Redirigiendo al acceso original de articulo en 18 segundos...
Inicio  /  Applied Sciences  /  Vol: 12 Par: 23 (2022)  /  Artículo
ARTÍCULO
TITULO

Machine Learning-Based Security Pattern Recognition Techniques for Code Developers

Sergiu Zaharia    
Traian Rebedea and Stefan Trausan-Matu    

Resumen

Software developers represent the bastion of application security against the overwhelming cyber-attacks which target all organizations and affect their resilience. As security weaknesses which may be introduced during the process of code writing are complex and matching different and variate skills, most applications are launched intrinsically vulnerable. We have advanced our research for a security scanner able to use automated learning techniques based on machine learning algorithms to recognize patterns of security weaknesses in source code. To make the scanner independent on the programming language, the source code is converted to a vectorial representation using natural language processing methods, which are able to retain semantical traits of the original code and at the same time to reduce the dependency on the lexical structure of the program. The security flaws detection performance is in the ranges accepted by software security professionals (recall > 0.94) even when vulnerable samples are very low represented in the dataset (e.g., less than 4% vulnerable code for a specific CWE in the dataset). No significant change or adaptation is needed to change the source code language under scrutiny. We apply this approach on detecting Common Weaknesses Enumeration (CWE) vulnerabilities in datasets provided by NIST (Test suites?NIST Software Assurance Reference Dataset).

 Artículos similares

       
 
Jungyeon Choi, Brian A. Knarr, Jong-Hoon Youn and Kwang Yoon Song    

 
Darin Majnaric, Sandi Baressi ?egota, Nikola Andelic and Jerolim Andric    
One of the main problems in the application of machine learning techniques is the need for large amounts of data necessary to obtain a well-generalizing model. This is exacerbated for studies in which it is not possible to access large amounts of data?fo... ver más

 
Xiaohui Yan, Tianqi Zhang, Wenying Du, Qingjia Meng, Xinghan Xu and Xiang Zhao    
Water quality prediction, a well-established field with broad implications across various sectors, is thoroughly examined in this comprehensive review. Through an exhaustive analysis of over 170 studies conducted in the last five years, we focus on the a... ver más

 
Saikat Das, Mohammad Ashrafuzzaman, Frederick T. Sheldon and Sajjan Shiva    
The distributed denial of service (DDoS) attack is one of the most pernicious threats in cyberspace. Catastrophic failures over the past two decades have resulted in catastrophic and costly disruption of services across all sectors and critical infrastru... ver más
Revista: Algorithms

 
Eike Blomeier, Sebastian Schmidt and Bernd Resch    
In the early stages of a disaster caused by a natural hazard (e.g., flood), the amount of available and useful information is low. To fill this informational gap, emergency responders are increasingly using data from geo-social media to gain insights fro... ver más
Revista: Information