期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2018
卷号:96
期号:14
出版社:Journal of Theoretical and Applied
摘要:Software vulnerabilities might be exploited badly which might eventually lead to a loss of confidentiality, integrity, and availability which translated into a loss of time and money. Although several studies indicated that complexity in software is the main cause of vulnerabilities, still the argument is poorly designed and maintained. Moreover, some studies have already related complexity to vulnerabilities and found that this cannot be generalized. In this work, we explored that what are the factors that contribute more to make a software vulnerable. Several feature selection techniques were applied to find the contribution of each feature. Five classifiers are used in this study to predict the vulnerable classes. The dataset is collected from twelve Java applications, where these applications are analyzed and based on complexity, code coverage, and security. The studied applications are varying in its characteristics regarding a number of code lines, used classes; application size, etc. The result indicates that complexity in all its components (size, depth of inheritance, etc.) can be utilized in predicting vulnerabilities.
