{"id":"https://openalex.org/W7128426571","doi":"https://doi.org/10.1007/s10207-026-01213-5","title":"Assessing security vulnerabilities in a docker-enabled federated learning framework with hyperparameter tuning for software bug prediction","display_name":"Assessing security vulnerabilities in a docker-enabled federated learning framework with hyperparameter tuning for software bug prediction","publication_year":2026,"publication_date":"2026-02-09","ids":{"openalex":"https://openalex.org/W7128426571","doi":"https://doi.org/10.1007/s10207-026-01213-5"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-026-01213-5","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01213-5","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01213-5.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01213-5.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5125467218","display_name":"Ruchika Malhotra","orcid":null},"institutions":[{"id":"https://openalex.org/I863896202","display_name":"Delhi Technological University","ror":"https://ror.org/01ztcvt22","country_code":"IN","type":"education","lineage":["https://openalex.org/I863896202"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Ruchika Malhotra","raw_affiliation_strings":["Department of Software Engineering, Delhi Technological University, New Delhi, India"],"affiliations":[{"raw_affiliation_string":"Department of Software Engineering, Delhi Technological University, New Delhi, India","institution_ids":["https://openalex.org/I863896202"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025482461","display_name":"Anjali Bansal","orcid":"https://orcid.org/0000-0001-5253-4870"},"institutions":[{"id":"https://openalex.org/I863896202","display_name":"Delhi Technological University","ror":"https://ror.org/01ztcvt22","country_code":"IN","type":"education","lineage":["https://openalex.org/I863896202"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Anjali Bansal","raw_affiliation_strings":["Department of Software Engineering, Delhi Technological University, New Delhi, India"],"affiliations":[{"raw_affiliation_string":"Department of Software Engineering, Delhi Technological University, New Delhi, India","institution_ids":["https://openalex.org/I863896202"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024207305","display_name":"Marouane Kessentini","orcid":null},"institutions":[{"id":"https://openalex.org/I8606887","display_name":"Grand Valley State University","ror":"https://ror.org/001m1hv61","country_code":"US","type":"education","lineage":["https://openalex.org/I8606887"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Marouane Kessentini","raw_affiliation_strings":["College of Computing, Grand Valley State University, Allendale, MI, USA"],"affiliations":[{"raw_affiliation_string":"College of Computing, Grand Valley State University, Allendale, MI, USA","institution_ids":["https://openalex.org/I8606887"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5025482461"],"corresponding_institution_ids":["https://openalex.org/I863896202"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.50284222,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"25","issue":"2","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.10580000281333923,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.10580000281333923,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.09319999814033508,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.08659999817609787,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6712999939918518},{"id":"https://openalex.org/keywords/hyperparameter","display_name":"Hyperparameter","score":0.6575999855995178},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.510200023651123},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5023999810218811},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4830000102519989},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.43479999899864197},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.4223000109195709},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.41429999470710754},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.3580000102519989}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8726000189781189},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6712999939918518},{"id":"https://openalex.org/C8642999","wikidata":"https://www.wikidata.org/wiki/Q4171168","display_name":"Hyperparameter","level":2,"score":0.6575999855995178},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.510200023651123},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5023999810218811},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4830000102519989},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4611000120639801},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.43479999899864197},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.4223000109195709},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.41429999470710754},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.3580000102519989},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3555000126361847},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35249999165534973},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.3472000062465668},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3368000090122223},{"id":"https://openalex.org/C2992525071","wikidata":"https://www.wikidata.org/wiki/Q50818671","display_name":"Federated learning","level":2,"score":0.3296000063419342},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.32670000195503235},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.32190001010894775},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.3142000138759613},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.31049999594688416},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.3095000088214874},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2915000021457672},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.29089999198913574},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.2879999876022339},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.2831000089645386},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.2615000009536743},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2513999938964844},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2508000135421753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-026-01213-5","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01213-5","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01213-5.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-026-01213-5","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01213-5","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01213-5.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7128426571.pdf"},"referenced_works_count":35,"referenced_works":["https://openalex.org/W2045116160","https://openalex.org/W2195016578","https://openalex.org/W2766412091","https://openalex.org/W2791527767","https://openalex.org/W2964040431","https://openalex.org/W2974306260","https://openalex.org/W3011892127","https://openalex.org/W3043758338","https://openalex.org/W3086809868","https://openalex.org/W3107089345","https://openalex.org/W3118815308","https://openalex.org/W3123459983","https://openalex.org/W3131804997","https://openalex.org/W4280603007","https://openalex.org/W4288075785","https://openalex.org/W4288775957","https://openalex.org/W4304128419","https://openalex.org/W4304688778","https://openalex.org/W4307475640","https://openalex.org/W4311602322","https://openalex.org/W4323338215","https://openalex.org/W4376149023","https://openalex.org/W4376606853","https://openalex.org/W4384026546","https://openalex.org/W4386913854","https://openalex.org/W4387005562","https://openalex.org/W4387126905","https://openalex.org/W4388180000","https://openalex.org/W4391582487","https://openalex.org/W4391963893","https://openalex.org/W4392190394","https://openalex.org/W4392912225","https://openalex.org/W4393039075","https://openalex.org/W4396678871","https://openalex.org/W4399461989"],"related_works":[],"abstract_inverted_index":{"Federated":[0],"Learning":[1],"(FL)":[2],"has":[3],"come":[4],"up":[5],"as":[6,75,77,110,138,142,144],"a":[7,56,111,160],"promising":[8],"paradigm":[9],"for":[10,61,173],"collaborative":[11],"machine":[12],"learning":[13,181],"over":[14],"decentralized":[15],"data":[16,27],"by":[17,51],"maintaining":[18],"user":[19],"privacy":[20],"at":[21],"the":[22,49,88,95,104,170],"same":[23],"time":[24],"enabling":[25],"broader":[26],"access.":[28],"Although":[29],"FL":[30,58,164],"is":[31],"increasingly":[32],"being":[33],"used,":[34],"its":[35],"security":[36,53,130,156,176],"during":[37],"deployment,":[38],"especially":[39],"in":[40],"containerized":[41,103],"environments,":[42],"remains":[43],"under-explored.":[44],"This":[45,167],"study":[46],"directly":[47],"addresses":[48],"gap":[50],"examining":[52],"risks":[54,136],"within":[55,114],"Docker-based":[57],"deployment":[59,165],"designed":[60],"Software":[62],"Bug":[63],"Prediction":[64],"(SBP).":[65],"We":[66],"developed":[67],"two":[68],"federated":[69,180],"models\u2014a":[70],"Convolutional":[71],"Neural":[72,80],"Network":[73,81],"(FLCNN)":[74],"well":[76,143],"an":[78],"Artificial":[79],"(FLANN)\u2014and":[82],"integrated":[83],"hyperparameter":[84],"tuning":[85],"(HPT)":[86],"using":[87,119],"Grey":[89],"Wolf":[90],"Optimizer":[91],"(GWO).":[92],"After":[93],"training":[94],"model":[96],"on":[97],"multiple":[98],"open-source":[99,120],"SBP":[100],"datasets,":[101],"we":[102,158],"best":[105],"FLCNN":[106],"model,":[107],"deploying":[108,179],"it":[109],"Flask":[112],"API":[113],"Docker.":[115],"Vulnerability":[116],"scans,":[117],"executed":[118],"tools":[121],"(Anchore,":[122],"Aqua":[123],"Trivy,":[124],"Snyk,":[125],"JFrog":[126],"Xray),":[127],"disclosed":[128],"several":[129],"flaws,":[131],"including":[132],"critical":[133],"and":[134,153],"high-severity":[135],"such":[137],"denial-of-service,":[139],"buffer":[140],"overflow,":[141],"memory":[145],"management":[146],"issues.":[147],"By":[148],"subsequently":[149],"applying":[150],"updated":[151],"dependencies":[152],"recommended":[154],"container":[155],"protocols,":[157],"established":[159],"substantially":[161],"more":[162],"secure":[163],"profile.":[166],"analysis":[168],"underscores":[169],"essential":[171],"need":[172],"rigorous,":[174],"continuous":[175],"assessment":[177],"when":[178],"via":[182],"containerization.":[183]},"counts_by_year":[],"updated_date":"2026-03-11T06:11:40.159057","created_date":"2026-02-10T00:00:00"}