Department of Computer Science

Permanent URI for this collectionhttp://197.255.125.131:4000/handle/123456789/23129

Browse

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    An automatic software vulnerability classification framework using term frequency-inverse gravity moment and feature selection
    (Journal of Systems and Software, 2020-05-15) Mensah, S.; Chen, J.; Kudjo, P.K.; Brown, S.A.; Akorfu, G.
    Vulnerability classification is an important activity in software development and software quality main- tenance. A typical vulnerability classification model usually involves a stage of term selection, in which the relevant terms are identified via feature selection. It also involves a stage of term-weighting, in which the document weights for the selected terms are computed, and a stage for classifier learning. Generally, the term frequency-inverse document frequency (TF-IDF) model is the most widely used term-weighting metric for vulnerability classification. However, several issues hinder the effectiveness of the TF-IDF model for document classification. To address this problem, we propose and evaluate a general framework for vulnerability severity classification using the term frequency-inverse gravity moment (TF-IGM). Specifi- cally, we extensively compare the term frequency-inverse gravity moment, term frequency-inverse doc- ument frequency, and information gain feature selection using five machine learning algorithms on ten vulnerable software applications containing a total number of 27,248 security vulnerabilities . The exper- imental result shows that: (i) the TF-IGM model is a promising term weighting metric for vulnerability classification compared to the classical term-weighting metric, (ii) the effectiveness of feature selection on vulnerability classification varies significantly across the studied datasets and (iii) feature selection improves vulnerability classification.