MC-LRNN: A logic-based neural network for multi-class software vulnerability prediction

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software Pub Date : 2025-09-18 DOI:10.1016/j.jss.2025.112627

Yuxiang Shang , Shaoying Liu

{"title":"MC-LRNN: A logic-based neural network for multi-class software vulnerability prediction","authors":"Yuxiang Shang , Shaoying Liu","doi":"10.1016/j.jss.2025.112627","DOIUrl":null,"url":null,"abstract":"<div><div>Software vulnerabilities are a major threat to information systems. Detecting them early and accurately is critical. Software metrics are commonly used in vulnerability prediction, but choosing the most relevant features remains a major challenge. In this paper, we present Multi-Class Logic Rules Neural Network (MC-LRNN), a novel model that combines logic-based reasoning with neural networks for software vulnerability prediction. MC-LRNN uses a Top-Down Hill-Climbing Greedy Algorithm to extract first-order logic rules from software metrics, forming an interpretable reasoning layer that guides the learning process. The dataset is divided into a Logic Rule Dataset for rule generation and a Learning Dataset for model training and evaluation.</div><div>We evaluate MC-LRNN on three benchmark datasets — Juliet, SARD, and REVEAL — under both binary and multi-class classification settings. The results show that MC-LRNN consistently outperforms traditional baselines, handles class imbalance effectively, and generalizes well across projects. Its design provides both interpretability and strong generalization capabilities, making it well-suited for real-world vulnerability prediction. Code and datasets are available at: <span><span>https://github.com/Seansyx123/LRNN</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112627"},"PeriodicalIF":4.1000,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems and Software","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0164121225002961","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Software vulnerabilities are a major threat to information systems. Detecting them early and accurately is critical. Software metrics are commonly used in vulnerability prediction, but choosing the most relevant features remains a major challenge. In this paper, we present Multi-Class Logic Rules Neural Network (MC-LRNN), a novel model that combines logic-based reasoning with neural networks for software vulnerability prediction. MC-LRNN uses a Top-Down Hill-Climbing Greedy Algorithm to extract first-order logic rules from software metrics, forming an interpretable reasoning layer that guides the learning process. The dataset is divided into a Logic Rule Dataset for rule generation and a Learning Dataset for model training and evaluation.

We evaluate MC-LRNN on three benchmark datasets — Juliet, SARD, and REVEAL — under both binary and multi-class classification settings. The results show that MC-LRNN consistently outperforms traditional baselines, handles class imbalance effectively, and generalizes well across projects. Its design provides both interpretability and strong generalization capabilities, making it well-suited for real-world vulnerability prediction. Code and datasets are available at: https://github.com/Seansyx123/LRNN.

查看原文本刊更多论文

MC-LRNN：一种基于逻辑的多类软件漏洞预测神经网络

软件漏洞是信息系统面临的主要威胁。及早、准确地发现它们是至关重要的。软件度量通常用于漏洞预测，但是选择最相关的特性仍然是一个主要的挑战。本文提出了多类逻辑规则神经网络（MC-LRNN），这是一种将基于逻辑的推理与神经网络相结合的软件漏洞预测模型。MC-LRNN使用自上而下的爬坡贪婪算法从软件度量中提取一阶逻辑规则，形成一个可解释的推理层来指导学习过程。数据集分为用于规则生成的逻辑规则数据集和用于模型训练和评估的学习数据集。我们在二进制和多类分类设置下对MC-LRNN在三个基准数据集（Juliet， SARD和REVEAL）上进行了评估。结果表明，MC-LRNN始终优于传统的基线，有效地处理了类别不平衡，并且在项目之间具有良好的泛化性。它的设计提供了可解释性和强大的泛化能力，使其非常适合现实世界的脆弱性预测。代码和数据集可在：https://github.com/Seansyx123/LRNN。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems and Software 工程技术-计算机：理论方法

CiteScore

8.60

自引率

5.70%

发文量

193

审稿时长

16 weeks

期刊介绍： The Journal of Systems and Software publishes papers covering all aspects of software engineering and related hardware-software-systems issues. All articles should include a validation of the idea presented, e.g. through case studies, experiments, or systematic comparisons with other approaches already in practice. Topics of interest include, but are not limited to: •Methods and tools for, and empirical studies on, software requirements, design, architecture, verification and validation, maintenance and evolution •Agile, model-driven, service-oriented, open source and global software development •Approaches for mobile, multiprocessing, real-time, distributed, cloud-based, dependable and virtualized systems •Human factors and management concerns of software development •Data management and big data issues of software systems •Metrics and evaluation, data mining of software development resources •Business and economic aspects of software development processes The journal welcomes state-of-the-art surveys and reports of practical experience for all of these topics.