows users to difference GUIs of running GAPs. To evaluate GUIDE, we created an experimental platform that generates random GUIs with controlled differentials among them that serve as oracles. GUIDE enables researchers to plug-and-play various GUI differencing algorithms and to automatically run experiments. We evaluated GUIDE on 5,000 pairs of generated complex GUIs and three open-source GAPs and the results of our evaluation suggest that GUIDE can find differences between GUIs with a high degree of automation and precision.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125547252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Delta Debugging is a longstanding approach to automated test case reduction. It divides an input into chunks and attempts to remove them to produce a smaller input. When a chunk is successfully removed, all chunks are revisited, as they may become removable from the smaller input. When no chunk can be removed, the chunks are subdivided and the process continues recursively. In the worst case, this revisiting behavior has an O(n^2) running time. We explore the possibility that good test case reduction can be achieved without revisiting, yielding an O(n) algorithm. We identify three independent conditions that can make this reasonable in practice and validate the hypothesis on a suite of user-reported and fuzzer-generated test cases. Results show that on a suite of large fuzzer-generated test cases for compilers, our O(n) approach yields reduced test cases with similar size, while decreasing the reduction time by 65% on average.
{"title":"Avoiding the Familiar to Speed Up Test Case Reduction","authors":"Golnaz Gharachorlu, Nick Sumner","doi":"10.1109/QRS.2018.00056","DOIUrl":"https://doi.org/10.1109/QRS.2018.00056","url":null,"abstract":"Delta Debugging is a longstanding approach to automated test case reduction. It divides an input into chunks and attempts to remove them to produce a smaller input. When a chunk is successfully removed, all chunks are revisited, as they may become removable from the smaller input. When no chunk can be removed, the chunks are subdivided and the process continues recursively. In the worst case, this revisiting behavior has an O(n^2) running time. We explore the possibility that good test case reduction can be achieved without revisiting, yielding an O(n) algorithm. We identify three independent conditions that can make this reasonable in practice and validate the hypothesis on a suite of user-reported and fuzzer-generated test cases. Results show that on a suite of large fuzzer-generated test cases for compilers, our O(n) approach yields reduced test cases with similar size, while decreasing the reduction time by 65% on average.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129209300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
N. Chang, Linzhang Wang, Yu Pei, S. Mondal, Xuandong Li
In regression GUI testing for Android apps, test scripts often fail due to changes to, rather than faults in, those apps. To avoid such false positives while still retaining the value of the old test scripts as much as possible, programmers need an automatic way to maintain the tests after the corresponding GUI has evolved. In this paper, we propose the CHATEM approach to automate GUI test script maintenance for Android apps. Taking as input the models for the GUIs of the base and updated version app and the original test scripts, CHATEM automatically extracts the changes between the two GUIs and generates maintenance actions for each change, which are then combined to form the maintenance actions for affected test scripts. In an experimental evaluation on 16 Android apps, CHATEM was able to automatically maintain the test scripts so that overall more than 95% of the remaining behaviors tested before are still tested, and almost 80% of the reusable test actions are retained in the result tests.
{"title":"Change-Based Test Script Maintenance for Android Apps","authors":"N. Chang, Linzhang Wang, Yu Pei, S. Mondal, Xuandong Li","doi":"10.1109/QRS.2018.00035","DOIUrl":"https://doi.org/10.1109/QRS.2018.00035","url":null,"abstract":"In regression GUI testing for Android apps, test scripts often fail due to changes to, rather than faults in, those apps. To avoid such false positives while still retaining the value of the old test scripts as much as possible, programmers need an automatic way to maintain the tests after the corresponding GUI has evolved. In this paper, we propose the CHATEM approach to automate GUI test script maintenance for Android apps. Taking as input the models for the GUIs of the base and updated version app and the original test scripts, CHATEM automatically extracts the changes between the two GUIs and generates maintenance actions for each change, which are then combined to form the maintenance actions for affected test scripts. In an experimental evaluation on 16 Android apps, CHATEM was able to automatically maintain the test scripts so that overall more than 95% of the remaining behaviors tested before are still tested, and almost 80% of the reusable test actions are retained in the result tests.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117071865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Virtual Reality (VR) is a computer technology that holds the promise of revolutionizing the way we live. The release in 2016 of new-generation headsets from Facebook-owned Oculus and HTC has renewed the interest in that technology. Thousands of VR applications have been developed over the past years, but most software developers lack formal training on this technology. In this paper, we propose descriptive information on the state of practice of VR applications' development to understand the level of maturity of this new technology from the perspective of Software Engineering (SE). To do so, we focused on the analysis of 320 VR open source projects from Github to determine which are the most popular languages and engines used in VR projects, and evaluate the quality of the projects from a software metric perspective. To get further insights on VR development, we also manually analyzed nearly 300 questions from Stack Overflow. Our results show that (1) VR projects on GitHub are currently mostly small to medium projects, and (2) the most popular languages are JavaScript and C#. Unity is the most used game engine during VR development and the most discussed topic on Stack Overflow. Overall, our exploratory study is one of the very first of its kind for VR projects and provides material that is hopefully a starting point for further research on challenges and opportunities for VR software development.
{"title":"The State of Practice on Virtual Reality (VR) Applications: An Exploratory Study on Github and Stack Overflow","authors":"Naoures Ghrairi, Sègla Kpodjedo, Amine Barrak, Fábio Petrillo, Foutse Khomh","doi":"10.1109/QRS.2018.00048","DOIUrl":"https://doi.org/10.1109/QRS.2018.00048","url":null,"abstract":"Virtual Reality (VR) is a computer technology that holds the promise of revolutionizing the way we live. The release in 2016 of new-generation headsets from Facebook-owned Oculus and HTC has renewed the interest in that technology. Thousands of VR applications have been developed over the past years, but most software developers lack formal training on this technology. In this paper, we propose descriptive information on the state of practice of VR applications' development to understand the level of maturity of this new technology from the perspective of Software Engineering (SE). To do so, we focused on the analysis of 320 VR open source projects from Github to determine which are the most popular languages and engines used in VR projects, and evaluate the quality of the projects from a software metric perspective. To get further insights on VR development, we also manually analyzed nearly 300 questions from Stack Overflow. Our results show that (1) VR projects on GitHub are currently mostly small to medium projects, and (2) the most popular languages are JavaScript and C#. Unity is the most used game engine during VR development and the most discussed topic on Stack Overflow. Overall, our exploratory study is one of the very first of its kind for VR projects and provides material that is hopefully a starting point for further research on challenges and opportunities for VR software development.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114727569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Defect prediction is an active topic in software quality assurance, which can help developers find potential bugs and make better use of resources. To improve prediction performance, this paper introduces cross-entropy, one common measure for natural language, as a new code metric into defect prediction tasks and proposes a framework called DefectLearner for this process. We first build a recurrent neural network language model to learn regularities in source code from software repository. Based on the trained model, the cross-entropy of each component can be calculated. To evaluate the discrimination for defect-proneness, cross-entropy is compared with 20 widely used metrics on 12 open-source projects. The experimental results show that cross-entropy metric is more discriminative than 50% of the traditional metrics. Besides, we combine cross-entropy with traditional metric suites together for accurate defect prediction. With cross-entropy added, the performance of prediction models is improved by an average of 2.8% in F1-score.
{"title":"Cross-Entropy: A New Metric for Software Defect Prediction","authors":"Xian Zhang, K. Ben, Jie Zeng","doi":"10.1109/QRS.2018.00025","DOIUrl":"https://doi.org/10.1109/QRS.2018.00025","url":null,"abstract":"Defect prediction is an active topic in software quality assurance, which can help developers find potential bugs and make better use of resources. To improve prediction performance, this paper introduces cross-entropy, one common measure for natural language, as a new code metric into defect prediction tasks and proposes a framework called DefectLearner for this process. We first build a recurrent neural network language model to learn regularities in source code from software repository. Based on the trained model, the cross-entropy of each component can be calculated. To evaluate the discrimination for defect-proneness, cross-entropy is compared with 20 widely used metrics on 12 open-source projects. The experimental results show that cross-entropy metric is more discriminative than 50% of the traditional metrics. Besides, we combine cross-entropy with traditional metric suites together for accurate defect prediction. With cross-entropy added, the performance of prediction models is improved by an average of 2.8% in F1-score.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124896496","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software insecurity is being identified as one of the leading causes of security breaches. In this paper, we revisited one of the strategies in solving software insecurity, which is the use of software quality metrics. We utilized a multilayer deep feedforward network in examining whether there is a combination of metrics that can predict the appearance of security-related bugs. We also applied the traditional machine learning algorithms such as decision tree, random forest, naïve bayes, and support vector machines and compared the results with that of the Deep Learning technique. The results have successfully demonstrated that it was possible to develop an effective predictive model to forecast software insecurity based on the software metrics and using Deep Learning. All the models generated have shown an accuracy of more than sixty percent with Deep Learning leading the list. This finding proved that utilizing Deep Learning methods and a combination of software metrics can be tapped to create a better forecasting model thereby aiding software developers in predicting security bugs.
{"title":"Is Predicting Software Security Bugs Using Deep Learning Better Than the Traditional Machine Learning Algorithms?","authors":"Caesar Jude Clemente, Fehmi Jaafar, Yasir Malik","doi":"10.1109/QRS.2018.00023","DOIUrl":"https://doi.org/10.1109/QRS.2018.00023","url":null,"abstract":"Software insecurity is being identified as one of the leading causes of security breaches. In this paper, we revisited one of the strategies in solving software insecurity, which is the use of software quality metrics. We utilized a multilayer deep feedforward network in examining whether there is a combination of metrics that can predict the appearance of security-related bugs. We also applied the traditional machine learning algorithms such as decision tree, random forest, naïve bayes, and support vector machines and compared the results with that of the Deep Learning technique. The results have successfully demonstrated that it was possible to develop an effective predictive model to forecast software insecurity based on the software metrics and using Deep Learning. All the models generated have shown an accuracy of more than sixty percent with Deep Learning leading the list. This finding proved that utilizing Deep Learning methods and a combination of software metrics can be tapped to create a better forecasting model thereby aiding software developers in predicting security bugs.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129442703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: