乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T18:55:00Z","timestamp":1732042500667},"reference-count":75,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2023,2,17]],"date-time":"2023-02-17T00:00:00Z","timestamp":1676592000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,2,17]],"date-time":"2023-02-17T00:00:00Z","timestamp":1676592000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-023-00469-y","type":"journal-article","created":{"date-parts":[[2023,2,17]],"date-time":"2023-02-17T10:02:54Z","timestamp":1676628174000},"page":"615-633","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["A security vulnerability predictor based on source code metrics"],"prefix":"10.1007","volume":"19","author":[{"given":"Puya","family":"Pakshad","sequence":"first","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0002-6250-8577","authenticated-orcid":false,"given":"Alireza","family":"Shameli-Sendi","sequence":"additional","affiliation":[]},{"given":"Behzad","family":"Khalaji Emamzadeh Abbasi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,2,17]]},"reference":[{"key":"469_CR1","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1016\/j.infsof.2016.09.002","volume":"80","author":"V Garousi","year":"2016","unstructured":"Garousi, V., M\u00e4ntyl\u00e4, M.V.: A systematic literature review of literature reviews in software testing. Inf. Softw. Technol. 80, 195\u2013216 (2016)","journal-title":"Inf. Softw. Technol."},{"key":"469_CR2","unstructured":"ISO\/IEC\/IEEE International Standard. Software and systems engineering\u2014software testing\u2014part 1: concepts and definitions. In: ISO\/IEC\/IEEE 29119-1:2013(E), pp. 1\u201364. IEEE (2013)"},{"key":"469_CR3","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1016\/j.infsof.2018.11.004","volume":"107","author":"H Homaei","year":"2019","unstructured":"Homaei, H., Shahriari, H.R.: Athena: a framework to automatically generate security test oracle via extracting policies from source code and intended software behaviour. Inf. Softw. Technol. 107, 112\u2013124 (2019)","journal-title":"Inf. Softw. Technol."},{"key":"469_CR4","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.cose.2015.11.001","volume":"57","author":"A Shameli-Sendi","year":"2016","unstructured":"Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14\u201330 (2016)","journal-title":"Comput. Secur."},{"issue":"8","key":"469_CR5","doi-asserted-by":"publisher","first-page":"544","DOI":"10.1109\/TSE.2007.70712","volume":"33","author":"R Telang","year":"2007","unstructured":"Telang, R., Wattal, S.: An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Trans. Softw. Eng. 33(8), 544\u2013557 (2007)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"1","key":"469_CR6","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/s11416-014-0231-x","volume":"11","author":"S Shah","year":"2015","unstructured":"Shah, S., Mehtre, B.M.: An overview of vulnerability assessment and penetration testing techniques. J. Comput. Virol. Hack. Tech. 11(1), 27\u201349 (2015)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"1","key":"469_CR7","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1080\/13523260312331271839","volume":"24","author":"M Bishop","year":"2003","unstructured":"Bishop, M., Goldman, E.: The strategy and tactics of information warfare. Contemp. Secur. Policy 24(1), 113\u2013139 (2003)","journal-title":"Contemp. Secur. Policy"},{"issue":"10","key":"469_CR8","doi-asserted-by":"publisher","first-page":"993","DOI":"10.1109\/TSE.2014.2340398","volume":"40","author":"R Scandariato","year":"2014","unstructured":"Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Trans. Softw. Eng. 40(10), 993\u20131006 (2014)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"4","key":"469_CR9","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3092566","volume":"50","author":"SM Ghaffarian","year":"2017","unstructured":"Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. (CSUR) 50(4), 1\u201336 (2017)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"2","key":"469_CR10","doi-asserted-by":"publisher","first-page":"656","DOI":"10.2178\/jsl\/1208359065","volume":"73","author":"AG Myasnikov","year":"2008","unstructured":"Myasnikov, A.G., Rybalov, A.N.: Generic complexity of undecidable problems. J. Symb. Log. 73(2), 656\u2013673 (2008)","journal-title":"J. Symb. Log."},{"issue":"3","key":"469_CR11","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1145\/24658.24665","volume":"18","author":"L Burkholder","year":"1987","unstructured":"Burkholder, L.: The halting problem. ACM SIGACT News 18(3), 48\u201360 (1987)","journal-title":"ACM SIGACT News"},{"key":"469_CR12","doi-asserted-by":"crossref","unstructured":"Du, X., Chen, B., Li, Y., Guo, J., Zhou, Y., Liu, Y., Jiang, Y.: Leopard: Identifying vulnerable code for vulnerability assessment through program metrics. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE), pp. 60\u201371. IEEE (2019)","DOI":"10.1109\/ICSE.2019.00024"},{"key":"469_CR13","doi-asserted-by":"crossref","unstructured":"Meneely, A., Corcoran, M., Williams, L.: Improving developer activity metrics with issue tracking annotations. In: Proceedings of the 2010 ICSE Workshop on Emerging Trends in Software Metrics, pp. 75\u201380 (2010)","DOI":"10.1145\/1809223.1809234"},{"key":"469_CR14","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: 2014 IEEE Symposium on Security and Privacy, pp. 590\u2013604. IEEE (2014)","DOI":"10.1109\/SP.2014.44"},{"key":"469_CR15","doi-asserted-by":"crossref","unstructured":"Votipka, D., Stevens, R., Redmiles, E., Hu, J., Mazurek, M.: Hackers vs. testers: a comparison of software vulnerability discovery processes. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 374-391. IEEE (2018)","DOI":"10.1109\/SP.2018.00003"},{"key":"469_CR16","doi-asserted-by":"crossref","unstructured":"Liu, B., Shi, L., Cai, Z., Li, M.: Software vulnerability discovery techniques: a survey. In: 2012 Fourth International Conference on Multimedia Information Networking and Security, pp. 152\u2013156. IEEE (2012)","DOI":"10.1109\/MINES.2012.202"},{"issue":"1","key":"469_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-015-0261-z","volume":"13","author":"A Damodaran","year":"2017","unstructured":"Damodaran, A., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hack. Tech. 13(1), 1\u201312 (2017)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"2","key":"469_CR18","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s11416-014-0215-x","volume":"11","author":"C Annachhatre","year":"2015","unstructured":"Annachhatre, C., Austin, T.H., Stamp, M.: Hidden Markov models for malware classification. J. Comput. Virol. Hack. Tech. 11(2), 59\u201373 (2015)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"4","key":"469_CR19","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/s11416-013-0185-4","volume":"9","author":"D Baysa","year":"2013","unstructured":"Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hack. Tech. 9(4), 179\u2013192 (2013)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"469_CR20","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: 12th USENIX Security Symposium (USENIX Security 03) (2003)"},{"issue":"5","key":"469_CR21","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1145\/502059.502041","volume":"35","author":"D Engler","year":"2001","unstructured":"Engler, D., Chen, D.Y., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: a general approach to inferring errors in systems code. ACM SIGOPS Oper. Syst. Rev. 35(5), 57\u201372 (2001)","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"key":"469_CR22","doi-asserted-by":"crossref","unstructured":"Medeiros, I., Neves, N., Correia, M.: DEKANT: a static analysis tool that learns to detect web application vulnerabilities. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 1\u201311 (2016)","DOI":"10.1145\/2931037.2931041"},{"issue":"3","key":"469_CR23","first-page":"87","volume":"32","author":"L Yi","year":"2016","unstructured":"Yi, L., Junbin, H.: A dynamic detection method based on Web crawler and page code behavior for XSS vulnerability. Telecommun. Sci. 32(3), 87 (2016)","journal-title":"Telecommun. Sci."},{"key":"469_CR24","doi-asserted-by":"crossref","unstructured":"Shuai, B., Li, M., Li, H., Zhang, Q., Tang, C.: Software vulnerability detection using genetic algorithm and dynamic taint analysis. In: 2013 3rd International Conference on Consumer Electronics, Communications and Networks, pp. 589\u2013593. IEEE (2013)","DOI":"10.1109\/CECNet.2013.6703400"},{"issue":"7","key":"469_CR25","doi-asserted-by":"publisher","first-page":"3201","DOI":"10.3390\/app11073201","volume":"11","author":"X Li","year":"2021","unstructured":"Li, X., Wang, L., Xin, Y., Yang, Y., Tang, Q., Chen, Y.: Automated software vulnerability detection based on hybrid neural network. Appl. Sci. 11(7), 3201 (2021)","journal-title":"Appl. Sci."},{"key":"469_CR26","doi-asserted-by":"crossref","unstructured":"Shar, L.K., Tan, H.B.K., Briand, L.C.: Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. In: 2013 35th International Conference on Software Engineering (ICSE), pp. 642\u2013651. IEEE (2013)","DOI":"10.1109\/ICSE.2013.6606610"},{"key":"469_CR27","unstructured":"Muiruri, C.K.: A hybrid algorithm for detecting web-based applications vulnerabilities (Doctoral dissertation, University of Nairobi) (2015)"},{"issue":"3","key":"469_CR28","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1016\/j.sysarc.2010.06.003","volume":"57","author":"I Chowdhury","year":"2011","unstructured":"Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Archit. 57(3), 294\u2013313 (2011)","journal-title":"J. Syst. Archit."},{"key":"469_CR29","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., Zhong, Y.: Vuldeepecker: a deep learning-based system for vulnerability detection. In: Proceedings of the NDSS (2018)","DOI":"10.14722\/ndss.2018.23158"},{"issue":"5","key":"469_CR30","first-page":"2224","volume":"18","author":"D Zou","year":"2019","unstructured":"Zou, D., Wang, S., Xu, S., Li, Z., Jin, H.: $$\\mu $$VulDeePecker: a deep learning-based system for multiclass vulnerability detection. IEEE Trans. Dependable Secur. Comput. 18(5), 2224\u20132236 (2019)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"5","key":"469_CR31","doi-asserted-by":"publisher","first-page":"2469","DOI":"10.1109\/TDSC.2019.2954088","volume":"18","author":"G Lin","year":"2019","unstructured":"Lin, G., Zhang, J., Luo, W., Pan, L., De Vel, O., Montague, P., Xiang, Y.: Software vulnerability discovery via learning multi-domain knowledge bases. IEEE Trans. Dependable Secur. Comput. 18(5), 2469\u20132485 (2019)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"469_CR32","doi-asserted-by":"crossref","unstructured":"Pradel, M., Sen, K.: Deepbugs: a learning approach to name-based bug detection. In: Proceedings of the ACM on Programming Languages, 2(OOPSLA), pp. 1\u201325 (2018)","DOI":"10.1145\/3276517"},{"key":"469_CR33","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Advances in Neural Information Processing Systems, vol. 32 (2019)"},{"key":"469_CR34","doi-asserted-by":"publisher","first-page":"1943","DOI":"10.1109\/TIFS.2020.3044773","volume":"16","author":"H Wang","year":"2020","unstructured":"Wang, H., Ye, G., Tang, Z., Tan, S.H., Huang, S., Fang, D., Feng, Y., Bian, L., Wang, Z.: Combining graph-based learning with automated data collection for code vulnerability detection. IEEE Trans. Inf. Forensics Secur. 16, 1943\u20131958 (2020)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"469_CR35","doi-asserted-by":"crossref","unstructured":"Austin, A., Williams, L.: One technique is not enough: a comparison of vulnerability discovery techniques. In: 2011 International Symposium on Empirical Software Engineering and Measurement, pp. 97\u2013106. IEEE (2011)","DOI":"10.1109\/ESEM.2011.18"},{"key":"469_CR36","doi-asserted-by":"crossref","unstructured":"Vanegue, J., Lahiri, S.K.: Towards practical reactive security audit using extended static checkers. In: 2013 IEEE Symposium on Security and Privacy, pp. 33\u201347. IEEE (2013)","DOI":"10.1109\/SP.2013.12"},{"key":"469_CR37","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Lottmann, M., Rieck, K.: Generalized vulnerability extrapolation using abstract syntax trees. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 359\u2013368 (2012)","DOI":"10.1145\/2420950.2421003"},{"key":"469_CR38","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 499\u2013510 (2013)","DOI":"10.1145\/2508859.2516665"},{"key":"469_CR39","doi-asserted-by":"crossref","unstructured":"Son, S., McKinley, K.S., Shmatikov, V.: Rolecast: finding missing security checks when you do not know what checks are. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, pp. 1069\u20131084 (2011)","DOI":"10.1145\/2048066.2048146"},{"key":"469_CR40","unstructured":"Tan, L., Zhang, X., Ma, X., Xiong, W., Zhou, Y.: AutoISES: automatically inferring security specification and detecting violations. In: USENIX Security Symposium, pp. 379\u2013394 (2008)"},{"key":"469_CR41","doi-asserted-by":"crossref","unstructured":"Yamaguchi, F., Maier, A., Gascon, H., Rieck, K.: Automatic inference of search patterns for taint-style vulnerabilities. In: 2015 IEEE Symposium on Security and Privacy, pp. 797\u2013812. IEEE (2015)","DOI":"10.1109\/SP.2015.54"},{"issue":"6","key":"469_CR42","doi-asserted-by":"publisher","first-page":"1276","DOI":"10.1109\/TSE.2011.103","volume":"38","author":"T Hall","year":"2011","unstructured":"Hall, T., Beecham, S., Bowes, D., Gray, D., Counsell, S.: A systematic literature review on fault prediction performance in software engineering. IEEE Trans. Softw. Eng. 38(6), 1276\u20131304 (2011)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"469_CR43","doi-asserted-by":"publisher","first-page":"504","DOI":"10.1016\/j.asoc.2014.11.023","volume":"27","author":"R Malhotra","year":"2015","unstructured":"Malhotra, R.: A systematic review of machine learning techniques for software fault prediction. Appl. Soft Comput. 27, 504\u2013518 (2015)","journal-title":"Appl. Soft Comput."},{"issue":"8","key":"469_CR44","doi-asserted-by":"publisher","first-page":"1397","DOI":"10.1016\/j.infsof.2013.02.009","volume":"55","author":"D Radjenovi\u0107","year":"2013","unstructured":"Radjenovi\u0107, D., Heri\u010dko, M., Torkar, R., \u017divkovi\u010d, A.: Software fault prediction metrics: a systematic literature review. Inf. Softw. Technol. 55(8), 1397\u20131418 (2013)","journal-title":"Inf. Softw. Technol."},{"issue":"1","key":"469_CR45","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/52.976940","volume":"19","author":"D Evans","year":"2002","unstructured":"Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19(1), 42\u201351 (2002)","journal-title":"IEEE Softw."},{"key":"469_CR46","doi-asserted-by":"crossref","unstructured":"Yamashita, K., Huang, C., Nagappan, M., Kamei, Y., Mockus, A., Hassan, A. E., Ubayashi, N.: Thresholds for size and complexity metrics: a case study from the perspective of defect density. In: 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), pp. 191\u2013201. IEEE (2016)","DOI":"10.1109\/QRS.2016.31"},{"issue":"3","key":"469_CR47","doi-asserted-by":"publisher","first-page":"1134","DOI":"10.1109\/TR.2018.2864960","volume":"68","author":"F Qin","year":"2018","unstructured":"Qin, F., Zheng, Z., Qiao, Y., Trivedi, K.S.: Studying aging-related bug prediction using cross-project models. IEEE Trans. Reliab. 68(3), 1134\u20131153 (2018)","journal-title":"IEEE Trans. Reliab."},{"key":"469_CR48","doi-asserted-by":"crossref","unstructured":"Dahse, J., Holz, T.: Simulation of built-in PHP features for precise static code analysis. In: NDSS, vol. 14, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23262"},{"key":"469_CR49","doi-asserted-by":"crossref","unstructured":"Shin, Y., Williams, L.: An empirical model to predict security vulnerabilities using code complexity metrics. In: Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 315\u2013317 (2008)","DOI":"10.1145\/1414004.1414065"},{"key":"469_CR50","doi-asserted-by":"crossref","unstructured":"Shin, Y., Williams, L.: An initial study on the use of execution complexity metrics as indicators of software vulnerabilities. In: Proceedings of the 7th International Workshop on Software Engineering for Secure Systems, pp. 1\u20137 (2011)","DOI":"10.1145\/1988630.1988632"},{"key":"469_CR51","doi-asserted-by":"crossref","unstructured":"Gegick, M., Williams, L., Osborne, J., Vouk, M.: Prioritizing software security fortification throughcode-level metrics. In: Proceedings of the 4th ACM Workshop on Quality of Protection, pp. 31\u201338 (2008)","DOI":"10.1145\/1456362.1456370"},{"key":"469_CR52","doi-asserted-by":"crossref","unstructured":"Neuhaus, S., Zimmermann, T., Holler, C., Zeller, A.: Predicting vulnerable software components. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 529\u2013540 (2007)","DOI":"10.1145\/1315245.1315311"},{"key":"469_CR53","doi-asserted-by":"crossref","unstructured":"Nguyen, V. H., Tran, L.M.S.: Predicting vulnerable software components with dependency graphs. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, pp. 1\u20138 (2010)","DOI":"10.1145\/1853919.1853923"},{"issue":"1","key":"469_CR54","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/s10664-011-9190-8","volume":"18","author":"Y Shin","year":"2013","unstructured":"Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empir. Softw. Eng. 18(1), 25\u201359 (2013)","journal-title":"Empir. Softw. Eng."},{"key":"469_CR55","doi-asserted-by":"crossref","unstructured":"Morrison, P., Herzig, K., Murphy, B., Williams, L.: Challenges with applying vulnerability prediction models. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, pp. 1\u20139 (2015)","DOI":"10.1145\/2746194.2746198"},{"key":"469_CR56","doi-asserted-by":"crossref","unstructured":"Hovsepyan, A., Scandariato, R., Joosen, W.: Is newer always better? The case of vulnerability prediction models. In: Proceedings of the 10th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 1\u20136 (2016)","DOI":"10.1145\/2961111.2962612"},{"issue":"2","key":"469_CR57","doi-asserted-by":"publisher","first-page":"73","DOI":"10.5755\/j01.eie.22.2.12177","volume":"22","author":"G Sar\u0131man","year":"2016","unstructured":"Sar\u0131man, G., Kucuksille, E.U.: A novel approach to determine software security level using bayes classifier via static code metrics. Elektron. Elektrotech. 22(2), 73\u201380 (2016)","journal-title":"Elektron. Elektrotech."},{"key":"469_CR58","doi-asserted-by":"crossref","unstructured":"Camilo, F., Meneely, A., Nagappan, M.: Do bugs foreshadow vulnerabilities? A study of the chromium project. In: 2015 IEEE\/ACM 12th Working Conference on Mining Software Repositories, pp. 269\u2013279. IEEE (2015)","DOI":"10.1109\/MSR.2015.32"},{"issue":"10","key":"469_CR59","doi-asserted-by":"publisher","first-page":"1767","DOI":"10.1016\/j.infsof.2013.04.002","volume":"55","author":"LK Shar","year":"2013","unstructured":"Shar, L.K., Tan, H.B.K.: Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns. Inf. Softw. Technol. 55(10), 1767\u20131780 (2013)","journal-title":"Inf. Softw. Technol."},{"key":"469_CR60","doi-asserted-by":"crossref","unstructured":"Grieco, G., Grinblat, G.L., Uzal, L., Rawat, S., Feist, J., Mounier, L.: Toward large-scale vulnerability discovery using machine learning. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 85\u201396 (2016)","DOI":"10.1145\/2857705.2857720"},{"key":"469_CR61","doi-asserted-by":"crossref","unstructured":"Kim, S., Woo, S., Lee, H., Oh, H.: Vuddy: a scalable approach for vulnerable code clone discovery. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 595\u2013614. IEEE (2017)","DOI":"10.1109\/SP.2017.62"},{"key":"469_CR62","doi-asserted-by":"crossref","unstructured":"Nembhard, F., Carvalho, M., Eskridge, T.: Extracting knowledge from open source projects to improve program security. In: SoutheastCon 2018, pp. 1\u20137. IEEE (2018)","DOI":"10.1109\/SECON.2018.8478906"},{"issue":"1","key":"469_CR63","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/s13198-020-01036-0","volume":"12","author":"A Gupta","year":"2021","unstructured":"Gupta, A., Suri, B., Kumar, V., Jain, P.: Extracting rules for vulnerabilities detection with static metrics using machine learning. Int. J. Syst. Assur. Eng. Manag. 12(1), 65\u201376 (2021)","journal-title":"Int. J. Syst. Assur. Eng. Manag."},{"key":"469_CR64","doi-asserted-by":"publisher","first-page":"2821","DOI":"10.1109\/TDSC.2021.3076142","volume":"19","author":"Z Li","year":"2021","unstructured":"Li, Z., Zou, D., Xu, S., Chen, Z., Zhu, Y., Jin, H.: Vuldeelocator: a deep learning-based fine-grained vulnerability detector. IEEE Trans. Dependable Secur. Comput. 19, 2821\u20132837 (2021)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"469_CR65","first-page":"9","volume-title":"Compilers, Principles, Techniques","author":"AV Aho","year":"1986","unstructured":"Aho, A.V., Sethi, R., Ullman, J.D.: Compilers, Principles, Techniques, vol. 7, p. 9. Addison Wesley, Reading (1986)"},{"key":"469_CR66","unstructured":"Moonen, L.: Generating robust parsers using island grammars. In: Proceedings Eighth Working Conference on Reverse Engineering, pp. 13\u201322. IEEE (2001)"},{"issue":"3","key":"469_CR67","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1145\/24039.24041","volume":"9","author":"J Ferrante","year":"1987","unstructured":"Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. (TOPLAS) 9(3), 319\u2013349 (1987)","journal-title":"ACM Trans. Program. Lang. Syst. (TOPLAS)"},{"key":"469_CR68","unstructured":"Yamaguchi, F.: Pattern-based vulnerability discovery (Doctoral Dissertation, Nieders\u00e4chsische Staats-und Universit\u00e4tsbibliothek G\u00f6ttingen) (2015)"},{"key":"469_CR69","unstructured":"https:\/\/joern.io\/"},{"key":"469_CR70","doi-asserted-by":"crossref","unstructured":"Madsen, M., Livshits, B., Fanning, M.: Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 499\u2013509 (2013)","DOI":"10.1145\/2491411.2491417"},{"key":"469_CR71","doi-asserted-by":"crossref","unstructured":"Zitser, M., Lippmann, R., Leek, T.: Testing static analysis tools using exploitable buffer overflows from open source code. In: Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Engineering, pp. 97\u2013106 (2004)","DOI":"10.1145\/1029894.1029911"},{"key":"469_CR72","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1109\/TSE.1976.233837","volume":"4","author":"TJ McCabe","year":"1976","unstructured":"McCabe, T.J.: A complexity measure. IEEE Trans. Softw. Eng. 4, 308\u2013320 (1976)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"469_CR73","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: Sok: eternal war in memory. In: 2013 IEEE Symposium on Security and Privacy, pp. 48\u201362. IEEE (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"469_CR74","doi-asserted-by":"crossref","unstructured":"Manikandan, G., Abirami, S.: Feature selection is important: state-of-the-art methods and application domains of feature selection on high-dimensional data. In: Applications in Ubiquitous Computing, pp. 177\u2013196 (2021)","DOI":"10.1007\/978-3-030-35280-6_9"},{"key":"469_CR75","unstructured":"Biswas, P., Di Federico, A., Carr, S. A., Rajasekaran, P., Volckaert, S., Na, Y., Payer, M.: Venerable variadic vulnerabilities vanquished. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 186\u2013198 (2017)"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00469-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-023-00469-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00469-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,12]],"date-time":"2023-10-12T18:08:56Z","timestamp":1697134136000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-023-00469-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,17]]},"references-count":75,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,11]]}},"alternative-id":["469"],"URL":"https:\/\/doi.org\/10.1007\/s11416-023-00469-y","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,2,17]]},"assertion":[{"value":"4 October 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 January 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 February 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}