Automating Static Analysis Alert Handling with Machine Learning

Abstract

Contents include: Overview; Background: Automatic Alert Classification; Solution: Lexicon And Rules; Lexicon: Audit Determinations; Audit Rules; Machine Learning with Static Analysis Audit Archives; Data Used for Classifiers; CERT-Audited Archives Characterization; Archive sanitizer: enabled collaborator data use; Classifier Result Highlights: Data All Sources; Rapid Expansion of Alert Classification; Overview: Method, Approach, Validity; Make Mappings Precise; Test Suite Cross-Taxonomy Use; Analysis of Juliet Test Suite: Initial CWE Results; Juliet Test Suite Classifiers: Initial Results (Hold-out Data).

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2018
Accession Number
AD1083619

Entities

People

  • Lori A. Flynn

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Accuracy
  • Analyzers
  • Artificial Intelligence
  • Auditing
  • Automatic
  • Classification
  • Department Of Defense
  • Engineering
  • Language
  • Learning
  • Line Defects
  • Machine Learning
  • Materials
  • Metadata
  • Precision
  • Search And Rescue
  • Security
  • Software Development
  • Taxonomy
  • Technical Debt
  • Test Sets
  • Training
  • Universities

Fields of Study

  • Computer science

Readers

  • Neural Network Machine Learning.
  • Software Engineering.

Technology Areas

  • AI & ML
  • AI & ML - Machine Translation
  • AI & ML - Neural Networks