Software vulnerability prediction using Grey wolf optimized Random forest on the unbalanced data sets

Any vulnerability in the software creates a software security threat and helps hackers to gain unauthorized access to resources. Vulnerability prediction models help software engineers to effectively allocate their resources to find any vulnerable class in the software, before its delivery to customers. Vulnerable classes must be carefully reviewed by security experts and tested to identify potential threats that may arise in the future. In the present work, a novel technique based on Grey wolf algorithm and Random forest is proposed for software vulnerability prediction. Grey wolf technique is a metaheuristic technique and it is used to select the best subset of features. The proposed technique is compared with other machine learning techniques. Experiments were performed on three datasets available publicly. It was observed that our proposed technique (GW-RF) outperformed all other techniques for software vulnerability prediction.

Hybrid Representation to Locate Vulnerable Lines of Code

Locating vulnerable lines of code in large software systems needs huge efforts from human experts. This explains the high costs in terms of budget and time needed to correct vulnerabilities. To minimize these costs, automatic solutions of vulnerabilities prediction have been proposed. Existing machine learning (ML)-based solutions face difficulties in predicting vulnerabilities in coarse granularity and in defining suitable code features that limit their effectiveness. To addressee these limitations, in the present work, the authors propose an improved ML-based approach using slice-based code representation and the technique of TF-IDF to automatically extract effective features. The obtained results showed that combining these two techniques with ML techniques allows building effective vulnerability prediction models (VPMs) that locate vulnerabilities in a finer granularity and with excellent performances (high precision (>98%), low FNR (<2%) and low FPR (<3%) which outperforms software metrics and are equivalent to the best performing recent deep learning-based approaches.

Dampak Perubahan Curah Hujan Terhadap Tingkat Kerentanan Erosi Tanah Di Sub DAS Merawu, Jawa Tengah

This research was held to estimate rainfall and change in soil erosion vulnerability from 2020 to 2050 in Merawu Sub-Watershed, Banjanegara District with RCP 2.6, 4.5 and 8.5. The RCP is an overview of the concentration trends for greenhouse gases, aerosols and land use change created by the climate modeling community. Rainfall prediction was generated from SDSM Software and combined with USLE to predict soil erosion in ArcGIS 10.4. Changes in rainfall intensity are an important factor in changes of soil erosion rates because the kinetic energy of falling rainwater can cause soil erosion.The results showed rainfall in Banjarnegara Station at 2020-2050 with RCP 2.6,4.5 and 8.5 were increasing by +0,26%; +0,60%; +0,52%, while in Kalisapi Station were decreasing by -1,54%; -1,65% dan -2,20%. The change of soil erosion vulnerability prediction showed that soil erosion in Sub-DAS Merawu at 2020-2050 with RCP 2.6,4.5 and 8.5 in very light category were -0,02%;-0,02%;-0,03%, light category were -0,17%;-0,17%;-0,17%, moderate category -0,05%;-0,05%;-0,04%, heavy category -0,26%;-0,35%;-0,37%, and very heavy category were +1,46%;+1,88%;+1,95%. While the average soil erosion prediction at RCP 2.6, 4.5 and 8.5 were +0,86, +1,19% and +1,03%, respectively. Keywords: soil erosion prediction, rainfall prediction, SDSM Software, Sub-DAS Merawu

Using ML and Data-Mining Techniques in Automatic Vulnerability Software Discovery

Today’s age is Machine Learning (ML) and Data-Mining (DM) Techniques, as both techniques play a significant role in measuring vulnerability prediction accuracy. In the field of computer security, vulnerability is a fault that might be exploited as a risk artist that performs unlawful activities inside computer security. The attackers have several different fitting tools and they are taking advantage to operate software illegally and are using it for getting self-profit. Additionally, that helps to expose and identify the violence external. Weakness management remains a repeating exercise to identify, remediating, and justifying weaknesses. These exercises normally send software faults in computing security. The meaning of using weakness with the same risk might go to misperception. It is possible to have a major effect because of possible stability and the window of weakness presented a risk hole in the software and required to fruitfully finish and smoothly operate. A security room has to be set up (zero-day invaders). Software Security Faults stand serious among unavoidable complications in the realm of computer risk. In this study, we have provided a comprehensive review of three book chapters, more than a hundred research articles papers, and several associated papers of different work that have been studied within the capacity of SVA and discovery applying ML and data-mining techniques. The earlier work has been thoroughly read and an adequately comprehensive summary has been provided in table-1. ML techniques that can professionally handle these attacks and we expect the net result of this survey article to help indesigning the new detection model for identifying the above-mentioned attacks

Predicting plaque vulnerability change using intravascular ultrasound + optical coherence tomography image-based fluid–structure interaction models and machine learning methods with patient follow-up data: a feasibility study

Background Coronary plaque vulnerability prediction is difficult because plaque vulnerability is non-trivial to quantify, clinically available medical image modality is not enough to quantify thin cap thickness, prediction methods with high accuracies still need to be developed, and gold-standard data to validate vulnerability prediction are often not available. Patient follow-up intravascular ultrasound (IVUS), optical coherence tomography (OCT) and angiography data were acquired to construct 3D fluid–structure interaction (FSI) coronary models and four machine-learning methods were compared to identify optimal method to predict future plaque vulnerability. Methods Baseline and 10-month follow-up in vivo IVUS and OCT coronary plaque data were acquired from two arteries of one patient using IRB approved protocols with informed consent obtained. IVUS and OCT-based FSI models were constructed to obtain plaque wall stress/strain and wall shear stress. Forty-five slices were selected as machine learning sample database for vulnerability prediction study. Thirteen key morphological factors from IVUS and OCT images and biomechanical factors from FSI model were extracted from 45 slices at baseline for analysis. Lipid percentage index (LPI), cap thickness index (CTI) and morphological plaque vulnerability index (MPVI) were quantified to measure plaque vulnerability. Four machine learning methods (least square support vector machine, discriminant analysis, random forest and ensemble learning) were employed to predict the changes of three indices using all combinations of 13 factors. A standard fivefold cross-validation procedure was used to evaluate prediction results. Results For LPI change prediction using support vector machine, wall thickness was the optimal single-factor predictor with area under curve (AUC) 0.883 and the AUC of optimal combinational-factor predictor achieved 0.963. For CTI change prediction using discriminant analysis, minimum cap thickness was the optimal single-factor predictor with AUC 0.818 while optimal combinational-factor predictor achieved an AUC 0.836. Using random forest for predicting MPVI change, minimum cap thickness was the optimal single-factor predictor with AUC 0.785 and the AUC of optimal combinational-factor predictor achieved 0.847. Conclusion This feasibility study demonstrated that machine learning methods could be used to accurately predict plaque vulnerability change based on morphological and biomechanical factors from multi-modality image-based FSI models. Large-scale studies are needed to verify our findings.

Efficient Feature Selection for Static Analysis Vulnerability Prediction

Common software vulnerabilities can result in severe security breaches, financial losses, and reputation deterioration and require research effort to improve software security. The acceleration of the software production cycle, limited testing resources, and the lack of security expertise among programmers require the identification of efficient software vulnerability predictors to highlight the system components on which testing should be focused. Although static code analyzers are often used to improve software quality together with machine learning and data mining for software vulnerability prediction, the work regarding the selection and evaluation of different types of relevant vulnerability features is still limited. Thus, in this paper, we examine features generated by SonarQube and CCCC tools, to identify those that can be used for software vulnerability prediction. We investigate the suitability of thirty-three different features to train thirteen distinct machine learning algorithms to design vulnerability predictors and identify the most relevant features that should be used for training. Our evaluation is based on a comprehensive feature selection process based on the correlation analysis of the features, together with four well-known feature selection techniques. Our experiments, using a large publicly available dataset, facilitate the evaluation and result in the identification of small, but efficient sets of features for software vulnerability prediction.