Correlating Propensity Between Code Smells and Vulnerabilities in Java Applications
Keywords:
Code smell, Vulnerability, software metrics, machine learning, K means clustering, data miningAbstract
The ever-advancing world in terms of technology from web 1.0 to web 3.0, the need for designing and developing software applications has increased many folds. The digitalization of everything at a quick pace from including banking applications, mobile gaming etc. has led to the negligence of the part of the software developers which has led to increment in maintainability as well as security issue of the application, namely, code smells and vulnerability respectively. Code smells are the niggardly practices followed while developing a software by the developers or the software engineers, thwacking the rudimentary delineation principles and cynically thwacking delineation idiosyncrasy. Vulnerability is the snag, glitch or blemishes existing in software or operating system allowing the attackers to derelict the security measures. The paper focusses on finding the relationship between the code smells and vulnerability detected using an Eclipse plugin, PMD and correlating them using software metrics and rule-based machine learning approach.
References
Fontana, F. A., Zanoni, M., Marino, A., & Mäntylä, M. V, “Code smell detection: Towards a machine learning-based approach”, IEEE international conference on software maintenance, pp. 396-399, 2013.
Alhazmi, O., Malaiya, Y., & Ray, I, “Security vulnerabilities in software systems: A quantitative perspective”, In IFIP Annual Conference on Data and Applications Security and Privacy, pp. 281-294, 2005.
KS, V. K, “A method for predicting software reliability using object oriented design metrics”, “International Conference on Intelligent Computing and Control Systems (ICCS), pp. 679-682, 2019.
Elia, I. A., Antunes, N., Laranjeiro, N., & Vieira, M, “An analysis of openstack vulnerabilities”, “13th European Dependable Computing Conference (EDCC)”, pp. 129-134, 2017.
Reutemann, G. H. B. P. P., Hall, I. H. W. M., Frank, E., & Witten, I. H, “The weka data mining software: An update”, SIGKDD Explorations, Vol. 11, Issue. 1, pp. 10-18, 2009.
Kirkby, R., & Frank, E, “WEKA Explorer User Guide for Version 3-4”, University of Weikato, pp.3-4, 2002.
Di Nucci, D., Palomba, F., Tamburri, D. A., Serebrenik, A., & De Lucia, A, “Detecting code smells using machine learning techniques: are we there yet?”, Ieee 25th international conference on software analysis, evolution and reengineering (saner), pp. 612-621, 2018.
Kim, D.K., “Finding bad code smells with neural network models” International Journal of Electrical and Computer Engineering, Vol. 7, Issue. 6, p.3613, 2017.
Pessoa, T., Monteiro, M.P. and Bryton, S, “ An eclipse plugin to support code smells detection” arXiv preprint arXiv:1204.6492, 2012.
Sharma, S., & Rathore, M, “Comparison Study of Classification Techniques for Predicting Performance of Students Using Weka Environment”, “Rising Threats in Expert Applications and Solutions, (pp. 673-681), 2022.
Rezaei, E., Ghoreyshi, K., Dimitrov, Y., Sadique, K. M., & Campos, J, “Data Mining with WEKA”, 2021.
Medeiros, N., Ivaki, N., Costa, P., & Vieira, M, “Vulnerable code detection using software metrics and machine learning”, IEEE Access, 8, 2020.
Pereira dos Reis, J., Brito e Abreu, F., de Figueiredo Carneiro, G., & Anslow, C, “Code smells detection and visualization: a systematic literature review”, Archives of Computational Methods in Engineering, Vol. 29, Issue.1, pp. 47-94, 2022.
Rattan, D., Bhatia, R., & Singh, M, “Software clone detection: A systematic review”, Information and Software Technology, Vol. 55, Issue.7, pp. 1165-1199, 2013.
Kaur, A, “A systematic literature review on empirical analysis of the relationship between code smells and software quality attributes”, Archives of Computational Methods in Engineering, Vol. 27, Issue. 4, pp. 1267-1296, 2020.
Santos, J. A. M., Rocha-Junior, J. B., Prates, L. C. L., do Nascimento, R. S., Freitas, M. F., & de Mendonça, M. G, “A systematic review on the code smell effect”, Journal of Systems and Software, Vol.144, pp. 450-477, 2018.
Elkhail, A. A., & Cerny, T, “On relating code smells to security vulnerabilities”, IEEE 5th intl conference on big data security on cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE intl conference on intelligent data and security (IDS) pp. 7-12, 2019.
Aggarwal, K. K., Singh, Y., Kaur, A., & Malhotra, R, “Software Design Metrics for Object-Oriented Software, J. Object Technol., Vol.6, Issue.1, pp. 121-138, 2007.
Dewangan, S., Rao, R.S., Mishra, A. and Gupta, M., 2022. Code Smell Detection Using Ensemble Machine Learning Algorithms. Applied Sciences, 12(20), p.10321 2022.
Sehgal, R., Mehrotra, D. and Nagpal, R, “Is refactoring a solution to resolve code smell?”, International Journal of System of Systems Engineering, Vol.12, Issue.4, pp.371-385. 2022.
Madeyski, L. and Lewowski, T., “Detecting code smells using industry-relevant data”, Information and Software Technology, p.107112. 2023.
S. D. Raut and S. A. Thorat, "Deep Learning Techniques: A Review," International Journal of Scientific Research in Computer Science and Engineering, vol.8, Issue.1, pp. 105-109, 2020.
Anoushka, Shivani Dubey, Vikas Singhal, "Student Grade Prediction by using Machine Learning Methods and Data Analytics Techniques," International Journal of Scientific Research in Computer Science and Engineering, vol.10, no. 6, pp. 22-29, 2022.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
