{"id":"https://openalex.org/W2913576447","doi":"https://doi.org/10.1109/tifs.2019.2895963","title":"Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security","display_name":"Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security","publication_year":2019,"publication_date":"2019-01-29","ids":{"openalex":"https://openalex.org/W2913576447","doi":"https://doi.org/10.1109/tifs.2019.2895963","mag":"2913576447"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2019.2895963","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2019.2895963","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023224430","display_name":"Mengyuan Zhang","orcid":"https://orcid.org/0000-0001-7457-5198"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Mengyuan Zhang","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, Canada"],"raw_orcid":"https://orcid.org/0000-0001-7457-5198","affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025487194","display_name":"Xavier de Carn\u00e9 de Carnavalet","orcid":"https://orcid.org/0000-0003-2664-3963"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Xavier de Carne de Carnavalet","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, Canada"],"raw_orcid":"https://orcid.org/0000-0003-2664-3963","affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100730397","display_name":"Lingyu Wang","orcid":"https://orcid.org/0000-0002-7441-7541"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Lingyu Wang","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, Canada"],"raw_orcid":"https://orcid.org/0000-0002-7441-7541","affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015695822","display_name":"Ahmed Ragab","orcid":"https://orcid.org/0000-0002-0075-203X"},"institutions":[{"id":"https://openalex.org/I63601056","display_name":"Menoufia University","ror":"https://ror.org/05sjrb944","country_code":"EG","type":"education","lineage":["https://openalex.org/I63601056"]}],"countries":["EG"],"is_corresponding":false,"raw_author_name":"Ahmed Ragab","raw_affiliation_strings":["Department of Industrial Electronics and Control Engineering, Menoufia University, Menouf, Egypt"],"raw_orcid":"https://orcid.org/0000-0002-0075-203X","affiliations":[{"raw_affiliation_string":"Department of Industrial Electronics and Control Engineering, Menoufia University, Menouf, Egypt","institution_ids":["https://openalex.org/I63601056"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5023224430"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":8.8089,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.97683162,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"14","issue":"9","first_page":"2315","last_page":"2330"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8575210571289062},{"id":"https://openalex.org/keywords/feature-selection","display_name":"Feature selection","score":0.6986758708953857},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.659743070602417},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.527590811252594},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.518101155757904},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.5167376399040222},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.49621468782424927},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.48104479908943176},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.47610387206077576},{"id":"https://openalex.org/keywords/predictive-power","display_name":"Predictive power","score":0.44001615047454834},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.42211028933525085},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.4129478633403778},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3849279582500458},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38292673230171204},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2792837619781494},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.25397539138793945},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.20720013976097107},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.07596135139465332}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8575210571289062},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.6986758708953857},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.659743070602417},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.527590811252594},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.518101155757904},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.5167376399040222},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.49621468782424927},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.48104479908943176},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.47610387206077576},{"id":"https://openalex.org/C2778136018","wikidata":"https://www.wikidata.org/wiki/Q10350689","display_name":"Predictive power","level":2,"score":0.44001615047454834},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.42211028933525085},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.4129478633403778},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3849279582500458},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38292673230171204},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2792837619781494},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.25397539138793945},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.20720013976097107},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.07596135139465332},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2019.2895963","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2019.2895963","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:publications.polymtl.ca:41753","is_oa":false,"landing_page_url":"https://publications.polymtl.ca/41753/","pdf_url":null,"source":{"id":"https://openalex.org/S4306401013","display_name":"PolyPublie (\u00c9cole Polytechnique de Montr\u00e9al)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45683168","host_organization_name":"Polytechnique Montr\u00e9al","host_organization_lineage":["https://openalex.org/I45683168"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Article de revue"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6000000238418579,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G4826460352","display_name":null,"funder_award_id":"N01035","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"}],"funders":[{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W66570796","https://openalex.org/W190437827","https://openalex.org/W599503780","https://openalex.org/W1495061682","https://openalex.org/W1563025380","https://openalex.org/W1981552604","https://openalex.org/W1997236144","https://openalex.org/W2000847545","https://openalex.org/W2004758929","https://openalex.org/W2012757283","https://openalex.org/W2043837581","https://openalex.org/W2067148378","https://openalex.org/W2069205948","https://openalex.org/W2069268700","https://openalex.org/W2080505894","https://openalex.org/W2081625417","https://openalex.org/W2085141123","https://openalex.org/W2099183630","https://openalex.org/W2114712239","https://openalex.org/W2117321536","https://openalex.org/W2126513985","https://openalex.org/W2128728535","https://openalex.org/W2129586531","https://openalex.org/W2134312057","https://openalex.org/W2137789775","https://openalex.org/W2149772057","https://openalex.org/W2154398797","https://openalex.org/W2157444450","https://openalex.org/W2158744032","https://openalex.org/W2159543062","https://openalex.org/W2168479209","https://openalex.org/W2187089797","https://openalex.org/W2297096600","https://openalex.org/W2504360466","https://openalex.org/W2516920790","https://openalex.org/W2559874352","https://openalex.org/W2587703861","https://openalex.org/W2781491433","https://openalex.org/W2811348957","https://openalex.org/W2911964244","https://openalex.org/W3014064419","https://openalex.org/W3101228802","https://openalex.org/W3104887532","https://openalex.org/W4235570552","https://openalex.org/W6602729356","https://openalex.org/W6607693206","https://openalex.org/W6629652716","https://openalex.org/W6679048774","https://openalex.org/W6683161245","https://openalex.org/W6684759661","https://openalex.org/W6684845054","https://openalex.org/W6733702551"],"related_works":["https://openalex.org/W4243853027","https://openalex.org/W3128132191","https://openalex.org/W4287329988","https://openalex.org/W3134187657","https://openalex.org/W4381516113","https://openalex.org/W1978034799","https://openalex.org/W1993990870","https://openalex.org/W4225160120","https://openalex.org/W4392186376","https://openalex.org/W3200895730"],"abstract_inverted_index":{"Existing":[0],"research":[1],"on":[2,49,85,95],"vulnerability":[3,184],"discovery":[4,185],"models":[5],"shows":[6],"that":[7,26,173],"the":[8,29,36,61,67,75,96,102,110,117,174,180,187,193],"existence":[9],"of":[10,25,31,66,72,77,100,112,121,150,160,176,195],"vulnerabilities":[11,197],"inside":[12],"an":[13,199],"application":[14],"may":[15,47],"be":[16],"linked":[17],"to":[18,34,134,191],"certain":[19],"features,":[20,142],"e.g.,":[21],"size":[22],"or":[23],"complexity,":[24],"application.":[27,200],"However,":[28],"applicability":[30],"such":[32],"features":[33,71,162],"demonstrate":[35],"relative":[37,103],"security":[38,104],"between":[39,69],"two":[40],"applications":[41,73,124,177],"is":[42,116,163,178],"not":[43,179],"well":[44],"studied,":[45],"which":[46,82,143],"depend":[48],"multiple":[50],"factors":[51,189],"in":[52,90,183,198],"a":[53],"complex":[54],"way.":[55],"In":[56],"this":[57,115],"paper,":[58],"we":[59,93],"perform":[60],"first":[62],"large-scale":[63],"empirical":[64],"study":[65,120],"correlation":[68],"various":[70],"and":[74,186],"abundance":[76],"vulnerabilities.":[78,127],"Unlike":[79],"existing":[80],"work,":[81],"typically":[83],"focuses":[84],"one":[86],"particular":[87],"application,":[88],"resulting":[89],"limited":[91],"successes,":[92],"focus":[94],"more":[97],"realistic":[98],"issue":[99],"assessing":[101],"level":[105],"among":[106,139],"different":[107,167],"applications.":[108],"To":[109],"best":[111],"our":[113],"knowledge,":[114],"most":[118],"comprehensive":[119],"780":[122],"real-world":[123],"involving":[125],"6498":[126],"We":[128],"apply":[129],"seven":[130],"feature":[131,136],"selection":[132],"methods":[133],"nine":[135],"subsets":[137],"selected":[138],"34":[140],"collected":[141],"are":[144],"then":[145],"fed":[146],"into":[147],"six":[148],"types":[149],"machine":[151],"learning":[152],"models,":[153],"producing":[154],"523":[155],"estimations.":[156],"The":[157],"predictive":[158],"power":[159],"important":[161],"evaluated":[164],"using":[165],"four":[166],"performance":[168],"measures.":[169],"This":[170],"paper":[171],"reflects":[172],"complexity":[175],"only":[181],"factor":[182],"human-related":[188],"contribute":[190],"explaining":[192],"number":[194],"discovered":[196]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}