Predicting software vulnerability based on software metrics: a deep learning approach

Abstract

The security of IT systems is the topmost priority of software developers. Software vulnerabilities undermine the security of computer systems. Lately, there have been a lot of reported issues of software vulnerabilities recorded in individuals and corporate systems. Software metrics-based techniques have been used and found to be effective due to low false positives and false negatives. However, there are software metrics that have not been investigated and could have an impact on the performance of the predictive model. In this study, we developed an ensemble deep learning algorithm made of LSTM, CNN, and MLP models with the non-investigated metrics as a feature to learn the latent representation of code metrics to predict anomalies in source code effectively. We trained the proposed model on the SySeVR datasets and compared the model's performance against five deep learning algorithms and four state-of-the-art SVPs. The proposed model performs better than the other deep learning with a classification accuracy of 96.17%, and a precision of 97.72%. The model's classification accuracy is 4.98% higher than that of the five deep learning models and 1.71% lower in precision than the state-of-the-art SVP. � The Author(s), under exclusive licence to Springer Nature Switzerland AG 2024.