Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You and Your Team.

Learn More →

Enhanced prediction of vulnerable Web components using Stochastic Gradient Boosting Trees

Enhanced prediction of vulnerable Web components using Stochastic Gradient Boosting Trees PurposeEffective and efficient software security inspection is crucial as the existence of vulnerabilities represents severe risks to software users. The purpose of this paper is to empirically evaluate the potential application of Stochastic Gradient Boosting Trees (SGBT) as a novel model for enhanced prediction of vulnerable Web components compared to common, popular and recent machine learning models.Design/methodology/approachAn empirical study was conducted where the SGBT and 16 other prediction models have been trained, optimized and cross validated using vulnerability data sets from multiple versions of two open-source Web applications written in PHP. The prediction performance of these models have been evaluated and compared based on accuracy, precision, recall and F-measure.FindingsThe results indicate that the SGBT models offer improved prediction over the other 16 models and thus are more effective and reliable in predicting vulnerable Web components.Originality/valueThis paper proposed a novel application of SGBT for enhanced prediction of vulnerable Web components and showed its effectiveness. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Web Information Systems Emerald Publishing

Enhanced prediction of vulnerable Web components using Stochastic Gradient Boosting Trees

Loading next page...
 
/lp/emerald-publishing/enhanced-prediction-of-vulnerable-web-components-using-stochastic-QpIhHUaOSV
Publisher
Emerald Publishing
Copyright
Copyright © Emerald Group Publishing Limited
ISSN
1744-0084
DOI
10.1108/IJWIS-05-2018-0041
Publisher site
See Article on Publisher Site

Abstract

PurposeEffective and efficient software security inspection is crucial as the existence of vulnerabilities represents severe risks to software users. The purpose of this paper is to empirically evaluate the potential application of Stochastic Gradient Boosting Trees (SGBT) as a novel model for enhanced prediction of vulnerable Web components compared to common, popular and recent machine learning models.Design/methodology/approachAn empirical study was conducted where the SGBT and 16 other prediction models have been trained, optimized and cross validated using vulnerability data sets from multiple versions of two open-source Web applications written in PHP. The prediction performance of these models have been evaluated and compared based on accuracy, precision, recall and F-measure.FindingsThe results indicate that the SGBT models offer improved prediction over the other 16 models and thus are more effective and reliable in predicting vulnerable Web components.Originality/valueThis paper proposed a novel application of SGBT for enhanced prediction of vulnerable Web components and showed its effectiveness.

Journal

International Journal of Web Information SystemsEmerald Publishing

Published: Jun 17, 2019

References