False Alarm Reduction Method for Weakness Static Analysis Using BERT Model

3Citations
Citations of this article
10Readers
Mendeley users who have this article in their library.

Abstract

In the era of the fourth Industrial Revolution, software has recently been applied in many fields. As the size and complexity of software increase, security attack problems continue to arise owing to potential software defects, resulting in significant social losses. To reduce software defects, a secure software development life cycle (SDLC) should be systematically developed and managed. In particular, a software weakness analyzer that uses a static analysis tool to check software weaknesses at the time of development is a very effective tool for solving software weaknesses. However, because numerous false alarms can be reported even when they are not real weaknesses, programmers and reviewers must review them, resulting in a decrease in the productivity of development. In this study, we present a system that uses the BERT model to determine the reliability of the weakness analysis results generated by the static analysis tool and to reduce false alarms by reclassifying the derived results into a decision tree model. Thus, it is possible to maintain the advantages of static analysis tools and increase productivity by reducing the cost of program development and the review process.

Cite

CITATION STYLE

APA

Nguyen, D. H., Seo, A., Nnamdi, N. P., & Son, Y. (2023). False Alarm Reduction Method for Weakness Static Analysis Using BERT Model. Applied Sciences (Switzerland), 13(6). https://doi.org/10.3390/app13063502

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free