文章基本信息

标题：Evaluating and Comparing Size, Complexity and Coupling Metrics as Web Applications Vulnerabilities Predictors
本地全文：下载
作者：Mohammed Zagane ; Mustapha Kamel Abdi
期刊名称：International Journal of Information Technology and Computer Science
印刷版ISSN：2074-9007
电子版ISSN：2074-9015
出版年度：2019
卷号：11
期号：7
页码：35-42
DOI：10.5815/ijitcs.2019.07.05
出版社：MECS Publisher
摘要：Most security and privacy issues in software are related to exploiting code vulnerabilities. Many studies have tried to find the correlation between the software characteristics (complexity, coupling, etc.) quantified by corresponding code metrics and its vulnerabilities and to propose automatic prediction models that help developers locate vulnerable components to minimize maintenance costs. The results obtained by these studies cannot be applied directly to web applications because a web application differs in many ways from a non-web application: development, use, etc. and a lot of evaluation of these conclusions has to be made. The purpose of this study is to evaluate and compare the vulnerabilities prediction power of three types of code metrics in web applications. There are a few similar studies that targeted non-web application and to the best of our knowledge, there are no similar studies that targeted web applications. The results obtained show that unlike non-web applications where complexity metrics have better vulnerability prediction power, in web applications the metrics that give better prediction are the coupling metrics with high recall (> 75%) and fewer costs in terms of inspection (<25%).
关键词：Software Vulnerability;Web Application Security;Information Privacy;Code Metrics;Prediction Models;Machine Learning;Software Engineering