Commit-Level vs. File-Level Vulnerability Prediction
| dc.contributor.author | Chong, Michael | |
| dc.date.accessioned | 2016-09-19T17:03:09Z | |
| dc.date.available | 2017-06-20T04:50:09Z | |
| dc.date.issued | 2016-09-19 | |
| dc.date.submitted | 2016-09-19 | |
| dc.description.abstract | Helping software development teams find and repair vulnerabilities before they are released and exploited can prevent costs due to loss of data, availability, and reputation. However, while general defect prediction models exist to help developers find bugs, vulnerability prediction models currently do not achieve high enough prediction performance to be used in industry [43]. Prediction of vulnerabilities in commits and files has been explored by previous work, and while commit-level prediction, at a finer granularity, may offer more useful results, there exists no clear comparison in predictive performance to justify this assumption. To inform further research in vulnerability prediction, we compare commit and file-level prediction, across 7 projects, using 6 classifiers, for 8 different training dates. We evaluate the performance of each prediction model using ‘online prediction’ for ensuring an evaluation in line with practical usage of the prediction model. We evaluate each model using four different metrics, which we interpret as representing two different practical usage scenarios. We also perform an analysis of the data and techniques for evaluating prediction models. We find that despite achieving a low absolute prediction performance, file-level prediction generally tends to outperform commit-level prediction, but in a few outstanding cases, commit-level performs better. | en |
| dc.identifier.uri | http://hdl.handle.net/10012/10867 | |
| dc.language.iso | en | en |
| dc.pending | false | |
| dc.publisher | University of Waterloo | en |
| dc.subject | Vulnerability Prediction | en |
| dc.subject | Commit-level Prediction | en |
| dc.subject | File-level Prediction | en |
| dc.title | Commit-Level vs. File-Level Vulnerability Prediction | en |
| dc.type | Master Thesis | en |
| uws-etd.degree | Master of Applied Science | en |
| uws-etd.degree.department | Electrical and Computer Engineering | en |
| uws-etd.degree.discipline | Electrical and Computer Engineering | en |
| uws-etd.degree.grantor | University of Waterloo | en |
| uws-etd.embargo.terms | 1 year | en |
| uws.comment.hidden | Thanks again for the quick review of my thesis. The thesis has been revised according to the comments provided. Thanks! | en |
| uws.contributor.advisor | Tan, Lin | |
| uws.contributor.affiliation1 | Faculty of Engineering | en |
| uws.peerReviewStatus | Unreviewed | en |
| uws.published.city | Waterloo | en |
| uws.published.country | Canada | en |
| uws.published.province | Ontario | en |
| uws.scholarLevel | Graduate | en |
| uws.typeOfResource | Text | en |