---
_id: '53958'
abstract:
- lang: eng
text: "To detect security vulnerabilities, static analysis tools need to be configured
with security-relevant methods. Current approaches can automatically identify
such methods using binary relevance machine learning approaches. However, they
ignore dependencies among security-relevant methods, over-generalize and perform
poorly in practice. Additionally, users have to nevertheless manually configure
static analysis tools using the detected methods. Based on feedback from users
and our observations, the excessive manual steps can often be tedious, error-prone
and counter-intuitive.\r\n In this paper, we present Dev-Assist, an IntelliJ IDEA
plugin that detects security-relevant methods using a multi-label machine learning
approach that considers dependencies among labels. The plugin can automatically
generate configurations for static analysis tools, run the static analysis, and
show the results in IntelliJ IDEA. Our experiments reveal that Dev-Assist's machine
learning approach has a higher F1-Measure than related approaches. Moreover, the
plugin reduces and simplifies the manual effort required when configuring and
using static analysis tools."
author:
- first_name: Oshando
full_name: Johnson, Oshando
id: '66583'
last_name: Johnson
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Ranjith
full_name: Krishnamurthy, Ranjith
id: '78060'
last_name: Krishnamurthy
orcid: 0000-0002-0906-5463
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Johnson O, Piskachev G, Krishnamurthy R, Bodden E. Detecting Security-Relevant
Methods using Multi-label Machine Learning. In: Proceedings of the 46th International
Conference on Software Engineering, IDE Workshop. ; 2024. doi:10.48550/ARXIV.2403.07501'
apa: Johnson, O., Piskachev, G., Krishnamurthy, R., & Bodden, E. (2024). Detecting
Security-Relevant Methods using Multi-label Machine Learning. Proceedings of
the 46th International Conference on Software Engineering, IDE Workshop. https://doi.org/10.48550/ARXIV.2403.07501
bibtex: '@inproceedings{Johnson_Piskachev_Krishnamurthy_Bodden_2024, title={Detecting
Security-Relevant Methods using Multi-label Machine Learning}, DOI={10.48550/ARXIV.2403.07501},
booktitle={Proceedings of the 46th International Conference on Software Engineering,
IDE Workshop}, author={Johnson, Oshando and Piskachev, Goran and Krishnamurthy,
Ranjith and Bodden, Eric}, year={2024} }'
chicago: Johnson, Oshando, Goran Piskachev, Ranjith Krishnamurthy, and Eric Bodden.
“Detecting Security-Relevant Methods Using Multi-Label Machine Learning.” In Proceedings
of the 46th International Conference on Software Engineering, IDE Workshop,
2024. https://doi.org/10.48550/ARXIV.2403.07501.
ieee: 'O. Johnson, G. Piskachev, R. Krishnamurthy, and E. Bodden, “Detecting Security-Relevant
Methods using Multi-label Machine Learning,” 2024, doi: 10.48550/ARXIV.2403.07501.'
mla: Johnson, Oshando, et al. “Detecting Security-Relevant Methods Using Multi-Label
Machine Learning.” Proceedings of the 46th International Conference on Software
Engineering, IDE Workshop, 2024, doi:10.48550/ARXIV.2403.07501.
short: 'O. Johnson, G. Piskachev, R. Krishnamurthy, E. Bodden, in: Proceedings of
the 46th International Conference on Software Engineering, IDE Workshop, 2024.'
date_created: 2024-05-06T11:43:19Z
date_updated: 2024-05-06T11:47:14Z
department:
- _id: '76'
- _id: '662'
doi: 10.48550/ARXIV.2403.07501
language:
- iso: eng
publication: Proceedings of the 46th International Conference on Software Engineering,
IDE Workshop
status: public
title: Detecting Security-Relevant Methods using Multi-label Machine Learning
type: conference
user_id: '15249'
year: '2024'
...
---
_id: '41812'
author:
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Ranjith
full_name: Krishnamurthy, Ranjith
id: '78060'
last_name: Krishnamurthy
orcid: 0000-0002-0906-5463
- first_name: Julian
full_name: Dolby, Julian
last_name: Dolby
- first_name: Martin
full_name: Schäf, Martin
last_name: Schäf
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Luo L, Piskachev G, Krishnamurthy R, Dolby J, Schäf M, Bodden E. Model Generation
For Java Frameworks. In: IEEE International Conference on Software Testing,
Verification and Validation (ICST). ; 2023.'
apa: Luo, L., Piskachev, G., Krishnamurthy, R., Dolby, J., Schäf, M., & Bodden,
E. (2023). Model Generation For Java Frameworks. IEEE International Conference
on Software Testing, Verification and Validation (ICST).
bibtex: '@inproceedings{Luo_Piskachev_Krishnamurthy_Dolby_Schäf_Bodden_2023, title={Model
Generation For Java Frameworks}, booktitle={IEEE International Conference on Software
Testing, Verification and Validation (ICST)}, author={Luo, Linghui and Piskachev,
Goran and Krishnamurthy, Ranjith and Dolby, Julian and Schäf, Martin and Bodden,
Eric}, year={2023} }'
chicago: Luo, Linghui, Goran Piskachev, Ranjith Krishnamurthy, Julian Dolby, Martin
Schäf, and Eric Bodden. “Model Generation For Java Frameworks.” In IEEE International
Conference on Software Testing, Verification and Validation (ICST), 2023.
ieee: L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, and E. Bodden,
“Model Generation For Java Frameworks,” 2023.
mla: Luo, Linghui, et al. “Model Generation For Java Frameworks.” IEEE International
Conference on Software Testing, Verification and Validation (ICST), 2023.
short: 'L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, E. Bodden, in:
IEEE International Conference on Software Testing, Verification and Validation
(ICST), 2023.'
date_created: 2023-02-06T10:37:23Z
date_updated: 2025-04-07T10:15:08Z
department:
- _id: '76'
- _id: '662'
language:
- iso: eng
publication: IEEE International Conference on Software Testing, Verification and Validation
(ICST)
status: public
title: Model Generation For Java Frameworks
type: conference
user_id: '15249'
year: '2023'
...
---
_id: '33838'
author:
- first_name: Ranjith
full_name: Krishnamurthy, Ranjith
id: '78060'
last_name: Krishnamurthy
orcid: 0000-0002-0906-5463
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Krishnamurthy R, Piskachev G, Bodden E. To what extent can we analyze Kotlin
programs using existing Java taint analysis tools? Published online 2022.
apa: Krishnamurthy, R., Piskachev, G., & Bodden, E. (2022). To what extent
can we analyze Kotlin programs using existing Java taint analysis tools?
bibtex: '@article{Krishnamurthy_Piskachev_Bodden_2022, series={IEEE International
Working Conference on Source Code Analysis and Manipulation (SCAM)}, title={To
what extent can we analyze Kotlin programs using existing Java taint analysis
tools?}, author={Krishnamurthy, Ranjith and Piskachev, Goran and Bodden, Eric},
year={2022}, collection={IEEE International Working Conference on Source Code
Analysis and Manipulation (SCAM)} }'
chicago: Krishnamurthy, Ranjith, Goran Piskachev, and Eric Bodden. “To What Extent
Can We Analyze Kotlin Programs Using Existing Java Taint Analysis Tools?” IEEE
International Working Conference on Source Code Analysis and Manipulation (SCAM),
2022.
ieee: R. Krishnamurthy, G. Piskachev, and E. Bodden, “To what extent can we analyze
Kotlin programs using existing Java taint analysis tools?” 2022.
mla: Krishnamurthy, Ranjith, et al. To What Extent Can We Analyze Kotlin Programs
Using Existing Java Taint Analysis Tools? 2022.
short: R. Krishnamurthy, G. Piskachev, E. Bodden, (2022).
date_created: 2022-10-20T12:38:09Z
date_updated: 2022-10-20T12:38:32Z
department:
- _id: '76'
- _id: '662'
language:
- iso: eng
series_title: IEEE International Working Conference on Source Code Analysis and Manipulation
(SCAM)
status: public
title: To what extent can we analyze Kotlin programs using existing Java taint analysis
tools?
type: conference
user_id: '15249'
year: '2022'
...