dc.contributor.author |
Mensah, S. |
|
dc.contributor.author |
Kudjo, P.K. |
|
dc.contributor.author |
Chen, J. |
|
dc.contributor.author |
Amankwah, R. |
|
dc.contributor.author |
Kudjo, C. |
|
dc.date.accessioned |
2020-01-31T13:53:48Z |
|
dc.date.available |
2020-01-31T13:53:48Z |
|
dc.date.issued |
2020-01-07 |
|
dc.identifier.citation |
Kudjo, P.K., Chen, J., Mensah, S. et al. Software Qual J (2020). https://doi.org/10.1007/s11219-019-09490-1 |
en_US |
dc.identifier.other |
https://doi.org/10.1007/s11219-019-09490-1 |
|
dc.identifier.uri |
http://ugspace.ug.edu.gh/handle/123456789/34722 |
|
dc.description |
Research Article |
en_US |
dc.description.abstract |
Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existing research studies focusing on investigating how a subset of features can be used to improve VSP. To address this deficiency, this paper presents a general framework for VSP using the Bellwether analysis (i.e., exemplary data). First, we apply the natural language processing techniques to the textual descriptions of software vulnerability. Next, we developed an algorithm termed Bellvul to identify and select an exemplary subset of data (referred to as Bellwether) to be considered as the training set to yield improved prediction accuracy against the growing portfolio, within-project cases, and the k-fold cross-validation subset. Finally, we assessed the performance of four machine learning algorithms, namely, deep neural network, logistic regression, k-nearest neighbor, and random forest using the sampled instances. The prediction results of the suggested models and the benchmark techniques were assessed based on the standard classification evaluation metrics such as precision, recall, and F-measure. The experimental result shows that the Bellwether approach achieves F-measure ranging from 14.3% to 97.8%, which is an improvement over the benchmark techniques. In conclusion, the proposed approach is a promising research direction for assisting software engineers when seeking to predict instances of vulnerability records that demand much attention prior to software release. |
en_US |
dc.description.sponsorship |
National Natural Science Foundation of China (NSFC grant numbers: U1836116, 61502205, 61762040, and 61872167), the Project of Jiangsu Provincial Six Talent Peaks (Grant numbers: XYDXXJS-016), the Graduate Research Innovation Project of Jiangsu Province (Grant numbers: KYCX17 1807), and the Postdoctoral Science Foundation of China (Grant numbers: 2015 M571687 and 2015 M581739). |
en_US |
dc.language.iso |
en |
en_US |
dc.publisher |
Software Quality Journal |
en_US |
dc.relation.ispartofseries |
2020; |
|
dc.subject |
Bellwether |
en_US |
dc.subject |
Software vulnerability |
en_US |
dc.subject |
Feature selection |
en_US |
dc.subject |
Machine learning algorithms |
en_US |
dc.subject |
Severity |
en_US |
dc.title |
The effect of Bellwether analysis on software vulnerability severity prediction models |
en_US |
dc.type |
Article |
en_US |