A Survey-Vulnerability Classification of Bug Reports using Multiple Machine Learning Approach

Authors

  • Patel KA Ipcowala Institute of Engineering and Technology Dharmaj, Anand, Gujarat, India-388430
  • Prajapati RC Ipcowala Institute of Engineering and Technology Dharmaj, Anand, Gujarat, India-388430

Keywords:

Naïve Bayes, classification, bug database mining, text mining

Abstract

As critical and sensitive systems increasingly rely on complex software systems, identifying software vulnerabilities is becoming increasingly important. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These bugs are known as Hidden Impact Bugs (HIBs). This paper presents a hidden impact bug identification methodology by means of text mining bug databases. The presented methodology utilizes the textual description of the bug report for extracting textual information. The text mining process extracts syntactical information of the bug reports and compresses the information for easier manipulation and divided into frequency base and context base bug then give bug ranking.

References

M. McQueen, “Software and human vulnerabilities,” in Proc. IEEE. Int.Conf. of the Industrial Electronics Society, (IECON), pp. 1-85, Nov. 2014.

K. Herzig, S. Just, and A. Zeller, “It’s not a bug, it’s a feature: how misclassification impacts bug prediction,” in Proc. ICSE ’13, 2013, pp. 392–401.

Tao Xie and Suresh Thummalapenta, North Carolina State University, David Lo, Singapore Management University, Chao Liu, Microsoft Research ―Data Mining in Software Engineering‖, August, 2012, pp. 55-60

E. Giger, M. Pinzger, and H. Gall, “Predicting the fix time of bugs,” in Proceedings of the 2nd International Workshop on Recommendation Systems for Software Engineering. ACM, 2010, pp. 52–56.

G. Boetticher, T. Menzies and T. Ostrand. PROMISE Repository of empirical software engineering data. http://promisedata.org/repository, West Virginia University, Department of Computer Science, 2012.

J. Arnold, T. Abbott, W. Daher, G. Price, N. Elhage, G. Thomas, A. Kaseorg, “Security Impact Ratings Considered Harmful,” in Proc. of the 12th Conf. on Hot Topics in Operating Systems , USENIX, May 2012.

Tao Xie and Suresh Thummalapenta, North Carolina State University, David Lo, Singapore Management University, Chao Liu, Microsoft Research ―Data Mining in Software Engineering‖, August, 2009, pp. 55-60

ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6245635

J. R. Quinlan, C4.5: Programs for machine learning. Vol. 1. Morgan kaufmann, 1993.

The MITRE Corporation (1 Nov. 2011), Common Vulnerabilities and Exposures (CVE) [Online]. Available: http://cve.mitre.org M.E. Computer Engineering

A. McCallum, K. Nigam. “A comparison of event models for naive bayes text classification,” in Proc. of AAAI-98 workshop on learning for text categorization, vol. 752, 1998.

Redhat, Inc. (1 May 2014), Redhat Bugzilla Main Page [Online]. Available: https://bugzilla.redhat.com/

D. Wijayasekara, M. Manic, J. L. Wright, M. McQueen "Mining Bug Databases for Unidentified Software Vulnerabilities," in Proc of the 5th Intl. IEEE Intl. Conf. on Human System Interaction, (HSI), June, 2012.

A. J. Ko, B. A. Myers, D. H. Chau, “A Linguistic Analysis of How People Describe Software Problems,” in Proc. of the 2006 IEEE Symp. on Visual Languages and Human-Centric Computing (VL/HCC 2006), pp. 127–134, Sep. 2006.

M. F. Ahmed, S. S. Gokhale, “Linux Bugs: Life Cycle and Resolution Analysis,” in Proc of The 8th Int. Conf. on Quality Software (QSIC ’08), Aug. 2008, pp.396– 401.

J. Noll, S. Beecham, D. Seichter, “A Qualitative Study of Open Source Software Development: the OpenEMR Project,” in Proc of the Int. Symp. on Empirical Software Engineering and Measurement (ESEM’11), pp. 30–39, Sep. 2011.

A. Lamkanfi, S. Demeyer, E. Giger, B. Goethals, “Predicting the severity of a reported bug,” in Proc. of the 7th IEEE Working Conf. on Mining Software Repositories (MSR 2010), pp. 1–10, May 2010.

A. Lamkanfi, S. Demeyer, Q. D. Soetens, T. Verdonck, “Comparing Mining Algorithms for Predicting the Severity of a Reported Bug,” inProc. of the 15th European Conf. on Software Maintenance and Reengineering (CSMR), pp.249–258, Mar. 2011.

P. Bhattacharya, I. Neamtiu, C. R. Shelton, “Automated, highlyaccurate, bug assignment using machine learning and tossing graphs,” in The Journal of Systems and Software, vol. 85, pp. 2275-2292, 2012.

[online]. Available: https://bugzilla.mozilla.org/.

[online]. Available: https://bugs.eclipse.org/bugs/.

Downloads

Published

2024-02-26

How to Cite

Patel, K. A., & Prajapati, R. C. (2024). A Survey-Vulnerability Classification of Bug Reports using Multiple Machine Learning Approach. COMPUSOFT: An International Journal of Advanced Computer Technology, 5(03), 2071–2073. Retrieved from https://ijact.in/index.php/j/article/view/362

Issue

Vol. 5 No. 03 (2016): March

Section

Review Article

License

Copyright (c) 2016 COMPUSOFT: An International Journal of Advanced Computer Technology

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

©2023. COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY by COMPUSOFT PUBLICATION is licensed under a Creative Commons Attribution 4.0 International License. Based on a work at COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY. Permissions beyond the scope of this license may be available at Creative Commons Attribution 4.0 International Public License.

Similar Articles

1 2 3 4 5 6 7 8 9 10 > >> 

You may also start an advanced similarity search for this article.