Security Bug Report Prediction Within and Across Projects: A Comparative Study of BERT and Random Forest
By: Farnaz Soltaniani, Mohammad Ghafari, Mohammed Sayagh
Potential Business Impact:
Finds security problems in computer code faster.
Early detection of security bug reports (SBRs) is crucial for preventing vulnerabilities and ensuring system reliability. While machine learning models have been developed for SBR prediction, their predictive performance still has room for improvement. In this study, we conduct a comprehensive comparison between BERT and Random Forest (RF), a competitive baseline for predicting SBRs. The results show that RF outperforms BERT with a 34% higher average G-measure for within-project predictions. Adding only SBRs from various projects improves both models' average performance. However, including both security and nonsecurity bug reports significantly reduces RF's average performance to 46%, while boosts BERT to its best average performance of 66%, surpassing RF. In cross-project SBR prediction, BERT achieves a remarkable 62% G-measure, which is substantially higher than RF.
Similar Papers
Enhancing Password Security Through a High-Accuracy Scoring Framework Using Random Forests
Cryptography and Security
Makes passwords much harder for hackers to guess.
Bug Destiny Prediction in Large Open-Source Software Repositories through Sentiment Analysis and BERT Topic Modeling
Software Engineering
Predicts if computer bugs will be fixed.
An explainable Recursive Feature Elimination to detect Advanced Persistent Threats using Random Forest classifier
Cryptography and Security
Finds hidden computer attacks with clear reasons.