Prediction of Software Security Vulnerabilities from Source Code Using Machine Learning Methods

One of the most significant problems in software engineering is the presence of security vulnerabilities in software. Attackers can exploit these vulnerabilities to gain unauthorized access to systems, leak information, corrupt data, and cause service interruptions. Therefore, in addition to develop...

Full description

Saved in:
Bibliographic Details
Published in2023 Innovations in Intelligent Systems and Applications Conference (ASYU) pp. 1 - 6
Main Authors Mandal, Dilek, KOsesoy, Irfan
Format Conference Proceeding
LanguageEnglish
Published IEEE 11.10.2023
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:One of the most significant problems in software engineering is the presence of security vulnerabilities in software. Attackers can exploit these vulnerabilities to gain unauthorized access to systems, leak information, corrupt data, and cause service interruptions. Therefore, in addition to developing secure software, the detection of existing security vulnerabilities in software is also considered as an important research topic. In this study, security vulnerabilities in the source code of software were predicted using machine learning methods. The OWASP Benchmark Test pocket was used as the dataset. This dataset consisted of Java codes and was utilized for training machine learning models Logistic Regression, Decision Tree, Support Vector Machines, K-Nearest Neighbors, and Random Forest. TF-IDF and Doc2Vec methods were employed to extract feature vectors from the source code. In the conducted experimental study, the highest prediction accuracy (0.97) was achieved using the TF-IDF feature extraction method and the Decision Tree, SVM and Logistic Regression algorithms.
ISSN:2770-7946
DOI:10.1109/ASYU58738.2023.10296747