{"id":"https://openalex.org/W4367021285","doi":"https://doi.org/10.5220/0011859300003464","title":"A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes","display_name":"A Comparison of Source Code Representation Methods to Predict Vulnerability Inducing Code Changes","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4367021285","doi":"https://doi.org/10.5220/0011859300003464"},"language":"en","primary_location":{"id":"doi:10.5220/0011859300003464","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0011859300003464","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.5220/0011859300003464","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006614669","display_name":"Ru\u015fen Halepmollas\u0131","orcid":"https://orcid.org/0000-0002-9941-2712"},"institutions":[{"id":"https://openalex.org/I4210141511","display_name":"TUBITAK BILGEM","ror":"https://ror.org/057kvja37","country_code":"TR","type":"government","lineage":["https://openalex.org/I4210141511"]},{"id":"https://openalex.org/I48912391","display_name":"Istanbul Technical University","ror":"https://ror.org/059636586","country_code":"TR","type":"education","lineage":["https://openalex.org/I48912391"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Rusen Halepmollas\u0131","raw_affiliation_strings":["Istanbul Technical University, Istanbul, Turkey, --- Select a Country ---","T \u00dcB \u0130TAK Informatics and Information Security Research Center, Kocaeli, Turkey, --- Select a Country ---"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Istanbul Technical University, Istanbul, Turkey, --- Select a Country ---","institution_ids":["https://openalex.org/I48912391"]},{"raw_affiliation_string":"T \u00dcB \u0130TAK Informatics and Information Security Research Center, Kocaeli, Turkey, --- Select a Country ---","institution_ids":["https://openalex.org/I4210141511"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063689765","display_name":"Khadija Hanifi","orcid":"https://orcid.org/0000-0001-7044-3315"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Khadija Hanifi","raw_affiliation_strings":["Ericsson Security Research, Istanbul, Turkey, --- Select a Country ---"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ericsson Security Research, Istanbul, Turkey, --- Select a Country ---","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017693203","display_name":"Ramin Fouladi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ramin Fouladi","raw_affiliation_strings":["Ericsson Security Research, Istanbul, Turkey, --- Select a Country ---"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ericsson Security Research, Istanbul, Turkey, --- Select a Country ---","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089239701","display_name":"Ay\u015fe Tosun","orcid":"https://orcid.org/0000-0003-1859-7872"},"institutions":[{"id":"https://openalex.org/I48912391","display_name":"Istanbul Technical University","ror":"https://ror.org/059636586","country_code":"TR","type":"education","lineage":["https://openalex.org/I48912391"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Ayse Tosun","raw_affiliation_strings":["Istanbul Technical University, Istanbul, Turkey, --- Select a Country ---"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Istanbul Technical University, Istanbul, Turkey, --- Select a Country ---","institution_ids":["https://openalex.org/I48912391"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.4077,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.66775599,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"469","last_page":"478"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9871000051498413,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7131105661392212},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6384018659591675},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.560922384262085},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5249314904212952},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.49277904629707336},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.29792237281799316},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1525304615497589}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7131105661392212},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6384018659591675},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.560922384262085},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5249314904212952},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.49277904629707336},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.29792237281799316},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1525304615497589},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.5220/0011859300003464","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0011859300003464","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:polen.itu.edu.tr:11527/34770","is_oa":false,"landing_page_url":"https://hdl.handle.net/11527/34770","pdf_url":null,"source":{"id":"https://openalex.org/S4306400460","display_name":"Istanbul Technical University Academic Open Archive (Istanbul Technical University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I48912391","host_organization_name":"Istanbul Technical University","host_organization_lineage":["https://openalex.org/I48912391"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"}],"best_oa_location":{"id":"doi:10.5220/0011859300003464","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0011859300003464","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W2350741829","https://openalex.org/W2530322880","https://openalex.org/W3081644756"],"abstract_inverted_index":{"<p>Vulnerability":[0],"prediction":[1],"is":[2,58,102,113],"a":[3,50,55,172],"data-driven":[4],"process":[5],"that":[6,95,158],"utilizes":[7],"previous":[8],"vulnerability":[9,51,164],"records":[10,20],"and":[11,32,53,127,134,186],"their":[12],"associated":[13],"fixes":[14],"in":[15,29,43,91,181],"software":[16,66,73,108],"development":[17],"projects.":[18],"Vulnerability":[19],"are":[21,33],"rarely":[22],"observed":[23],"compared":[24],"to":[25,38,71,83,139],"other":[26],"defects,":[27],"even":[28],"large":[30],"projects,":[31],"usually":[34],"not":[35],"directly":[36],"linked":[37],"the":[39,44,85,99,110,119,153],"related":[40],"code":[41,76,93,121,142,150,168,178],"changes":[42,94,151],"bug":[45],"tracking":[46],"system.":[47],"Thus,":[48],"preparing":[49],"dataset":[52,157],"building":[54],"predicting":[56,92],"model":[57],"quite":[59],"challenging.":[60],"There":[61],"exist":[62],"many":[63],"studies":[64],"proposing":[65],"metrics-based":[67,167],"or":[68],"embedding/token-based":[69],"approaches":[70,90],"predict":[72,140],"vulnerabilities":[74],"over":[75,149],"changes.":[77,143],"In":[78],"this":[79],"study,":[80],"we":[81,159],"aim":[82],"compare":[84],"performance":[86,175],"of":[87,107,118,183],"two":[88],"different":[89],"induce":[96],"vulnerabilities.":[97],"While":[98],"first":[100],"approach":[101,112],"based":[103,114],"on":[104,115,152],"an":[105,123],"aggregation":[106],"metrics,":[109],"second":[111],"embedding":[116],"representation":[117,169,179],"source":[120],"using":[122],"Abstract":[124],"Syntax":[125],"Tree":[126],"skip-gram":[128],"techniques.":[129],"We":[130,144],"employed":[131],"Deep":[132],"Learning":[133,137],"popular":[135],"Machine":[136],"algorithms":[138],"vulnerability-inducing":[141],"report":[145],"our":[146],"empirical":[147],"analysis":[148],"publicly":[154],"available":[155],"SmartSHARK":[156],"extended":[160],"by":[161],"adding":[162],"real":[163],"data.":[165],"Software":[166],"method":[170,180],"shows":[171],"better":[173],"classification":[174],"than":[176],"embedding-based":[177],"terms":[182],"recall,":[184],"precision":[185],"F1-Score.</p>":[187]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}