Detecting Security-Relevant Methods using Multi-label Machine Learning Article Swipe

PDF

Related Concepts

Computer science Machine learning Artificial intelligence

Oshando Johnson , Goran Piskachev , Ranjith Krishnamurthy , Eric Bodden ·

YOU? · · 2024 · Open Access · · DOI: https://doi.org/10.1145/3643796.3648464 · OA: W4392781021

To detect security vulnerabilities, static analysis tools need to be\nconfigured with security-relevant methods. Current approaches can automatically\nidentify such methods using binary relevance machine learning approaches.\nHowever, they ignore dependencies among security-relevant methods,\nover-generalize and perform poorly in practice. Additionally, users have to\nnevertheless manually configure static analysis tools using the detected\nmethods. Based on feedback from users and our observations, the excessive\nmanual steps can often be tedious, error-prone and counter-intuitive.\n In this paper, we present Dev-Assist, an IntelliJ IDEA plugin that detects\nsecurity-relevant methods using a multi-label machine learning approach that\nconsiders dependencies among labels. The plugin can automatically generate\nconfigurations for static analysis tools, run the static analysis, and show the\nresults in IntelliJ IDEA. Our experiments reveal that Dev-Assist's machine\nlearning approach has a higher F1-Measure than related approaches. Moreover,\nthe plugin reduces and simplifies the manual effort required when configuring\nand using static analysis tools.\n