Web Application Vulnerability Prediction Using Hybrid Program Analysis and Machine Learning


Thanks to limited time and resources, internet software engineers want support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose employing a set of hybrid (static+dynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be vital indicators of web application vulnerabilities. Because static and dynamic program analyses complement each different, each techniques are used to extract the proposed attributes in an correct and scalable way. Current vulnerability prediction techniques rely on the supply of knowledge labeled with vulnerability info for coaching. For many globe applications, past vulnerability data is often not on the market or a minimum of not complete. Hence, to address both things where labeled past information is absolutely offered or not, we have a tendency to apply each supervised and semi-supervised learning when building vulnerability predictors primarily based on hybrid code attributes. Given that semi-supervised learning is entirely unexplored in this domain, we have a tendency to describe a way to use this learning scheme effectively for vulnerability prediction. We tend to performed empirical case studies on seven open source comes where we have a tendency to designed and evaluated supervised and semi-supervised models. When cross validated with absolutely on the market labeled data, the supervised models achieve a mean of seventy seven % recall and 5 percent probability of false alarm for predicting SQL injection, cross web site scripting, remote code execution and file inclusion vulnerabilities. With a coffee amount of labeled information, when put next to the supervised model, the semi-supervised model showed a median improvement of twenty four % higher recall and 3 percent lower likelihood of false alarm, therefore suggesting semi-supervised learning may be a preferable resolution for several globe applications where vulnerability information is missing.

Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here

PROJECT TITLE :From Latency, Through Outbreak, to Decline: Detecting Different States of Emergency Events Using Web Resources - 2018ABSTRACT:An emergency event may be a sudden, urgent, typically sudden incident or occurrence that
PROJECT TITLE :Cost-Optimal Caching for D2D Networks With User Mobility: Modeling, Analysis, and Computational Approaches - 2018ABSTRACT:Caching well-liked files at the user equipments (UEs) provides an efficient way to alleviate
PROJECT TITLE :Design, Analysis, and Implementation of ARPKI: An Attack-Resilient Public-Key Infrastructure - 2018ABSTRACT:This Transport Layer Security (TLS) Public-Key Infrastructure (PKI) is based on a weakest-link security
PROJECT TITLE :Web Media and Stock Markets : A Survey and Future Directions from a Big Data Perspective - 2018ABSTRACT:Stock market volatility is influenced by information unleash, dissemination, and public acceptance. With the
PROJECT TITLE : Congestion Control for Web Real-Time Communication - 2017 ABSTRACT: Applications requiring real-time communication (RTC) between Internet peers are ever increasing. RTC requires not solely congestion management

Ready to Complete Your Academic MTech Project Work In Affordable Price ?

Project Enquiry