假阳性悖论
计算机科学
脆弱性(计算)
假阳性和假阴性
任务(项目管理)
人工智能
机器学习
软件
真阳性率
集合(抽象数据类型)
安全编码
数据挖掘
静态分析
软件安全保证
计算机安全
信息安全
工程类
程序设计语言
系统工程
保安服务
作者
Sumanth Gowda,Divyesh Prajapati,Ranjit Singh,Swanand S. Gadre
标识
DOI:10.1109/ccem.2018.00010
摘要
Dynamic Application Security Testing is conducted with the help of automated tools that have built-in scanners which automatically crawl all the webpages of the application and report security vulnerabilities based on certain set of pre-defined scan rules. Such pre-defined rules cannot fully determine the accuracy of a vulnerability and very often one needs to manually validate these results to remove the false positives. Eliminating false positives from such results can be a quite painful and laborious task. This article proposes an approach of eliminating false positives by using machine learning . Based on the historic data available on false positives, suitable machine learning models are deployed to predict if the reported defect is a real vulnerability or a false positive
科研通智能强力驱动
Strongly Powered by AbleSci AI