分析安全漏洞报告的新方法

IF 2.2 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS IT Professional Pub Date : 2024-05-01 DOI:10.1109/mitp.2023.3298520

Yunwu Xu, Yan Li

{"title":"分析安全漏洞报告的新方法","authors":"Yunwu Xu, Yan Li","doi":"10.1109/mitp.2023.3298520","DOIUrl":null,"url":null,"abstract":"The investigation develops a method for improving the quality of security bug report (SBR) prediction during the software development and application processes. The research includes three stages. The first stage is preparing the source data. The second stage is constructing an original SBR prediction method using a machine learning algorithm [random forest (RF)]. The third stage is evaluating our method with well-established methods like filtering and ranking for security bug report prediction (FARSEC) and Keywords Matrix. It was shown that the values of such indicators as accuracy, precision, recall, and F-score when using the RF algorithm are, on average, 0.2–1% higher than when using the FARSEC and Keywords Matrix methods. The more initial number of reports the database contains, the higher the value of accuracy, precision, recall, and F-score that can be obtained. A new method can be used to predict SBRs during the software development and application processes.","PeriodicalId":49045,"journal":{"name":"IT Professional","volume":"10 1","pages":""},"PeriodicalIF":2.2000,"publicationDate":"2024-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A New Method of Security Bug Reports Analysis\",\"authors\":\"Yunwu Xu, Yan Li\",\"doi\":\"10.1109/mitp.2023.3298520\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The investigation develops a method for improving the quality of security bug report (SBR) prediction during the software development and application processes. The research includes three stages. The first stage is preparing the source data. The second stage is constructing an original SBR prediction method using a machine learning algorithm [random forest (RF)]. The third stage is evaluating our method with well-established methods like filtering and ranking for security bug report prediction (FARSEC) and Keywords Matrix. It was shown that the values of such indicators as accuracy, precision, recall, and F-score when using the RF algorithm are, on average, 0.2–1% higher than when using the FARSEC and Keywords Matrix methods. The more initial number of reports the database contains, the higher the value of accuracy, precision, recall, and F-score that can be obtained. A new method can be used to predict SBRs during the software development and application processes.\",\"PeriodicalId\":49045,\"journal\":{\"name\":\"IT Professional\",\"volume\":\"10 1\",\"pages\":\"\"},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2024-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IT Professional\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1109/mitp.2023.3298520\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IT Professional","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/mitp.2023.3298520","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

这项研究开发了一种在软件开发和应用过程中提高安全漏洞报告（SBR）预测质量的方法。研究包括三个阶段。第一阶段是准备源数据。第二阶段是使用机器学习算法[随机森林 (RF)]构建原始 SBR 预测方法。第三阶段是将我们的方法与安全漏洞报告预测的过滤和排序（FARSEC）和关键词矩阵等成熟方法进行评估。结果表明，使用 RF 算法时，准确率、精确度、召回率和 F 分数等指标值平均比使用 FARSEC 和关键词矩阵方法时高 0.2-1%。数据库包含的初始报告数量越多，准确率、精确率、召回率和 F 分数就越高。新方法可用于在软件开发和应用过程中预测 SBR。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A New Method of Security Bug Reports Analysis

The investigation develops a method for improving the quality of security bug report (SBR) prediction during the software development and application processes. The research includes three stages. The first stage is preparing the source data. The second stage is constructing an original SBR prediction method using a machine learning algorithm [random forest (RF)]. The third stage is evaluating our method with well-established methods like filtering and ranking for security bug report prediction (FARSEC) and Keywords Matrix. It was shown that the values of such indicators as accuracy, precision, recall, and F-score when using the RF algorithm are, on average, 0.2–1% higher than when using the FARSEC and Keywords Matrix methods. The more initial number of reports the database contains, the higher the value of accuracy, precision, recall, and F-score that can be obtained. A new method can be used to predict SBRs during the software development and application processes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IT Professional COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

5.00

自引率

0.00%

发文量

111

审稿时长

>12 weeks

期刊介绍： IT Professional is a technical magazine of the IEEE Computer Society. It publishes peer-reviewed articles, columns and departments written for and by IT practitioners and researchers covering: practical aspects of emerging and leading-edge digital technologies, original ideas and guidance for IT applications, and novel IT solutions for the enterprise. IT Professional’s goal is to inform the broad spectrum of IT executives, IT project managers, IT researchers, and IT application developers from industry, government, and academia.