Known vulnerabilities in software are solved through security patches; thus, applying such patches as soon as they are released is crucial to protect from cyber-attacks. The diffusion of open source software allowed to inspect the patches to understand whether they are security related or not. In this paper, we propose some solutions based on state-of-the-art deep learn- ing technologies for Natural Language Process- ing for security patches detection. In the exper- iments, we benchmarked our solutions on two data sets for Java security patches detection. Our models showed promising results, outper- forming all the others we used for comparison. Interestingly, we achieved better results train- ing the classifiers from scratch than fine tuning existing models.
Detecting Security Patches in Java Projects Using NLP Technology
Andrea Stefanoni;Licia Sbattella;Vincenzo Scotti;
2022-01-01
Abstract
Known vulnerabilities in software are solved through security patches; thus, applying such patches as soon as they are released is crucial to protect from cyber-attacks. The diffusion of open source software allowed to inspect the patches to understand whether they are security related or not. In this paper, we propose some solutions based on state-of-the-art deep learn- ing technologies for Natural Language Process- ing for security patches detection. In the exper- iments, we benchmarked our solutions on two data sets for Java security patches detection. Our models showed promising results, outper- forming all the others we used for comparison. Interestingly, we achieved better results train- ing the classifiers from scratch than fine tuning existing models.| File | Dimensione | Formato | |
|---|---|---|---|
|
paper_sgj+.pdf
accesso aperto
:
Pre-Print (o Pre-Refereeing)
Dimensione
162.69 kB
Formato
Adobe PDF
|
162.69 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
