Access the full text.
Sign up today, get DeepDyve free for 14 days.
J. Bacardit, N. Krasnogor (2009)
Performance and Efficiency of Memetic Pittsburgh Learning Classifier SystemsEvolutionary Computation, 17
G. McGraw, Bruce Potter (2004)
Software Security TestingIEEE Secur. Priv., 2
George John, P. Langley (1995)
Estimating Continuous Distributions in Bayesian Classifiers
N. Kiran, V. Ravi (2008)
Software reliability prediction by soft computing techniquesJ. Syst. Softw., 81
Thomas Zimmermann, Nachiappan Nagappan, L. Williams (2010)
Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista2010 Third International Conference on Software Testing, Verification and Validation
Ron Kohavi (1995)
Wrappers for performance enhancement and oblivious decision graphs
Cândida Ferreira (2001)
Gene Expression Programming: A New Adaptive Algorithm for Solving ProblemsComplex Syst., 13
Cardona Alzate, Néstor Iván (2020)
Predicción y selección de variables con bosques aleatorios en presencia de variables correlacionadas
J. Popp, D. Neubauer, L. Paciulli, F. Huettmann (2007)
Using TreeNet for Identifying Management Thresholds of Mantled Howling Monkeys' Habitat Preferences on Ometepe Island, Nicaragua, on a Tree and Home Range Scale
Mahmoud Elish (2009)
Improved estimation of software project effort using multiple additive regression treesExpert Syst. Appl., 36
S. Haykin (1998)
Neural Networks: A Comprehensive Foundation
T. Cover, P. Hart (1967)
Nearest neighbor pattern classificationIEEE Trans. Inf. Theory, 13
R. Scandariato, J. Walden (2012)
Predicting vulnerable classes in an Android application
J. Walden, Jeff Stuckman, R. Scandariato (2014)
Predicting Vulnerable Components: Software Metrics vs Text Mining2014 IEEE 25th International Symposium on Software Reliability Engineering
J. Walden, M. Doyle, Grant Welch, Michael Whelan (2009)
Security of open source web applications2009 3rd International Symposium on Empirical Software Engineering and Measurement
J. Friedman, J. Meulman (2003)
Multiple additive regression trees with application in epidemiologyStatistics in Medicine, 22
Corinna Cortes, V. Vapnik (2004)
Support-vector networksMachine Learning, 20
Leland Wilkinson, Anushka Anand, Dang Nhon (2011)
CHIRP: a new classifier based on composite hypercubes on iterated random projections
J. Friedman (2002)
Stochastic gradient boostingComputational Statistics & Data Analysis, 38
S. Hong (1997)
Data miningFuture Gener. Comput. Syst., 13
T. Poggio, F. Girosi (1990)
Networks for approximation and learningProc. IEEE, 78
Lwin Shar, Hee Tan (2012)
Predicting common web application vulnerabilities from input validation and sanitization code patterns2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
T. Nakashima, G. Schaefer, Y. Yokota, H. Ishibuchi (2007)
A weighted fuzzy classifier and its application to image processing tasksFuzzy Sets Syst., 158
L. Jiao, Jing Liu, Weicai Zhong (2006)
An organizational coevolutionary algorithm for classificationIEEE Trans. Evol. Comput., 10
Viet Nguyen, L. Tran (2010)
Predicting vulnerable software components with dependency graphs
J. Hühn, E. Hüllermeier (2009)
FURIA: an algorithm for unordered fuzzy rule inductionData Mining and Knowledge Discovery, 19
A. Hovsepyan, R. Scandariato, W. Joosen, J. Walden (2012)
Software vulnerability prediction using text analysis techniques
R. Derrig, Louise Francis (2006)
Distinguishing the Forest from the TREES: A Comparison of Tree Based Data Mining Methods
D. Hosmer, S. Lemeshow (1991)
Applied Logistic Regression
L. Breiman (2001)
Random ForestsMachine Learning, 45
Mahmoud Elish, Karim Elish (2009)
Application of TreeNet in Predicting Object-Oriented Software Maintainability: A Comparative Study2009 13th European Conference on Software Maintenance and Reengineering
N. Friedman, D. Geiger, M. Goldszmidt (1997)
Bayesian Network ClassifiersMachine Learning, 29
T. Sousa, Arlindo Silva, Ana Neves (2004)
Particle Swarm based Data Mining Algorithms for classification tasksParallel Comput., 30
P. Morrison, Kim Herzig, Brendan Murphy, L. Williams (2015)
Challenges with applying vulnerability prediction modelsProceedings of the 2015 Symposium and Bootcamp on the Science of Security
V. Basili, H. Rombach (1988)
The TAME Project: Towards Improvement-Oriented Software EnvironmentsIEEE Trans. Software Eng., 14
Benjamin Smith, L. Williams (2011)
Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
R. Schapire (1999)
A Brief Introduction to Boosting
Srinivas Mukkamala, A. Vieira, A. Sung (2005)
Model Selection and Feature Ranking for Financial Distress Classification
PurposeEffective and efficient software security inspection is crucial as the existence of vulnerabilities represents severe risks to software users. The purpose of this paper is to empirically evaluate the potential application of Stochastic Gradient Boosting Trees (SGBT) as a novel model for enhanced prediction of vulnerable Web components compared to common, popular and recent machine learning models.Design/methodology/approachAn empirical study was conducted where the SGBT and 16 other prediction models have been trained, optimized and cross validated using vulnerability data sets from multiple versions of two open-source Web applications written in PHP. The prediction performance of these models have been evaluated and compared based on accuracy, precision, recall and F-measure.FindingsThe results indicate that the SGBT models offer improved prediction over the other 16 models and thus are more effective and reliable in predicting vulnerable Web components.Originality/valueThis paper proposed a novel application of SGBT for enhanced prediction of vulnerable Web components and showed its effectiveness.
International Journal of Web Information Systems – Emerald Publishing
Published: Jun 17, 2019
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.