Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey

被引:223
作者
Ghaffarian, Seyed Mohammad [1 ]
Shahriari, Hamid Reza [1 ]
机构
[1] Amirkabir Univ Technol, Comp Engn & Informat Technol Dept, 424 Hafez Ave, Tehran, Iran
来源
ACM COMPUTING SURVEYS | 2017年 / 50卷 / 04期
关键词
Software vulnerability analysis; software vulnerability discovery; software security; machine-learning; data-mining; review; survey; STATIC ANALYSIS; FAULT; COMPLEXITY; SYSTEMS; METRICS;
D O I
10.1145/3092566
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software security vulnerabilities are one of the critical issues in the realm of computer security. Due to their potential high severity impacts, many different approaches have been proposed in the past decades to mitigate the damages of software vulnerabilities. Machine-learning and data-mining techniques are also among the many approaches to address this issue. In this article, we provide an extensive review of the many different works in the field of software vulnerability analysis and discovery that utilize machine-learning and data-mining techniques. We review different categories of works in this domain, discuss both advantages and shortcomings, and point out challenges and some uncharted territories in the field.
引用
收藏
页数:36
相关论文
共 103 条
  • [1] Adobe Security Bulletin, 2015, APSA1505 SEC ADV AD
  • [2] Aggarwal CC, 2010, ADV DATABASE SYST, V40, P275, DOI 10.1007/978-1-4419-6045-0_9
  • [3] Graph based anomaly detection and description: a survey
    Akoglu, Leman
    Tong, Hanghang
    Koutra, Danai
    [J]. DATA MINING AND KNOWLEDGE DISCOVERY, 2015, 29 (03) : 626 - 688
  • [4] Alvares M, 2013, IEEE SYM COMPUT INTE, P59, DOI 10.1109/CICYBS.2013.6597207
  • [5] [Anonymous], 2005, WORKSH EV SOFTW DEF
  • [6] [Anonymous], 1992, ACM LETT PROGRAM LAN
  • [7] [Anonymous], 2011, 2011 3 INT C CYBER C
  • [8] [Anonymous], 2012, ACM COMPUT SURV, DOI DOI 10.1145/2089125.2089129
  • [9] [Anonymous], 2007, 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), DOI DOI 10.1145/1287624.1287632
  • [10] [Anonymous], 2008, IEEE SECUR PRIV
12345678910