{"id":"https://openalex.org/W3006605886","doi":"https://doi.org/10.1109/ladc48089.2019.8995685","title":"An Exploratory Study on Machine Learning to Combine Security Vulnerability Alerts from Static Analysis Tools","display_name":"An Exploratory Study on Machine Learning to Combine Security Vulnerability Alerts from Static Analysis Tools","publication_year":2019,"publication_date":"2019-11-01","ids":{"openalex":"https://openalex.org/W3006605886","doi":"https://doi.org/10.1109/ladc48089.2019.8995685","mag":"3006605886"},"language":"en","primary_location":{"id":"doi:10.1109/ladc48089.2019.8995685","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ladc48089.2019.8995685","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 9th Latin-American Symposium on Dependable Computing (LADC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://hdl.handle.net/10316/117479","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046201732","display_name":"Jos\u00e9 D\u2019Abruzzo Pereira","orcid":"https://orcid.org/0000-0003-0717-3396"},"institutions":[{"id":"https://openalex.org/I76903346","display_name":"University of Coimbra","ror":"https://ror.org/04z8k9a98","country_code":"PT","type":"education","lineage":["https://openalex.org/I76903346"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Jose D'Abruzzo Pereira","raw_affiliation_strings":["Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal"],"affiliations":[{"raw_affiliation_string":"Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal","institution_ids":["https://openalex.org/I76903346"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045188001","display_name":"Jo\u00e3o R. Campos","orcid":"https://orcid.org/0000-0002-4623-764X"},"institutions":[{"id":"https://openalex.org/I76903346","display_name":"University of Coimbra","ror":"https://ror.org/04z8k9a98","country_code":"PT","type":"education","lineage":["https://openalex.org/I76903346"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Jo\u00e3o R. Campos","raw_affiliation_strings":["Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal"],"affiliations":[{"raw_affiliation_string":"Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal","institution_ids":["https://openalex.org/I76903346"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016622594","display_name":"Marco Vieira","orcid":"https://orcid.org/0000-0001-5103-8541"},"institutions":[{"id":"https://openalex.org/I76903346","display_name":"University of Coimbra","ror":"https://ror.org/04z8k9a98","country_code":"PT","type":"education","lineage":["https://openalex.org/I76903346"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Marco Vieira","raw_affiliation_strings":["Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal"],"affiliations":[{"raw_affiliation_string":"Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal","institution_ids":["https://openalex.org/I76903346"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5046201732"],"corresponding_institution_ids":["https://openalex.org/I76903346"],"apc_list":null,"apc_paid":null,"fwci":2.4629,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.91838759,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8242082595825195},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.8054382801055908},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.7334156632423401},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5939674377441406},{"id":"https://openalex.org/keywords/ranking","display_name":"Ranking (information retrieval)","score":0.5729780793190002},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5713497400283813},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.5401389598846436},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5080139636993408},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5026307106018066},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4463021755218506},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.42755311727523804},{"id":"https://openalex.org/keywords/source-lines-of-code","display_name":"Source lines of code","score":0.4221414625644684},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.40056800842285156},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3393305540084839},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.28592658042907715},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.20393693447113037},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.1742590069770813},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.16867873072624207},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.12170952558517456},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11644318699836731},{"id":"https://openalex.org/keywords/search-engine","display_name":"Search engine","score":0.09879195690155029}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8242082595825195},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.8054382801055908},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.7334156632423401},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5939674377441406},{"id":"https://openalex.org/C189430467","wikidata":"https://www.wikidata.org/wiki/Q7293293","display_name":"Ranking (information retrieval)","level":2,"score":0.5729780793190002},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5713497400283813},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.5401389598846436},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5080139636993408},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5026307106018066},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4463021755218506},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.42755311727523804},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.4221414625644684},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40056800842285156},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3393305540084839},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28592658042907715},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.20393693447113037},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.1742590069770813},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.16867873072624207},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.12170952558517456},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11644318699836731},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.09879195690155029},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ladc48089.2019.8995685","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ladc48089.2019.8995685","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 9th Latin-American Symposium on Dependable Computing (LADC)","raw_type":"proceedings-article"},{"id":"pmh:oai:estudogeral.uc.pt:10316/117479","is_oa":true,"landing_page_url":"https://hdl.handle.net/10316/117479","pdf_url":null,"source":{"id":"https://openalex.org/S4306402070","display_name":"Estudo Geral (Universidad de Coimbra)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I76903346","host_organization_name":"University of Coimbra","host_organization_lineage":["https://openalex.org/I76903346"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"pmh:oai:estudogeral.uc.pt:10316/117479","is_oa":true,"landing_page_url":"https://hdl.handle.net/10316/117479","pdf_url":null,"source":{"id":"https://openalex.org/S4306402070","display_name":"Estudo Geral (Universidad de Coimbra)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I76903346","host_organization_name":"University of Coimbra","host_organization_lineage":["https://openalex.org/I76903346"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},"sustainable_development_goals":[{"score":0.5799999833106995,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W1486481742","https://openalex.org/W1536145689","https://openalex.org/W1971800255","https://openalex.org/W1989657183","https://openalex.org/W1998029707","https://openalex.org/W2027707376","https://openalex.org/W2059218484","https://openalex.org/W2067148378","https://openalex.org/W2085925880","https://openalex.org/W2086631206","https://openalex.org/W2101234009","https://openalex.org/W2119871945","https://openalex.org/W2143244564","https://openalex.org/W2158297335","https://openalex.org/W2158864412","https://openalex.org/W2159712408","https://openalex.org/W2166381878","https://openalex.org/W2301530215","https://openalex.org/W2562680154","https://openalex.org/W2744999500","https://openalex.org/W2773162022","https://openalex.org/W2811327923","https://openalex.org/W2893996856","https://openalex.org/W2911752833","https://openalex.org/W2962960733","https://openalex.org/W2990168612","https://openalex.org/W2997591727","https://openalex.org/W3005820278","https://openalex.org/W3145506661","https://openalex.org/W4248684714","https://openalex.org/W6675354045"],"related_works":["https://openalex.org/W4312406950","https://openalex.org/W3188339517","https://openalex.org/W2611747598","https://openalex.org/W2549898710","https://openalex.org/W2166381878","https://openalex.org/W2955734438","https://openalex.org/W2504194819","https://openalex.org/W3132720240","https://openalex.org/W4256450364","https://openalex.org/W2295858576"],"abstract_inverted_index":{"Due":[0],"to":[1,21,73,109,112,133,139],"time-to-market":[2],"needs":[3],"and":[4,56,90,150,189],"cost":[5],"of":[6,52,125,128,146,164,176,203,228,234,245],"manual":[7],"validation":[8],"techniques,":[9],"software":[10],"systems":[11],"are":[12,34,93,208],"often":[13],"deployed":[14],"with":[15,63,211],"vulnerabilities":[16,154,187,229],"that":[17,190,207,238,250],"may":[18],"be":[19],"exploited":[20],"gain":[22],"illegitimate":[23],"access/control,":[24],"ultimately":[25],"resulting":[26],"in":[27,104,160,168,197],"non-negligible":[28],"consequences.":[29],"Static":[30],"Analysis":[31],"Tools":[32],"(SATs)":[33],"widely":[35],"used":[36],"for":[37,173,221],"vulnerability":[38,135],"detection,":[39],"where":[40],"the":[41,50,75,123,126,174,186,201,232,239,246,253],"source":[42,223,247],"code":[43,224,248],"is":[44,182],"analyzed":[45],"without":[46,184],"executing":[47],"it.":[48],"However,":[49],"performance":[51,86],"SATs":[53,72,129,159],"varies":[54],"considerably":[55],"a":[57,161,178,204,218,243],"high":[58],"detection":[59,77,136],"rate":[60],"usually":[61],"comes":[62],"significant":[64],"false":[65,141,179,198],"alarms.":[66,142],"Recent":[67],"studies":[68],"considered":[69],"combining":[70],"various":[71],"improve":[74,134],"overall":[76],"ability,":[78],"but":[79],"they":[80],"do":[81],"not":[82,209],"allow":[83],"exploring":[84],"different":[85,158],"trade-offs,":[87],"as":[88],"basic":[89],"rigid":[91],"rules":[92],"normally":[94],"followed.":[95],"Machine":[96],"Learning":[97],"(ML)":[98],"algorithms":[99,132],"have":[100],"shown":[101],"promising":[102],"results":[103],"several":[105],"complex":[106],"problems,":[107],"due":[108],"their":[110],"ability":[111],"fit":[113],"specific":[114],"needs.":[115],"This":[116],"paper":[117,215],"presents":[118],"an":[119],"exploratory":[120],"study":[121],"on":[122,257],"combination":[124],"output":[127,233],"through":[130],"ML":[131,192],"while":[137],"trying":[138],"reduce":[140],"The":[143,214],"dataset":[144],"consists":[145],"SQL":[147],"Injection":[148],"(SQLi)":[149],"Cross-Site":[151],"Scripting":[152],"(XSS)":[153],"detected":[155],"by":[156],"five":[157],"large":[162],"set":[163],"WordPress":[165],"plugins":[166],"developed":[167],"PHP.":[169],"Results":[170,236],"show":[171,237],"that,":[172],"case":[175],"SQLi,":[177],"alarm":[180],"reduction":[181,196],"possible":[183,210],"compromising":[185],"detected,":[188],"using":[191,231],"allows":[193,241],"trade-offs":[194],"(e.g.,":[195],"alarms":[199],"at":[200],"expense":[202],"few":[205],"vulnerabilities)":[206],"existing":[212],"techniques.":[213],"also":[216],"proposes":[217],"regression-based":[219],"approach":[220,240],"ranking":[222,244,255],"files":[225,249],"considering":[226],"estimates":[227],"computed":[230],"SATs.":[235],"creating":[242],"largely":[251],"overlaps":[252],"real":[254,258],"(based":[256],"known":[259],"vulnerabilities).":[260]},"counts_by_year":[{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":3}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}