https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Machine learning techniques for software vulnerability prediction: a comparative study
Tsinghua Univ, Beijing, Peoples R China.; Karakoram Int Univ, Dept Comp Sci, Gilgit, Pakistan..
Karakoram Int Univ, Dept Comp Sci, Gilgit, Pakistan..
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0003-0611-2655
Chinese Acad Sci, Shenzhen Inst Adv Technol, Shenzhen, Peoples R China.; Univ Haripur, Dept Informat Technol, Haripur, Pakistan..
Show others and affiliations
2022 (English)In: Applied intelligence (Boston), ISSN 0924-669X, E-ISSN 1573-7497, Vol. 52, p. 17614-17635Article in journal (Refereed) Published
Abstract [en]

Software vulnerabilities represent a major cause of security problems. Various vulnerability discovery models (VDMs) attempt to model the rate at which the vulnerabilities are discovered in a software. Although several VDMs have been proposed, not all of them are universally applicable. Also most of them seldom give accurate predictive results for every type of vulnerability dataset. The use of machine learning (ML) techniques has generally found success in a wide range of predictive tasks. Thus, in this paper, we conducted an empirical study on applying some well-known machine learning (ML) techniques as well as statistical techniques to predict the software vulnerabilities on a variety of datasets. The following ML techniques have been evaluated: cascade-forward back propagation neural network, feed-forward back propagation neural network, adaptive-neuro fuzzy inference system, multi-layer perceptron, support vector machine, bagging, M5Rrule, M5P and reduced error pruning tree. The following statistical techniques have been evaluated: Alhazmi-Malaiya model, linear regression and logistic regression model. The applicability of the techniques is examined using two separate approaches: goodness-of-fit to see how well the model tracks the data, and prediction capability using different criteria. It is observed that ML techniques show remarkable improvement in predicting the software vulnerabilities than the statistical vulnerability prediction models.

Place, publisher, year, edition, pages
SPRINGER , 2022. Vol. 52, p. 17614-17635
Keywords [en]
Software vulnerability, Machine learning, Prediction models
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-58049DOI: 10.1007/s10489-022-03350-5ISI: 000777881900007Scopus ID: 2-s2.0-85127586282OAI: oai:DiVA.org:mdh-58049DiVA, id: diva2:1652827
Available from: 2022-04-20 Created: 2022-04-20 Last updated: 2025-01-13Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Afzal, Wasif

Search in DiVA

By author/editor
Afzal, Wasif
By organisation
Embedded Systems
In the same journal
Applied intelligence (Boston)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 296 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf