PROJECT TITLE :

Web Application Vulnerability Prediction Using Hybrid Program Analysis and Machine Learning

ABSTRACT:

Thanks to limited time and resources, internet software engineers want support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose employing a set of hybrid (static+dynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be vital indicators of web application vulnerabilities. Because static and dynamic program analyses complement each different, each techniques are used to extract the proposed attributes in an correct and scalable way. Current vulnerability prediction techniques rely on the supply of knowledge labeled with vulnerability info for coaching. For many globe applications, past vulnerability data is often not on the market or a minimum of not complete. Hence, to address both things where labeled past information is absolutely offered or not, we have a tendency to apply each supervised and semi-supervised learning when building vulnerability predictors primarily based on hybrid code attributes. Given that semi-supervised learning is entirely unexplored in this domain, we have a tendency to describe a way to use this learning scheme effectively for vulnerability prediction. We tend to performed empirical case studies on seven open source comes where we have a tendency to designed and evaluated supervised and semi-supervised models. When cross validated with absolutely on the market labeled data, the supervised models achieve a mean of seventy seven % recall and 5 percent probability of false alarm for predicting SQL injection, cross web site scripting, remote code execution and file inclusion vulnerabilities. With a coffee amount of labeled information, when put next to the supervised model, the semi-supervised model showed a median improvement of twenty four % higher recall and 3 percent lower likelihood of false alarm, therefore suggesting semi-supervised learning may be a preferable resolution for several globe applications where vulnerability information is missing.


Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here


PROJECT TITLE : Posterior-neighborhood-regularized Latent Factor Model for Highly Accurate Web Service QoS Prediction ABSTRACT: Because similar users typically have a comparable Quality of Service (QoS) when making use of similar
PROJECT TITLE : Attention in Reasoning Dataset, Analysis, and Modeling ABSTRACT: Although attention has become an increasingly popular component in deep neural networks for the purpose of both interpreting data and improving
PROJECT TITLE :From Latency, Through Outbreak, to Decline: Detecting Different States of Emergency Events Using Web Resources - 2018ABSTRACT:An emergency event may be a sudden, urgent, typically sudden incident or occurrence that
PROJECT TITLE :Cost-Optimal Caching for D2D Networks With User Mobility: Modeling, Analysis, and Computational Approaches - 2018ABSTRACT:Caching well-liked files at the user equipments (UEs) provides an efficient way to alleviate
PROJECT TITLE :Design, Analysis, and Implementation of ARPKI: An Attack-Resilient Public-Key Infrastructure - 2018ABSTRACT:This Transport Layer Security (TLS) Public-Key Infrastructure (PKI) is based on a weakest-link security

Ready to Complete Your Academic MTech Project Work In Affordable Price ?

Project Enquiry