---
_id: '53958'
abstract:
- lang: eng
text: "To detect security vulnerabilities, static analysis tools need to be configured
with security-relevant methods. Current approaches can automatically identify
such methods using binary relevance machine learning approaches. However, they
ignore dependencies among security-relevant methods, over-generalize and perform
poorly in practice. Additionally, users have to nevertheless manually configure
static analysis tools using the detected methods. Based on feedback from users
and our observations, the excessive manual steps can often be tedious, error-prone
and counter-intuitive.\r\n In this paper, we present Dev-Assist, an IntelliJ IDEA
plugin that detects security-relevant methods using a multi-label machine learning
approach that considers dependencies among labels. The plugin can automatically
generate configurations for static analysis tools, run the static analysis, and
show the results in IntelliJ IDEA. Our experiments reveal that Dev-Assist's machine
learning approach has a higher F1-Measure than related approaches. Moreover, the
plugin reduces and simplifies the manual effort required when configuring and
using static analysis tools."
author:
- first_name: Oshando
full_name: Johnson, Oshando
id: '66583'
last_name: Johnson
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Ranjith
full_name: Krishnamurthy, Ranjith
id: '78060'
last_name: Krishnamurthy
orcid: 0000-0002-0906-5463
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Johnson O, Piskachev G, Krishnamurthy R, Bodden E. Detecting Security-Relevant
Methods using Multi-label Machine Learning. In: Proceedings of the 46th International
Conference on Software Engineering, IDE Workshop. ; 2024. doi:10.48550/ARXIV.2403.07501'
apa: Johnson, O., Piskachev, G., Krishnamurthy, R., & Bodden, E. (2024). Detecting
Security-Relevant Methods using Multi-label Machine Learning. Proceedings of
the 46th International Conference on Software Engineering, IDE Workshop. https://doi.org/10.48550/ARXIV.2403.07501
bibtex: '@inproceedings{Johnson_Piskachev_Krishnamurthy_Bodden_2024, title={Detecting
Security-Relevant Methods using Multi-label Machine Learning}, DOI={10.48550/ARXIV.2403.07501},
booktitle={Proceedings of the 46th International Conference on Software Engineering,
IDE Workshop}, author={Johnson, Oshando and Piskachev, Goran and Krishnamurthy,
Ranjith and Bodden, Eric}, year={2024} }'
chicago: Johnson, Oshando, Goran Piskachev, Ranjith Krishnamurthy, and Eric Bodden.
“Detecting Security-Relevant Methods Using Multi-Label Machine Learning.” In Proceedings
of the 46th International Conference on Software Engineering, IDE Workshop,
2024. https://doi.org/10.48550/ARXIV.2403.07501.
ieee: 'O. Johnson, G. Piskachev, R. Krishnamurthy, and E. Bodden, “Detecting Security-Relevant
Methods using Multi-label Machine Learning,” 2024, doi: 10.48550/ARXIV.2403.07501.'
mla: Johnson, Oshando, et al. “Detecting Security-Relevant Methods Using Multi-Label
Machine Learning.” Proceedings of the 46th International Conference on Software
Engineering, IDE Workshop, 2024, doi:10.48550/ARXIV.2403.07501.
short: 'O. Johnson, G. Piskachev, R. Krishnamurthy, E. Bodden, in: Proceedings of
the 46th International Conference on Software Engineering, IDE Workshop, 2024.'
date_created: 2024-05-06T11:43:19Z
date_updated: 2024-05-06T11:47:14Z
department:
- _id: '76'
- _id: '662'
doi: 10.48550/ARXIV.2403.07501
language:
- iso: eng
publication: Proceedings of the 46th International Conference on Software Engineering,
IDE Workshop
status: public
title: Detecting Security-Relevant Methods using Multi-label Machine Learning
type: conference
user_id: '15249'
year: '2024'
...