Reducing False Alarms from an Industrial-Strength Static Analyzer by SVM
APSEC), 2014 21st Asia-Pacific (2014)
摘要
Static analysis tools are useful to find potential bugs and security vulnerabilities in a source code, however, false alarms from such tools lower their usability. In order to reduce various kinds of false alarms and enhance the performance of the tools, we propose a machine learning based false alarm reduction method. Abstract syntax trees (AST) are used to represent structural characteristics and support vector machine (SVM) is used to learn models and classify new alarms using probability. This probability is used to remove false alarms. To evaluate the proposed method, we performed experiments using a static analysis tool, SPARROW, and Java open source projects. As a result, 37.33% of false alarms were reduced, with only removing 3.16% of true alarms.
更多查看译文
关键词
public domain software,source code bugs,java open source projects,security vulnerabilities,learning (artificial intelligence),alarm systems,structural characteristics,source code (software),machine learning based false alarm reduction method,svm,program debugging,static analysis tools,static analysis,support vector machine,project management,industrial-strength static analyzer,sparrow,false alarm detection,program diagnostics,machine learning,ast,java,abstract syntax trees,support vector machines,probability,predictive models,semantics,computer bugs,feature extraction
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要