To read the full version of this content please select one of the options below:

Enhanced prediction of vulnerable Web components using Stochastic Gradient Boosting Trees

Mahmoud Elish (Gulf University for Science and Technology, Hawally, Kuwait)

International Journal of Web Information Systems

ISSN: 1744-0084

Article publication date: 21 November 2018

Issue publication date: 10 June 2019

Abstract

Purpose

Effective and efficient software security inspection is crucial as the existence of vulnerabilities represents severe risks to software users. The purpose of this paper is to empirically evaluate the potential application of Stochastic Gradient Boosting Trees (SGBT) as a novel model for enhanced prediction of vulnerable Web components compared to common, popular and recent machine learning models.

Design/methodology/approach

An empirical study was conducted where the SGBT and 16 other prediction models have been trained, optimized and cross validated using vulnerability data sets from multiple versions of two open-source Web applications written in PHP. The prediction performance of these models have been evaluated and compared based on accuracy, precision, recall and F-measure.

Findings

The results indicate that the SGBT models offer improved prediction over the other 16 models and thus are more effective and reliable in predicting vulnerable Web components.

Originality/value

This paper proposed a novel application of SGBT for enhanced prediction of vulnerable Web components and showed its effectiveness.

Keywords

Citation

Elish, M. (2019), "Enhanced prediction of vulnerable Web components using Stochastic Gradient Boosting Trees", International Journal of Web Information Systems, Vol. 15 No. 2, pp. 201-214. https://doi.org/10.1108/IJWIS-05-2018-0041

Publisher

:

Emerald Publishing Limited

Copyright © 2018, Emerald Publishing Limited