Survey of Open-Source Software Defect Prediction Method

Tian Xiao; Chang Jiyou; Zhang Chi; Rong Jingfeng; Wang Ziyu; Zhang Guanghua; Wang He; Wu Gaofei; Hu Jinglu; Zhang Yuqing

doi:10.7544/issn1000-1239.202221046

Journal of Computer Research and Development > 2023 > 60(7): 1467-1488. > DOI: 10.7544/issn1000-1239.202221046 CSTR: 32373.14.issn1000-1239.202221046

Tian Xiao, Chang Jiyou, Zhang Chi, Rong Jingfeng, Wang Ziyu, Zhang Guanghua, Wang He, Wu Gaofei, Hu Jinglu, Zhang Yuqing. Survey of Open-Source Software Defect Prediction Method[J]. Journal of Computer Research and Development, 2023, 60(7): 1467-1488. DOI: 10.7544/issn1000-1239.202221046

Citation:

PDF (1739 KB)

Survey of Open-Source Software Defect Prediction Method

Tian Xiao^{1, 2,},
Chang Jiyou³,
Zhang Chi²,
Rong Jingfeng^{2, 6},
Wang Ziyu³,
Zhang Guanghua³,
Wang He^{1, 2},
Wu Gaofei^{1, 2, 4},
Hu Jinglu⁵,
Zhang Yuqing^{1, 2, 6, 7, ,}

1.
School of Cyber Engineering, Xidian University, Xi’an 710126
2.
National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), Beijing 101408
3.
School of Information Science and Engineering, Hebei University of Science and Technology, Shijiazhuang 050018
4.
Guangxi Key Laboratory of Cryptography and Information Security (Guilin University of Electronic Technology), Guilin,Guangxi 541000
5.
Graduate School of Information, Production and Systems, Waseda University, Japan 808-0135
6.
College of Cyberspace Security, Hainan University, Haikou 570228
7.
Zhongguancun Laboratory, Beijing 100094

Funds: This work was supported by the Open Fund of Advanced Cryptography and System Security Key Laboratory of Sichuan Province (SKLACSS-202205), the Key Research and Development Program of Hainan Province (GHYF2022010, ZDYF202012), and the National Natural Science Foundation of China (U1836210), the Natural Science Basis Research Plan in Shaanxi Province of China (2021JQ-192), and the Program of Guangxi Key Laboratory of Cryptography and Information Security (GCIS202123)

More Information

Author Bio:
Tian Xiao: born in 1999. Master candidate. Her main research interest includes network and information security

Chang Jiyou: born in 1999. Master candidate. His main research interest includes network and information security

Zhang Chi: born in 2002. Master candidate. His main research interest includes AI and security

Rong Jingfeng: born in 1986. PhD candidate. His main research interest includes network and information security

Wang Ziyu: born in 1998. Master candidate. His main research interest includes network and information security

Zhang Guanghua: born in 1979. PhD, professor, master supervisor. His main research interest includes network and information security

Wang He: born in 1987. PhD, lecturer, master supervisor. Her main research interests include cryptography, quantum cryptographic protocol

Wu Gaofei: born in 1987. PhD, lecturer, master supervisor. His main research interest includes cryptography

Hu Jinglu: born in 1962. PhD, professor, PhD supervisor. His main research interest includes computational intelligence

Zhang Yuqing: born in 1966. PhD, professor, PhD supervisor. His main research interest includes information security
Received Date: March 29, 2023
Revised Date: June 05, 2023
Available Online: July 04, 2023

Graphical Abstract

Abstract

Abstract

Open-source software defect prediction reduces software repair costs and improves product quality by mining data from software history warehouses, using the syntactic semantic features of metrics related to software defects or the source code itself, and utilizing machine learning or deep learning methods to find software defects in advance. Vulnerability prediction extracts and tags code modules by mining software instance repositories to predict whether new code instances contain vulnerabilities in order to reduce the cost of vulnerability discovery and fixing. We investigate and analyze the relevant literatures in the field of software defect prediction from 2000 to December 2022. Taking machine learning and deep learning as the starting point, we sort out two types of prediction models which are based on software metrics and grammatical semantics. Based on the two types of models, the difference and connection between software defect prediction and vulnerability prediction are analyzed. Moreover, six frontier hot issues such as dataset source and processing, code vector representation method, pre-training model improvement, deep learning model exploration, fine-grained prediction technology, software defect prediction and vulnerability prediction model migration are analyzed in detail. Finally, the future development direction of software defect prediction is pointed out.
- software defect prediction,
- vulnerability prediction,
- machine learning,
- deep learning,
- metric,
- semantic and syntactic analysis

FullText(HTML)

References (124)

References

[1]	Pachouly J, Ahirrao S, Kotecha K, et al. A systematic literature review on software defect prediction using artificial intelligence: Datasets, data validation methods, approaches, and tools[J]. Engineering Applications of Artificial Intelligence, 2022, 111: 1−33 doi: 10.1016/j.engappai.2022.104773
[2]	陈翔,顾庆,刘望舒,等. 静态软件缺陷预测方法研究[J]. 软件学报,2016,27(1):1−25 doi: 10.13328/j.cnki.jos.004923 Chen Xiang, Gu Qing, Liu Wangshu, et al. Survey of static software defect prediction[J]. Journal of Software, 2016, 27(1): 1−25 (in Chinese) doi: 10.13328/j.cnki.jos.004923
[3]	顾绵雪,孙鸿宇,韩丹,等. 基于深度学习的软件安全漏洞挖掘[J]. 计算机研究与发展,2021,58(10):2140−2162 doi: 10.7544/issn1000-1239.2021.20210620 Gu Mianxue, Sun Hongyu, Han Dan, et al. Software security vulnerability mining based on deep learning[J]. Journal of Computer Research and Development, 2021, 58(10): 2140−2162 (in Chinese) doi: 10.7544/issn1000-1239.2021.20210620
[4]	Trachtenberg M. Discovering how to ensure software reliability[J]. Radio Corporation of America Engineer, 1982, 27(1): 53−57
[5]	Qian Lianfen, Yao Qingchuan, Khoshgoftaar T M. Dynamic two-phase truncated Rayleigh model for release date prediction of software[J]. Journal of Software Engineering and Applications, 2010, 3(06): 603−609 doi: 10.4236/jsea.2010.36070
[6]	Bustamante A, Bustamante B. Multinomial-exponential reliability function: A software reliability model[J]. Reliability Engineering & System Safety, 2003, 79(3): 281−288
[7]	Zheng Yanyan, Xu Renzuo. An adaptive exponential smoothing approach for software reliability prediction[C]//Proc of 2008 4th Int Conf on Wireless Communications, Networking and Mobile Computing. Piscataway, NJ: IEEE, 2008: 1−4
[8]	Yamada S, Ohba M, Osaki S. S-shaped reliability growth modeling for software error detection[J]. IEEE Transactions on Reliability, 1983, 32(5): 475−484
[9]	Kececioglu D, Jiang S, Vassiliou P. The modified Gompertz reliability growth model[C]//Proc of Annual Reliability and Maintainability Symp (RAMS). Piscataway, NJ: IEEE, 1994: 160−165
[10]	Ahmad N, Imam M Z. Software reliability growth models with log-logistic testing-effort function: A comparative study[J]. International Journal of Computer Applications, 2014, 75(12): 8−11
[11]	宫丽娜,姜淑娟,姜丽. 软件缺陷预测技术研究进展[J]. 软件学报,2019,30(10):3090−3114 doi: 10.13328/j.cnki.jos.005790 Gong Lina, Jiang Shujuan, Jiang Li. Research progress of software defect prediction[J]. Journal of Software, 2019, 30(10): 3090−3114 (in Chinese) doi: 10.13328/j.cnki.jos.005790
[12]	Li Yiyao, Lee S Y, Wotawa F, et al. Using tri-relation networks for effective software fault-proneness prediction[J]. IEEE Access, 2019, 7: 63066−63080 doi: 10.1109/ACCESS.2019.2916615
[13]	Lee S Y, Wong W E, Li Yiyao, et al. Software fault-proneness analysis based on composite developer-module networks[J]. IEEE Access, 2021, 9: 155314−155334 doi: 10.1109/ACCESS.2021.3128438
[14]	Zhu Kun, Zhang Nana, Ying Shi, et al. Within-project and cross-project software defect prediction based on improved transfer naive Bayes algorithm[J]. Computers, Materials and Continua, 2020, 63(2): 891−910
[15]	Akiyama F. An example of software system debugging.[J]. IFIP Congress, 1971, 71(1): 353−359
[16]	Halstead M H. Elements of Software Science (Operating and Programming Systems Series)[M]. New York: Elsevier Science Inc, 1977
[17]	Shepperd M, Song Qinbao, Sun Zhongbin, et al. Data quality: Some comments on the NASA software defect datasets[J]. IEEE Transactions on Software Engineering, 2013, 39(9): 1208−1215 doi: 10.1109/TSE.2013.11
[18]	Khoshgoftaar T M, Gao Kehan, Napolitano A, et al. A comparative study of iterative and non-iterative feature selection techniques for software defect prediction[J]. Information Systems Frontiers, 2014, 16(5): 801−822 doi: 10.1007/s10796-013-9430-0
[19]	Li Zhiqiang, Jing Xiaoyuan, Zhu Xiaoke, et al. Heterogeneous defect prediction through multiple kernel learning and ensemble learning[C]//Proc of 2017 IEEE Int Conf on Software Maintenance and Evolution (ICSME). Piscataway, NJ: IEEE, 2017: 91−102
[20]	Kubat M, Matwin S. Addressing the curse of imbalanced training sets: One-sided selection[C]//Proc of the 14th Int Conf on Machine Learning. San Francisco: Morgan Kaufmann, 1997: 179−186
[21]	Kotsiantis S B, Pintelas P E. Mixture of expert agents for handling imbalanced data sets[J]. Annals of Mathematics, Computing & Teleinformatics, 2003, 1(1): 46−55
[22]	Chawla N V, Bowyer K W, Hall L O, et al. SMOTE: Synthetic minority over-sampling technique[J]. Journal of Artificial Intelligence Research, 2002, 16: 321−357 doi: 10.1613/jair.953
[23]	饶珍丹. 软件缺陷预测中不平衡数据分类算法研究[D]. 哈尔滨: 哈尔滨师范大学, 2022 Yao ZhenDan. Research on unbalanced data classification algorithm in software defect prediction[D]. Harbin: Harbin Normal University, 2022(in Chinese)
[24]	He Haibo, Bai Yang, Garcia E A, et al. ADASYN: Adaptive synthetic sampling approach for imbalanced learning[C]//Proc of 2008 IEEE Int Joint Conf on Neural Networks (IEEE World Congress on Computational Intelligence). Piscataway, NJ: IEEE, 2008: 1322−1328
[25]	Ma Li, Fan Suohai. CURE-SMOTE algorithm and hybrid algorithm for feature selection and parameter optimization based on random forests[J]. BMC Bioinformatics, 2017, 18(1): 1−18 doi: 10.1186/s12859-016-1414-x
[26]	Kim S, Zhang Hongyu, Wu Rongxin, et al. Dealing with noise in defect prediction[C]//Proc of 2011 33rd Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2011: 481−490
[27]	Chen Liu, Fang Bin, Shang Zhaowei, et al. Tackling class overlap and imbalance problems in software defect prediction[J]. Software Quality Journal, 2018, 26(1): 97−125 doi: 10.1007/s11219-016-9342-6
[28]	Tang Wei, Khoshgoftaar T M. Noise identification with the k-means algorithm[C]//Proc of 16th IEEE Int Conf on Tools with Artificial Intelligence. Piscataway, NJ: IEEE, 2004: 373−378
[29]	Goyal S. Handling class-imbalance with KNN (neighbourhood) under-sampling for software defect prediction[J]. Artificial Intelligence Review, 2022, 55(3): 2023−2064 doi: 10.1007/s10462-021-10044-w
[30]	Li Zhiqiang, Jing Xiaoyuan, Wu Fei, et al. Cost-sensitive transfer kernel canonical correlation analysis for heterogeneous defect prediction[J]. Automated Software Engineering, 2018, 25(2): 201−245 doi: 10.1007/s10515-017-0220-7
[31]	Yang Zhenyu, Jin Chufeng, Zhang Yue, et al. Software defect prediction: An ensemble learning approach[J]. Journal of Physics:Conf Series, 2022, 2171(1): 012008 doi: 10.1088/1742-6596/2171/1/012008
[32]	Jiang Feng, Yu Xu, Gong Dunwei, et al. A random approximate reduct-based ensemble learning approach and its application in software defect prediction[J]. Information Sciences, 2022, 609: 1147−1168 doi: 10.1016/j.ins.2022.07.130
[33]	Gong Lina, Jiang Shujuan, Bo Lili, et al. A novel class-imbalance learning approach for both within-project and cross-project defect prediction[J]. IEEE Transactions on Reliability, 2019, 69(1): 40−54
[34]	Zhang Shenggang, Jiang Shujuan, Yan Yue. A software defect prediction approach based on BiGAN anomaly detection[J]. Scientific Programming, 2022, 2022(1): 1−13
[35]	Rodriguez D, Herraiz I, Harrison R, et al. Preliminary comparison of techniques for dealing with imbalance in software defect prediction[C]//Proc of the 18th Int Conf on Evaluation and Assessment in Software Engineering. New York: ACM, 2014: 1−10
[36]	Eivazpour Z, Keyvanpour M R. CSSG: A cost-sensitive stacked generalization approach for software defect prediction[J]. Software Testing, Verification and Reliability, 2021, 31(5): e1761
[37]	Kohavi R, John G H. Wrappers for feature subset selection[J]. Artificial Intelligence, 1997, 97(1-2): 273−324 doi: 10.1016/S0004-3702(97)00043-X
[38]	He Xiaofei, Cai Deng, Niyogi P. Laplacian score for feature selection[C]//Proc of the 18th Int Conf on Neural Information Processing Systems. Cambridge, MA, USA: MIT Press, 2005
[39]	Balogun A O, Basri S, Capretz L F, et al. Software defect prediction using wrapper feature selection based on dynamic re-ranking strategy[J]. Symmetry, 2021, 13(11): 2166−2189 doi: 10.3390/sym13112166
[40]	Thirumoorthy K. A feature selection model for software defect prediction using binary Rao optimization algorithm[J]. Applied Soft Computing, 2022, 131: 109737−109753 doi: 10.1016/j.asoc.2022.109737
[41]	Bahaweres R B, Suroso A I, Hutomo A W, et al. Tackling feature selection problems with genetic algorithms in software defect prediction for optimization[C]//Proc of 2020 Int Conf on Informatics, Multimedia, Cyber and Information System (ICIMCIS). Piscataway, NJ: IEEE, 2020: 64−69
[42]	Miao Linsong, Liu Mingxia, Zhang Daoqiang. Cost-sensitive feature selection with application in software defect prediction[C]//Proc of the 21st Int Conf on Pattern Recognition (ICPR2012). Piscataway, NJ: IEEE, 2012: 967−970
[43]	Liu Shulong, Chen Xiang, Liu Wangshu, et al. FECAR: A feature selection framework for software defect prediction[C]//Proc of 2014 IEEE 38th Annual Computer Software and Applications Conf. Piscataway, NJ: IEEE, 2014: 426−435
[44]	Nam J, Pan S J, Kim S. Transfer defect learning[C]//Proc of 2013 35th Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2013: 382−391
[45]	Ni Chao, Liu Wangshu, Chen Xiang, et al. A cluster based feature selection method for cross-project software defect prediction[J]. Journal of Computer Science and Technology, 2017, 32(6): 1090−1107 doi: 10.1007/s11390-017-1785-0
[46]	Li Zhiqiang, Qi Chao, Zhang Li, et al. Discriminant subspace alignment for cross-project defect prediction[C]//Proc of 2019 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). Piscataway, NJ: IEEE, 2019: 1728−1733
[47]	Chen Jinfu, Wang Xiaoli, Cai Saihua, et al. A software defect prediction method with metric compensation based on feature selection and transfer learning[J]. Frontiers of Information Technology & Electronic Engineering, 2022, 23(5): 715−731
[48]	Lu Huihua, Kocaguneli E, Cukic B. Defect prediction between software versions with active learning and dimensionality reduction[C]//Proc of 2014 IEEE 25th Int Symp on Software Reliability Engineering. Piscataway, NJ: IEEE, 2014: 312−322
[49]	Xu Zhou, Liu Jin, Luo Xiapu, et al. Cross-version defect prediction via hybrid active learning with kernel principal component analysis[C]//Proc of 2018 IEEE 25th Int Conf on Software Analysis, Evolution and Reengineering (SANER). Piscataway, NJ: IEEE, 2018: 209−220
[50]	Zhang Jie, Wu Jiajing, Chen C, et al. Cds: A cross–version software defect prediction model with data selection[J]. IEEE Access, 2020, 8: 110059−110072 doi: 10.1109/ACCESS.2020.3001440
[51]	Marcus A, Maletic J I. Recovering documentation-to-source-code traceability links using latent semantic indexing[C]//Proc of 25th Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2003: 125−135
[52]	Menzies T, Dekhtyar A, Distefano J, et al. Problems with precision: A response to “comments on ‘data mining static code attributes to learn defect predictors’”[J]. IEEE Transactions on Software Engineering, 2007, 33(9): 637−640 doi: 10.1109/TSE.2007.70721
[53]	Yao Jingxiu, Shepperd M. The impact of using biased performance metrics on software defect prediction research[J]. Information and Software Technology, 2021, 139(11): 1−14
[54]	乔辉. 软件缺陷预测技术研究[D]. 郑州: 解放军信息工程大学, 2013 Qiao Hui. Research on software defect prediction techniques[D]. Zhengzhou: Information Engineering University, 2013 (in Chinese)
[55]	McCabe T J. A complexity measure[J]. IEEE Transactions on Software Engineering, 1976, 2(4): 308−320
[56]	Chidamber S R, Kemerer C F. A metrics suite for object oriented design[J]. IEEE Transactions on Software Engineering, 1994, 20(6): 476−493 doi: 10.1109/32.295895
[57]	Brito E A F, Carapuça R. Candidate metrics for object-oriented software within a taxonomy framework[J]. Journal of Systems and Software, 1994, 26(1): 87−96 doi: 10.1016/0164-1212(94)90099-X
[58]	Bansiya J, Davis C G. A hierarchical model for object-oriented design quality assessment[J]. IEEE Transactions on Software Engineering, 2002, 28(1): 4−17 doi: 10.1109/32.979986
[59]	Sotto-Mayor B, Kalech M. Cross-project smell-based defect prediction[J]. Soft Computing, 2021, 25(22): 14171−14181 doi: 10.1007/s00500-021-06254-7
[60]	Khoshgoftaar T M, Szabo R M. Improving code churn predictions during the system test and maintenance phases[C]//Proc of 1994 Int Conf on Software Maintenance. Piscataway, NJ: IEEE, 1994: 58−67
[61]	Nagappan N, Ball T. Use of relative code churn measures to predict system defect density[C]//Proc of the 27th Int Conf on Software Engineering. New York: ACM, 2005: 284−292
[62]	Moser R, Pedrycz W, Succi G. A comparative analysis of the efficiency of change metrics and static code attributes for defect prediction[C]//Proc of the 30th Int Conf on Software Engineering. New York: ACM, 2008: 181−190
[63]	Knab P, Pinzger M, Bernstein A. Predicting defect densities in source code files with decision tree learners[C]//Proc of the 2006 Int Workshop on Mining Software Repositories. New York: ACM, 2006: 119−125
[64]	王丹丹,王青. 基于演化数据的软件缺陷预测性能改进[J]. 软件学报,2016,27(12):3014−3029 doi: 10.13328/j.cnki.jos.004869 Wang Dandan, Wang Qing. Improving the performance of defect prediction based on evolution data[J]. Journal of Software, 2016, 27(12): 3014−3029 (in Chinese) doi: 10.13328/j.cnki.jos.004869
[65]	Liu Yibin, Li Yanhui, Guo Jianbo, et al. Connecting software metrics across versions to predict defects[C]//Proc of 2018 IEEE 25th Int Conf on Software Analysis, Evolution and Reengineering (SANER). Piscataway, NJ: IEEE, 2018: 232−243
[66]	Mockus A, Weiss D M. Predicting risk of software changes[J]. Bell Labs Technical Journal, 2000, 5(2): 169−180
[67]	Weyuker E J, Ostrand T J, Bell R M. Using developer information as a factor for fault prediction[C]//Proc of Third Int Workshop on Predictor Models in Software Engineering. Piscataway, NJ: IEEE, 2007: 8−15
[68]	Ostrand T J, Weyuker E J, Bell R M. Programmer-based fault prediction[C]//Proc of the 6th Int Conf on Predictive Models in Software Engineering. New York: ACM, 2010: 1−10
[69]	Pinzger M, Nagappan N, Murphy B. Can developer-module networks predict failures?[C]//Proc of the 16th ACM SIGSOFT Int Symp on Foundations of Software Engineering. New York: ACM, 2008: 2−12
[70]	Nagappan N, Murphy B, Basili V. The influence of organizational structure on software quality[C]//Proc of 2008 ACM/IEEE 30th Int Conf on Software Engineering. New York: ACM, 2008: 521−530
[71]	Mockus A. Organizational volatility and its effects on software defects[C]//Proc of the 18th ACM SIGSOFT Int Symp on Foundations of Software Engineering. New York: ACM, 2010: 117−126
[72]	Zhou Yuming, Leung H. Empirical analysis of object-oriented design metrics for predicting high and low severity faults[J]. IEEE Transactions on Software Engineering, 2006, 32(10): 771−789 doi: 10.1109/TSE.2006.102
[73]	Pai G J, Dugan J B. Empirical analysis of software fault content and fault proneness using Bayesian methods[J]. IEEE Transactions on Software Engineering, 2007, 33(10): 675−686 doi: 10.1109/TSE.2007.70722
[74]	Seliya N, Khoshgoftaar T M. Software quality analysis of unlabeled program modules with semisupervised clustering[J]. IEEE Transactions on Systems, Man, and Cybernetics-Part A:Systems and Humans, 2007, 37(2): 201−211 doi: 10.1109/TSMCA.2006.889473
[75]	Catal C, Sevim U, Diri B. Clustering and metrics thresholds based software fault prediction of unlabeled program modules[C]//Proc of 2009 6th Int Conf on Information Technology: New Generations. Piscataway, NJ: IEEE, 2009: 199−204
[76]	Arisholm E, Briand L C, Johannessen E B. A systematic and comprehensive investigation of methods to build and evaluate fault prediction models[J]. Journal of Systems and Software, 2010, 83(1): 2−17 doi: 10.1016/j.jss.2009.06.055
[77]	Gyimóthy T, Ferenc R, Siket I. Empirical validation of object-oriented metrics on open source software for fault prediction[J]. IEEE Transactions on Software Engineering, 2005, 31(10): 897−910 doi: 10.1109/TSE.2005.112
[78]	Zheng Jun. Cost-sensitive boosting neural networks for software defect prediction[J]. Expert Systems with Applications, 2010, 37(6): 4537−4543 doi: 10.1016/j.eswa.2009.12.056
[79]	Shukla S, Radhakrishnan T, Muthukumaran K, et al. Multi-objective cross-version defect prediction[J]. Soft Computing, 2018, 22(6): 1959−1980 doi: 10.1007/s00500-016-2456-8
[80]	Zhao Liuchang, Shang Zhaowei, Zhao Ling, et al. Siamese dense neural network for software defect prediction with small data[J]. IEEE Access, 2018, 7: 7663−7677
[81]	Zhang Xian, Ben K, Zeng Jie. Cross-entropy: A new metric for software defect prediction[C]//Proc of 2018 IEEE Int Conf on Software Quality, Reliability and Security (QRS). Piscataway, NJ: IEEE, 2018: 111−122
[82]	Yang Xinli, Lo D, Xia Xin, et al. Deep learning for just-in-time defect prediction[C]//Proc of 2015 IEEE Int Conf on Software Quality, Reliability and Security. Piscataway, NJ: IEEE, 2015: 17−26
[83]	Wang Song, Liu Taiyue, Tan Lin. Automatically learning semantic features for defect prediction[C]//Proc of 2016 IEEE/ACM 38th Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2016: 297−308
[84]	Wang Song, Liu Taiyue, Nam J, et al. Deep semantic feature learning for software defect prediction[J]. IEEE Transactions on Software Engineering, 2018, 46(12): 1267−1293
[85]	Li Jian, He Pinjia, Zhu Jieming, et al. Software defect prediction via convolutional neural network[C]//Proc of 2017 IEEE Int Conf on Software Quality, Reliability and Security (QRS). Piscataway, NJ: IEEE, 2017: 318−328
[86]	Fan Guisheng, Diao Xuyang, Yu Huiqun, et al. Software defect prediction via attention-based recurrent neural network[J]. Scientific Programming, 2019, 2019(4): 1−14
[87]	Qiu Shaojian, Lu Lu, Cai Ziyi, et al. Cross-project defect prediction via transferable deep learning-generated and handcrafted features[C]//Proc of the 31st Int Conf on Software Engineering and Knowledge Engineering. Skokie: Knowledge Systems Institute Graduate School, 2019: 431−552
[88]	Liu Wangshu, Zhu Yongteng, Chen Xiang, et al. S² LMMD: Cross-project software defect prediction via statement semantic learning and maximum mean discrepancy[C]//Proc of 2021 28th Asia-Pacific Software Engineering Conf (APSEC). Piscataway, NJ: IEEE, 2021: 369−379
[89]	Dam H K, Pham T, Ng S W, et al. A deep tree-based model for software defect prediction[J]. ArXiv Preprint ArXiv: 1802.00921, 2018
[90]	Šikić L, Kurdija A S, Vladimir K, et al. Graph neural network for source code defect prediction[J]. IEEE Access, 2022, 10: 10402−10415 doi: 10.1109/ACCESS.2022.3144598
[91]	Phan A V, Le Nguyen M, Bui L T. Convolutional neural networks over control flow graphs for software defect prediction[C]//Proc of 2017 IEEE 29th Int Conf on Tools with Artificial Intelligence (ICTAI). Piscataway, NJ: IEEE, 2017: 45−52
[92]	Xu Jiaxi, Ai Jun, Liu Jingyu, et al. ACGDP: An augmented code graph-based system for software defect prediction[J]. IEEE Transactions on Reliability, 2022, 71(2): 850−864 doi: 10.1109/TR.2022.3161581
[93]	Li Zhen, Zou Deqing, Xu Shouhuai, et al. VulDeePecker: A deep learning-based system for vulnerability detection[J]. ArXiv Preprint ArXiv: 1801.01681, 2018
[94]	Huo Xuan, Yang Yang, Li Ming, et al. Learning semantic features for software defect prediction by code comments embedding[C]//Proc of 2018 IEEE Int Conf on Data Mining (ICDM). Piscataway, NJ: IEEE, 2018: 1049−1054
[95]	Qu Yu, Liu Ting, Chi Jianlei, et al. Node2defect: Using network embedding to improve software defect prediction[C]//Proc of 2018 33rd IEEE/ACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2018: 844−849
[96]	Zeng Cheng, Zhou Chunying, Lv Shengkai, et al. GCN2defect: Graph convolutional networks for smotetomek-based software defect prediction[C]//Proc of 2021 IEEE 32nd Int Symp on Software Reliability Engineering (ISSRE). Piscataway, NJ: IEEE, 2021: 69−79
[97]	Zhou Chunying, He Peng, Zeng Cheng, et al. Software defect prediction with semantic and structural information of codes based on graph neural networks[J]. Information and Software Technology, 2022, 152: 107057 doi: 10.1016/j.infsof.2022.107057
[98]	Yang Fengyu, Huang Yaxuan, Xu Haoming, et al. Fine-grained software defect prediction based on the method-call sequence[J]. Computational Intelligence and Neuroscience, 2022, 2022(8): 1−15
[99]	Uddin M N, Li Bixin, Ali Z, et al. Software defect prediction employing BiLSTM and BERT-based semantic feature[J]. Soft Computing, 2022, 26(16): 7877−7891 doi: 10.1007/s00500-022-06830-5
[100]	Shin Y, Williams L. An empirical model to predict security vulnerabilities using code complexity metrics[C]//Proc of the Second ACM-IEEE Int Symp on Empirical Software Engineering and Measurement. New York: ACM, 2008: 315−317
[101]	Gegick M, Williams L, Osborne J, et al. Prioritizing software security fortification through code-level security metrics[C]//Proc of Workshop on Quality of Protection. New York: ACM, 2008: 31−38
[102]	Meneely A, Williams L. Secure open source collaboration: An empirical study of Linus’ law[C]//Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009: 453−462
[103]	Shin Y, Meneely A, Williams L, et al. Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities[J]. IEEE Transactions on Software Engineering, 2010, 37(6): 772−787
[104]	Chowdhury I, Zulkernine M. Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities[J]. Journal of Systems Architecture, 2011, 57(3): 294−313 doi: 10.1016/j.sysarc.2010.06.003
[105]	Hovsepyan A, Scandariato R, Joosen W, et al. Software vulnerability prediction using text analysis techniques[C]//Proc of the 4th Int Workshop on Security Measurements and Metrics. New York: ACM, 2012: 7−10
[106]	Scandariato R, Walden J, Hovsepyan A, et al. Predicting vulnerable software components via text mining[J]. IEEE Transactions on Software Engineering, 2014, 40(10): 993−1006 doi: 10.1109/TSE.2014.2340398
[107]	Yamaguchi F, Lottmann M, Rieck K. Generalized vulnerability extrapolation using abstract syntax trees[C]//Proc of the 28th Annual Computer Security Applications Conf. New York: ACM, 2012: 359−368
[108]	Meng Qingkun, Wen Shameng, Feng Chao, et al. Predicting buffer overflow using semi-supervised learning[C]//Proc of 2016 9th Int Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI). Piscataway, NJ: IEEE, 2016: 1959−1963
[109]	Pang Yulei, Xue Xiaozhen, Wang Huaying. Predicting vulnerable software components through deep neural network[C]//Proc of the 2017 Int Conf on Deep Learning Technologies. New York: ACM, 2017: 6−10
[110]	Dam H K, Tran T, Pham T, et al. Automatic feature learning for predicting vulnerable software components[J]. IEEE Transactions on Software Engineering, 2018, 47(1): 67−85
[111]	Kalouptsoglou I, Siavvas M, Kehagias D, et al. An empirical evaluation of the usefulness of word embedding techniques indeep learning-based vulnerability prediction[C]//Proc of Int ISCIS Security Workshop. Berlin: Springer, 2022: 23−37
[112]	马倩华. 基于深度学习的软件源码漏洞预测[D]. 北京: 北京邮电大学, 2020 Ma Qianhua. Deep learning-based software vulnerability prediction[D]. Beijing: Beijing University of Posts and Telecommunications, 2020 (in Chinese)
[113]	Zhou Yaqin, Liu Shangqing, Siow J, et al. Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks[C]//Proc of 33rd Conf on Neural Information Processing Systems (NeurIPS). San Diego, CA, USA: NIPS, 2019: 10197−10207
[114]	Li Zhen, Zou Deqing, Xu Shouhuai, et al. SySeVR: A framework for using deep learning to detect software vulnerabilities[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(4): 2244−2258
[115]	Li Yi, Wang Shouhua, Nguyen T N. Vulnerability detection with fine-grained interpretations[C]//Proc of the 29th ACM Joint Meeting on European Software Engineering Conf and Symp on the Foundations of Software Engineering. New York: ACM, 2021: 292−303
[116]	Fu M, Tantithamthavorn C. LineVul: A transformer-based line-level vulnerability prediction[C]//Proc of 2022 IEEE/ACM 19th Int Conf on Mining Software Repositories (MSR). Piscataway, NJ: IEEE, 2022: 608−620
[117]	Shin Y, Williams L. Is complexity really the enemy of software security?[C]//Proc of the 4th ACM Workshop on Quality of Protection. New York: ACM, 2008: 47−50
[118]	Viega J, McGraw G R. Building Secure Software: How to Avoid Security Problems the Right Way, Portable Documents[M]. London: Pearson Education, 2001
[119]	高志伟,姚尧,饶飞,等. 基于漏洞严重程度分类的漏洞预测模型[J]. 电子学报,2013,41(9):1784−1787 doi: 10.3969/j.issn.0372-2112.2013.09.018 Gao Zhiwei, Yao Yao, Rao Fei, et al. Prediction model of vulnerabilities based on the type of vulnerability severity[J]. Acta Electronica Sinica, 2013, 41(9): 1784−1787 (in Chinese) doi: 10.3969/j.issn.0372-2112.2013.09.018
[120]	Pan Zhixin, Mishra P. A survey on hardware vulnerability analysis using machine learning[J]. IEEE Access, 2022, 10: 49508−49527 doi: 10.1109/ACCESS.2022.3173287
[121]	Palix N, Thomas G, Saha S, et al. Faults in Linux: Ten years later[C]//Proc of the 16th Int Conf on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2011: 305−318
[122]	Zimmermann T, Nagappan N, Williams L. Searching for a needle in a haystack: Predicting security vulnerabilities for windows vista[C]//Proc of 2010 3rd Int Conf on Software Testing, Verification and Validation. Piscataway, NJ: IEEE, 2010: 421−428
[123]	Shin Y, Williams L A. Can fault prediction models and metrics be used for vulnerability prediction?[R]. North Carolina, USA: North Carolina State University, Department of Computer Science, 2010
[124]	Shin Y, Williams L. Can traditional fault prediction models be used for vulnerability prediction?[J]. Empirical Software Engineering, 2013, 18(1): 25−59 doi: 10.1007/s10664-011-9190-8

[1]	Liao Xiaojian, Yang Zhe, Yang Hongzhang, Tu Yaofeng, Shu Jiwu. A Low-Latency Storage Engine with Low CPU Overhead[J]. Journal of Computer Research and Development, 2022, 59(3): 489-498. DOI: 10.7544/issn1000-1239.20210574
[2]	Liu Fang, Li Ge, Hu Xing, Jin Zhi. Program Comprehension Based on Deep Learning[J]. Journal of Computer Research and Development, 2019, 56(8): 1605-1620. DOI: 10.7544/issn1000-1239.2019.20190185
[3]	Wu Qiyu, Zhou Fucai, Wang Qiang, Li Yuxi. Publicly Verifiable Databases Scheme with Efficient Updates and Low Storage Overhead[J]. Journal of Computer Research and Development, 2018, 55(8): 1800-1808. DOI: 10.7544/issn1000-1239.2018.20170320
[4]	Zheng Peng, Hu Chengchen, Li Hao. Reducing the Southbound Interface Overhead for OpenFlow Based on the Flow Volume Characteristics[J]. Journal of Computer Research and Development, 2018, 55(2): 346-357. DOI: 10.7544/issn1000-1239.2018.20160743
[5]	Zhang Dongsong, Wang Jue, Zhao Zhifeng, Wu Fei. PLUFS: An Overhead-Aware Online Energy-Efficient Scheduling Algorithm for Periodic Real-Time Tasks in Multiprocessor Systems[J]. Journal of Computer Research and Development, 2016, 53(7): 1454-1466. DOI: 10.7544/issn1000-1239.2016.20160163
[6]	Zhang Zhitian, Li Zhaopeng, Chen Yiyun, and Liu Gang. An Automatic Program Verifier for PointerC: Design and Implementation[J]. Journal of Computer Research and Development, 2013, 50(5): 1044-1054.
[7]	Kuang Jishun, Jin Liyun, Wang Weizheng, You Zhiqiang. Two Methods for Reducing the Area Overheads of Self-Feedback Testing[J]. Journal of Computer Research and Development, 2012, 49(4): 880-886.
[8]	Sun Yan, Zhang Minxuan, Li Shaoqing, and Gao Changlei. Optimizing Soft Error Rate and Overhead of Circuits Based on Sensitive Registers Replacement[J]. Journal of Computer Research and Development, 2011, 48(1): 28-35.
[9]	Chen Wei, Wang Zhiying, Xiao Nong, Shen Li, and Lu Hongyi. Decoded Instruction Cache for Reducing Startup Overhead in Co-Designed Virtual Machines[J]. Journal of Computer Research and Development, 2011, 48(1): 19-27.
[10]	Wu Ping, Chen Yiyun, Zhang Jian. Static Data-Race Detection for Multithread Programs[J]. Journal of Computer Research and Development, 2006, 43(2): 329-335.

Cited By

Cited by

Periodical cited type(2)

1.	唐成华，蔡维嘉，杨萌萌，强保华. CBFuzzer：基于执行上下文导向及保护突破的程序缺陷模糊检测. 计算机研究与发展. 2025(03): 790-807 . 本站查看
2.	唐成华，蔡维嘉，林和，强保华. 软件漏洞模糊测试的关键分支探索及热点更新算法. 计算机应用研究. 2024(07): 2179-2183 .