Analyzing and assessing the security-related defects

2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH) Pub Date : 2016-02-01 DOI:10.1109/ICICCS.2016.7542332

A. Bansal, R. Malhotra, Kimaya Raje

{"title":"Analyzing and assessing the security-related defects","authors":"A. Bansal, R. Malhotra, Kimaya Raje","doi":"10.1109/ICICCS.2016.7542332","DOIUrl":null,"url":null,"abstract":"The use of the Internet has become an integral part of everyone's life. Due to this, the introduction of virus and other malicious crackers is increasing everyday. This in turn leads to the introduction of defects which adversely affect the security. Thus, protecting vital information in this cyber world is not an easy task. We need to deal with security related defects to ensure failure free and smooth functioning of the software. Thus, in this paper, we intend to study and analyze various aspects of security-related defects by analyzing the defect reports available in various open-source software repositories. Besides this, prediction models can also be constructed which can be used by researchers and practitioners to predict various aspects of security - related defects. Such prediction models are especially beneficial for large-scale systems, where testing experts need to focus their attention and resources to the problem areas of the system under development. Thus, application of software prediction models in the early phases of the software life cycle contributes to efficient defect removal and results in delivering more reliable and better quality software products. Empirical studies lack the use of proper research methodology and thus result in reporting inconsistent results. This study will review the sequence of steps followed in the research process for carrying empirical and replicated studies. The steps include (a) literature survey and definition of variables (b) data collection (c) report findings using statistical and machine learning techniques (d) analyzing performance measures for evaluating the performance of the predicted models and (e) interpretation of the obtained results for developing a software prediction model. These steps are explained with the help of experimental public domain data set. In addition, the paper provides an overview of repositories for mining software engineering data, tools for analyzing this data and various categories of machine learning methods. It also discusses existing research avenues and provides future research directions in this area.","PeriodicalId":389065,"journal":{"name":"2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)","volume":"150 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICCS.2016.7542332","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The use of the Internet has become an integral part of everyone's life. Due to this, the introduction of virus and other malicious crackers is increasing everyday. This in turn leads to the introduction of defects which adversely affect the security. Thus, protecting vital information in this cyber world is not an easy task. We need to deal with security related defects to ensure failure free and smooth functioning of the software. Thus, in this paper, we intend to study and analyze various aspects of security-related defects by analyzing the defect reports available in various open-source software repositories. Besides this, prediction models can also be constructed which can be used by researchers and practitioners to predict various aspects of security - related defects. Such prediction models are especially beneficial for large-scale systems, where testing experts need to focus their attention and resources to the problem areas of the system under development. Thus, application of software prediction models in the early phases of the software life cycle contributes to efficient defect removal and results in delivering more reliable and better quality software products. Empirical studies lack the use of proper research methodology and thus result in reporting inconsistent results. This study will review the sequence of steps followed in the research process for carrying empirical and replicated studies. The steps include (a) literature survey and definition of variables (b) data collection (c) report findings using statistical and machine learning techniques (d) analyzing performance measures for evaluating the performance of the predicted models and (e) interpretation of the obtained results for developing a software prediction model. These steps are explained with the help of experimental public domain data set. In addition, the paper provides an overview of repositories for mining software engineering data, tools for analyzing this data and various categories of machine learning methods. It also discusses existing research avenues and provides future research directions in this area.

查看原文本刊更多论文

分析和评估与安全相关的缺陷

互联网的使用已经成为每个人生活中不可或缺的一部分。因此，病毒和其他恶意破解程序的引入每天都在增加。这反过来又导致了对安全性产生不利影响的缺陷的引入。因此，在这个网络世界中保护重要信息不是一件容易的事。我们需要处理与安全相关的缺陷，以确保软件的无故障和平稳运行。因此，在本文中，我们打算通过分析各种开源软件存储库中可用的缺陷报告来研究和分析与安全性相关的缺陷的各个方面。除此之外，还可以构建预测模型，供研究人员和从业人员用于预测安全相关缺陷的各个方面。这样的预测模型对大型系统特别有益，因为测试专家需要将他们的注意力和资源集中到正在开发的系统的问题区域。因此，在软件生命周期的早期阶段应用软件预测模型有助于有效地消除缺陷，并最终交付更可靠、质量更好的软件产品。实证研究缺乏适当研究方法的使用，因此导致报告不一致的结果。本研究将回顾在进行实证研究和复制研究的研究过程中所遵循的步骤顺序。步骤包括(a)文献调查和变量定义(b)数据收集(c)使用统计和机器学习技术报告发现(d)分析性能指标以评估预测模型的性能以及(e)解释获得的结果以开发软件预测模型。这些步骤是借助实验性的公共领域数据集来解释的。此外，本文还概述了挖掘软件工程数据的存储库、分析这些数据的工具以及各种类型的机器学习方法。讨论了现有的研究途径，并提出了未来的研究方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)

自引率

0.00%

发文量