Conference paper Open Access

# Cross-Project Vulnerability Prediction Based on Software Metrics and Deep Learning

Ilias Kalouptsoglou; Miltiadis Siavvas; Dimitrios Tsoukalas; Dionysios Kehagias

### DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<identifier identifierType="URL">https://zenodo.org/record/4355621</identifier>
<creators>
<creator>
<creatorName>Ilias Kalouptsoglou</creatorName>
<affiliation>Centre for Research and Technology,  Hellas, Thessaloniki, Greece</affiliation>
</creator>
<creator>
<affiliation>Centre for Research and Technology,  Hellas, Thessaloniki, Greece</affiliation>
</creator>
<creator>
<creatorName>Dimitrios Tsoukalas</creatorName>
<affiliation>Centre for Research and Technology,  Hellas, Thessaloniki, Greece</affiliation>
</creator>
<creator>
<creatorName>Dionysios Kehagias</creatorName>
<affiliation>Centre for Research and Technology,  Hellas, Thessaloniki, Greece</affiliation>
</creator>
</creators>
<titles>
<title>Cross-Project Vulnerability Prediction Based on Software Metrics and Deep Learning</title>
</titles>
<publisher>Zenodo</publisher>
<publicationYear>2020</publicationYear>
<dates>
<date dateType="Issued">2020-09-29</date>
</dates>
<resourceType resourceTypeGeneral="ConferencePaper"/>
<alternateIdentifiers>
<alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/4355621</alternateIdentifier>
</alternateIdentifiers>
<relatedIdentifiers>
<relatedIdentifier relatedIdentifierType="DOI" relationType="IsIdenticalTo">10.1007/978-3-030-58811-3_62</relatedIdentifier>
</relatedIdentifiers>
<rightsList>
<rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
</rightsList>
<descriptions>
<description descriptionType="Abstract">&lt;p&gt;Vulnerability prediction constitutes a mechanism that enables the identification and mitigation of software vulnerabilities early enough in the development cycle, improving the security of software products, which is an important quality attribute according to ISO/IEC 25010. Although existing vulnerability prediction models have demonstrated sufficient accuracy in predicting the occurrence of vulnerabilities in the software projects with which they have been trained, they have failed to demonstrate sufficient accuracy in cross-project prediction. To this end, in the present paper we investigate whether the adoption of deep learning along with software metrics may lead to more accurate cross-project vulnerability prediction. For this purpose, several machine learning (including deep learning) models are constructed, evaluated, and compared based on a dataset of popular real-world PHP software applications. Feature selection is also applied with the purpose to examine whether it has an impact on cross-project prediction. The results of our analysis indicate that the adoption of software metrics and deep learning may result in vulnerability prediction models with sufficient performance in cross-project vulnerability prediction. Another interesting conclusion is that the performance of the models in cross-project prediction is enhanced when the projects exhibit similar characteristics with respect to their software metrics.&lt;/p&gt;</description>
</descriptions>
<fundingReferences>
<fundingReference>
<funderName>European Commission</funderName>
<funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/100010661</funderIdentifier>
<awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/780572/">780572</awardNumber>
<awardTitle>Software Development toolKit for Energy optimization and technical Debt elimination</awardTitle>
</fundingReference>
</fundingReferences>
</resource>

54
7
views