PROJECT TITLE :
Web Application Vulnerability Prediction Using Hybrid Program Analysis and Machine Learning
Thanks to limited time and resources, internet software engineers want support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose employing a set of hybrid (static+dynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be vital indicators of web application vulnerabilities. Because static and dynamic program analyses complement each different, each techniques are used to extract the proposed attributes in an correct and scalable way. Current vulnerability prediction techniques rely on the supply of knowledge labeled with vulnerability info for coaching. For many globe applications, past vulnerability data is often not on the market or a minimum of not complete. Hence, to address both things where labeled past information is absolutely offered or not, we have a tendency to apply each supervised and semi-supervised learning when building vulnerability predictors primarily based on hybrid code attributes. Given that semi-supervised learning is entirely unexplored in this domain, we have a tendency to describe a way to use this learning scheme effectively for vulnerability prediction. We tend to performed empirical case studies on seven open source comes where we have a tendency to designed and evaluated supervised and semi-supervised models. When cross validated with absolutely on the market labeled data, the supervised models achieve a mean of seventy seven % recall and 5 percent probability of false alarm for predicting SQL injection, cross web site scripting, remote code execution and file inclusion vulnerabilities. With a coffee amount of labeled information, when put next to the supervised model, the semi-supervised model showed a median improvement of twenty four % higher recall and 3 percent lower likelihood of false alarm, therefore suggesting semi-supervised learning may be a preferable resolution for several globe applications where vulnerability information is missing.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here