False Alarm Reduction Method for Weakness Static Analysis Using BERT Model

Dinh Huong Nguyen, Aria Seo, Nnubia Pascal Nnamdi, Yunsik Son

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

In the era of the fourth Industrial Revolution, software has recently been applied in many fields. As the size and complexity of software increase, security attack problems continue to arise owing to potential software defects, resulting in significant social losses. To reduce software defects, a secure software development life cycle (SDLC) should be systematically developed and managed. In particular, a software weakness analyzer that uses a static analysis tool to check software weaknesses at the time of development is a very effective tool for solving software weaknesses. However, because numerous false alarms can be reported even when they are not real weaknesses, programmers and reviewers must review them, resulting in a decrease in the productivity of development. In this study, we present a system that uses the BERT model to determine the reliability of the weakness analysis results generated by the static analysis tool and to reduce false alarms by reclassifying the derived results into a decision tree model. Thus, it is possible to maintain the advantages of static analysis tools and increase productivity by reducing the cost of program development and the review process.

Original languageEnglish
Article number3502
JournalApplied Sciences (Switzerland)
Volume13
Issue number6
DOIs
StatePublished - Mar 2023

Keywords

  • BERT
  • false alarm reduction
  • software weakness
  • static analysis
  • weakness analysis

Fingerprint

Dive into the research topics of 'False Alarm Reduction Method for Weakness Static Analysis Using BERT Model'. Together they form a unique fingerprint.

Cite this