{"title":"基于支持向量机的工业强度静态分析仪误报算法研究","authors":"J. Yoon, Minsik Jin, Yungbum Jung","doi":"10.1109/APSEC.2014.81","DOIUrl":null,"url":null,"abstract":"Static analysis tools are useful to find potential bugs and security vulnerabilities in a source code, however, false alarms from such tools lower their usability. In order to reduce various kinds of false alarms and enhance the performance of the tools, we propose a machine learning based false alarm reduction method. Abstract syntax trees (AST) are used to represent structural characteristics and support vector machine (SVM) is used to learn models and classify new alarms using probability. This probability is used to remove false alarms. To evaluate the proposed method, we performed experiments using a static analysis tool, SPARROW, and Java open source projects. As a result, 37.33% of false alarms were reduced, with only removing 3.16% of true alarms.","PeriodicalId":380881,"journal":{"name":"2014 21st Asia-Pacific Software Engineering Conference","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"Reducing False Alarms from an Industrial-Strength Static Analyzer by SVM\",\"authors\":\"J. Yoon, Minsik Jin, Yungbum Jung\",\"doi\":\"10.1109/APSEC.2014.81\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Static analysis tools are useful to find potential bugs and security vulnerabilities in a source code, however, false alarms from such tools lower their usability. In order to reduce various kinds of false alarms and enhance the performance of the tools, we propose a machine learning based false alarm reduction method. Abstract syntax trees (AST) are used to represent structural characteristics and support vector machine (SVM) is used to learn models and classify new alarms using probability. This probability is used to remove false alarms. To evaluate the proposed method, we performed experiments using a static analysis tool, SPARROW, and Java open source projects. As a result, 37.33% of false alarms were reduced, with only removing 3.16% of true alarms.\",\"PeriodicalId\":380881,\"journal\":{\"name\":\"2014 21st Asia-Pacific Software Engineering Conference\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 21st Asia-Pacific Software Engineering Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APSEC.2014.81\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 21st Asia-Pacific Software Engineering Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC.2014.81","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Reducing False Alarms from an Industrial-Strength Static Analyzer by SVM
Static analysis tools are useful to find potential bugs and security vulnerabilities in a source code, however, false alarms from such tools lower their usability. In order to reduce various kinds of false alarms and enhance the performance of the tools, we propose a machine learning based false alarm reduction method. Abstract syntax trees (AST) are used to represent structural characteristics and support vector machine (SVM) is used to learn models and classify new alarms using probability. This probability is used to remove false alarms. To evaluate the proposed method, we performed experiments using a static analysis tool, SPARROW, and Java open source projects. As a result, 37.33% of false alarms were reduced, with only removing 3.16% of true alarms.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
