Software Security Vulnerability Prediction Modelling for C/C++ Systems

Abstract

This study focused on developing realistic software security Vulnerability Prediction Models (VPMs) for C/C++ systems. The aim is to mitigate security vulnerabilities and prevent exploitation in C/C++ projects by identifying vulnerable source files for patching before deployment. The study addressed the limitations of existing software VPMs, such as low accuracy, poor traceability of vulnerabilities, dataset imbalance, and the use of irrelevant metrics. The research used relevant security-related metrics as features and addressed the dataset imbalance issue by oversampling. Genetic algorithm was modified to overcome local optima problem and in turn used to optimize the correlation values of the metrics and improved the performance of random forest classifier. The study also highlighted that oversampling improved predictability and feature elimination mitigated overfiting. The developed software VPMs exhibited high performance in cross-project predictions, with recall, precision, and f-measure exceeding 80%, surpassing most performance reported in the literature. The software VPMs enable easy traceability of vulnerable components. Therefore, the study recommended the adoption of these software VPMs by quality assurance teams in software development companies to predict vulnerable files to patch before deployment. Additionally, the primary dataset used in the study is recommended as a benchmark for software VPMs researchers.