Next Article in Journal
ALMI—A Generic Active Learning System for Computational Object Classification in Marine Observation Images
Next Article in Special Issue
HEAD Metamodel: Hierarchical, Extensible, Advanced, and Dynamic Access Control Metamodel for Dynamic and Heterogeneous Structures
Previous Article in Journal
High Precision Outdoor and Indoor Reference State Estimation for Testing Autonomous Vehicles
Article

Efficient Feature Selection for Static Analysis Vulnerability Prediction

1
Institute of Theoretical and Applied Informatics, Polish Academy of Sciences, Baltycka 5, 44-100 Gliwice, Poland
2
Information Technologies Institute, Centre for Research & Technology Hellas, 6th km Harilaou-Thermi, 57001 Thessaloniki, Greece
*
Author to whom correspondence should be addressed.
Academic Editor: Xabier Larrucea
Sensors 2021, 21(4), 1133; https://doi.org/10.3390/s21041133
Received: 30 December 2020 / Revised: 27 January 2021 / Accepted: 30 January 2021 / Published: 6 February 2021
(This article belongs to the Special Issue Security and Privacy in Software Based Critical Contexts)
Common software vulnerabilities can result in severe security breaches, financial losses, and reputation deterioration and require research effort to improve software security. The acceleration of the software production cycle, limited testing resources, and the lack of security expertise among programmers require the identification of efficient software vulnerability predictors to highlight the system components on which testing should be focused. Although static code analyzers are often used to improve software quality together with machine learning and data mining for software vulnerability prediction, the work regarding the selection and evaluation of different types of relevant vulnerability features is still limited. Thus, in this paper, we examine features generated by SonarQube and CCCC tools, to identify those that can be used for software vulnerability prediction. We investigate the suitability of thirty-three different features to train thirteen distinct machine learning algorithms to design vulnerability predictors and identify the most relevant features that should be used for training. Our evaluation is based on a comprehensive feature selection process based on the correlation analysis of the features, together with four well-known feature selection techniques. Our experiments, using a large publicly available dataset, facilitate the evaluation and result in the identification of small, but efficient sets of features for software vulnerability prediction. View Full-Text
Keywords: software vulnerability prediction; static analysis; machine learning; feature selection software vulnerability prediction; static analysis; machine learning; feature selection
Show Figures

Figure 1

MDPI and ACS Style

Filus, K.; Boryszko, P.; Domańska, J.; Siavvas, M.; Gelenbe, E. Efficient Feature Selection for Static Analysis Vulnerability Prediction. Sensors 2021, 21, 1133. https://doi.org/10.3390/s21041133

AMA Style

Filus K, Boryszko P, Domańska J, Siavvas M, Gelenbe E. Efficient Feature Selection for Static Analysis Vulnerability Prediction. Sensors. 2021; 21(4):1133. https://doi.org/10.3390/s21041133

Chicago/Turabian Style

Filus, Katarzyna, Paweł Boryszko, Joanna Domańska, Miltiadis Siavvas, and Erol Gelenbe. 2021. "Efficient Feature Selection for Static Analysis Vulnerability Prediction" Sensors 21, no. 4: 1133. https://doi.org/10.3390/s21041133

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop