Automatically Identifying Bug Reports with Tactical Vulnerabilities by Deep Feature Learning

Wei Zheng; Manqing Zhang; Hui Tang; Yuanfang Cai; Xiang Chen; Xiaoxue Wu; Abubakar Omari Abdallah Semasaba

doi:10.1109/ISSRE52982.2021.00043

Back

Conference proceeding

Automatically Identifying Bug Reports with Tactical Vulnerabilities by Deep Feature Learning

Wei Zheng, Manqing Zhang, Hui Tang, Yuanfang Cai, Xiang Chen, Xiaoxue Wu and Abubakar Omari Abdallah Semasaba

2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE), pp 333-344

Oct 2021

DOI: https://doi.org/10.1109/ISSRE52982.2021.00043

Additional Links

Abstract

Bug Report

Chromium

Computer bugs

Deep learning

Feature extraction

Model explainability

Representation learning

Software architecture

Software reliability

Tactical Vulnerability

Text mining

Identifying and fixing bug reports with tactical vul-nerabilities in a timely and accurate manner is essential to ensure the security of the software architecture. Manually identifying the bug reports with tactical vulnerabilities is labor-intensive and challenging. This paper presents Itactivul, an approach to automatically identify bug reports with tactical vulnerabilities and recommend their tactical categories to guide the fix. Unlike the existing security bug report prediction approach, we are the first attempt to use deep learning to mine discriminative tactical text features only from the vulnerability descriptions of the National Vulnerability Database (NVD) and apply them to identify bug reports with tactical vulnerabilities. We evaluate Itactivul on three bug reports datasets gathered from three large-scale open-source projects, including Chromium, PHP, and Thunderbird. The experimental results show that Itactivul outperforms baselines by an average of 8.88 %, 13.58 %, and 6.61 % in the F1-score of three datasets, respectively. To improve the explainability of the features mined by Itactivul, we manually analyze the high-weight phrases extracted by using attention backtracking. The results show that Itactivul can mine key and potential tactical vulnerabilities text features.

Metrics

13 Record Views

2 citations in Web of Science

4 citations in Scopus

See more details

Details

Title: Automatically Identifying Bug Reports with Tactical Vulnerabilities by Deep Feature Learning
Creators: Wei Zheng - School of Software, Northwestern Polytechnical University,China
Manqing Zhang - School of Software, Northwestern Polytechnical University,China
Hui Tang - School of Software, Northwestern Polytechnical University,China
Yuanfang Cai - Drexel University
Xiang Chen - School of Information Science and Technology, Nantong University,China
Xiaoxue Wu - School of Information Engineering, Yangzhou University,China
Abubakar Omari Abdallah Semasaba - School of Software, Northwestern Polytechnical University,China
Publication Details: 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE), pp 333-344
Conference: 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE), 32nd
Publisher: IEEE
Number of pages: 1
Resource Type: Conference proceeding
Language: English
Academic Unit: Computer Science
Web of Science ID: WOS:000783962100030
Scopus ID: 2-s2.0-85126391221
Other Identifier: 991019167427404721

InCites Highlights

Data related to this publication, from InCites Benchmarking & Analytics tool:

Collaboration types: Domestic collaboration; International collaboration
Web of Science research areas: Computer Science, Software Engineering; Engineering, Electrical & Electronic

Automatically Identifying Bug Reports with Tactical Vulnerabilities by Deep Feature Learning

Additional Links

Abstract

Metrics

Details

InCites Highlights

Drexel University Social media