{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T11:32:55Z","timestamp":1742988775891,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031105418"},{"type":"electronic","value":"9783031105425"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-10542-5_7","type":"book-chapter","created":{"date-parts":[[2022,7,22]],"date-time":"2022-07-22T06:03:02Z","timestamp":1658469782000},"page":"92-105","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Comparing ML-Based Predictions and\u00a0Static Analyzer Tools for\u00a0Vulnerability Detection"],"prefix":"10.1007","author":[{"given":"Norbert","family":"V\u00e1ndor","sequence":"first","affiliation":[]},{"given":"Bal\u00e1zs","family":"Mosolyg\u00f3","sequence":"additional","affiliation":[]},{"given":"P\u00e9ter","family":"Hegel\u0171s","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,7,23]]},"reference":[{"key":"7_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2017\/6158107","volume":"2017","author":"M Alsaleh","year":"2017","unstructured":"Alsaleh, M., Alomar, N., Alshreef, M., Alarifi, A., Al-Salman, A.: Performance-based comparative assessment of open source web vulnerability scanners. Sec. Commun. Netw. 2017, 1\u201314 (2017)","journal-title":"Sec. Commun. Netw."},{"key":"7_CR2","doi-asserted-by":"publisher","unstructured":"Antunes, N., Vieira, M.: Comparing the effectiveness of penetration testing and static code analysis on the detection of sql injection vulnerabilities in web services. In: 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing, pp. 301\u2013306 (2009). https:\/\/doi.org\/10.1109\/PRDC.2009.54","DOI":"10.1109\/PRDC.2009.54"},{"key":"7_CR3","doi-asserted-by":"publisher","unstructured":"Antunes, N., Vieira, M.: Benchmarking vulnerability detection tools for web services. In: 2010 IEEE International Conference on Web Services, pp. 203\u2013210 (2010). https:\/\/doi.org\/10.1109\/ICWS.2010.76","DOI":"10.1109\/ICWS.2010.76"},{"issue":"2","key":"7_CR4","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1109\/TSC.2014.2310221","volume":"8","author":"N Antunes","year":"2015","unstructured":"Antunes, N., Vieira, M.: Assessing and comparing vulnerability detection tools for web services: benchmarking approach and examples. IEEE Trans. Serv. Comput. 8(2), 269\u2013283 (2015). https:\/\/doi.org\/10.1109\/TSC.2014.2310221","journal-title":"IEEE Trans. Serv. Comput."},{"key":"7_CR5","doi-asserted-by":"publisher","unstructured":"Austin, A., Williams, L.: One technique is not enough: a comparison of vulnerability discovery techniques. In: 2011 International Symposium on Empirical Software Engineering and Measurement, pp. 97\u2013106 (2011). https:\/\/doi.org\/10.1109\/ESEM.2011.18","DOI":"10.1109\/ESEM.2011.18"},{"issue":"5","key":"7_CR6","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MS.2008.130","volume":"25","author":"N Ayewah","year":"2008","unstructured":"Ayewah, N., Pugh, W., Hovemeyer, D., Morgenthaler, J.D., Penix, J.: Using static analysis to find bugs. IEEE Softw. 25(5), 22\u201329 (2008). https:\/\/doi.org\/10.1109\/MS.2008.130","journal-title":"IEEE Softw."},{"key":"7_CR7","unstructured":"Burato, E., Ferrara, P., Spoto, F.: Security analysis of the OWASP benchmark with julia. In: Proceedings of ITASEC 2017 (2017)"},{"key":"7_CR8","doi-asserted-by":"publisher","unstructured":"Dallmeier, V., Zimmermann, T.: Extraction of bug localization benchmarks from history. In: Proceedings of the Twenty-Second IEEE\/ACM International Conference on Automated Software Engineering, ASE 2007, pp. 433\u2013436. Association for Computing Machinery, New York (2007). https:\/\/doi.org\/10.1145\/1321631.1321702, https:\/\/doi.org\/10.1145\/1321631.1321702","DOI":"10.1145\/1321631.1321702"},{"key":"7_CR9","doi-asserted-by":"publisher","unstructured":"El, M., McMahon, E., Samtani, S., Patton, M., Chen, H.: Benchmarking vulnerability scanners: an experiment on scada devices and scientific instruments. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 83\u201388 (2017). https:\/\/doi.org\/10.1109\/ISI.2017.8004879","DOI":"10.1109\/ISI.2017.8004879"},{"key":"7_CR10","doi-asserted-by":"publisher","unstructured":"Fonseca, J., Vieira, M., Madeira, H.: Testing and comparing web vulnerability scanning tools for sql injection and xss attacks. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), pp. 365\u2013372 (2007). https:\/\/doi.org\/10.1109\/PRDC.2007.55","DOI":"10.1109\/PRDC.2007.55"},{"issue":"4","key":"7_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3092566","volume":"50","author":"SM Ghaffarian","year":"2017","unstructured":"Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. (CSUR) 50(4), 1\u201336 (2017)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"7_CR12","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.infsof.2015.08.002","volume":"68","author":"K Goseva-Popstojanova","year":"2015","unstructured":"Goseva-Popstojanova, K., Perhinschi, A.: On the capability of static code analysis to detect security vulnerabilities. Inf. Softw. Technol. 68, 18\u201333 (2015)","journal-title":"Inf. Softw. Technol."},{"issue":"21","key":"7_CR13","first-page":"11068","volume":"12","author":"S Idrissi","year":"2017","unstructured":"Idrissi, S., Berbiche, N., Guerouate, F., Shibi, M.: Performance evaluation of web application security scanners for prevention and protection against vulnerabilities. Int. J. Appl. Eng. Res. 12(21), 11068\u201311076 (2017)","journal-title":"Int. J. Appl. Eng. Res."},{"issue":"6","key":"7_CR14","first-page":"660","volume":"6","author":"C Joshi","year":"2016","unstructured":"Joshi, C., Singh, U.K.: Performance evaluation of web application security scanners for more effective defense. Int. J. Sci. Res. Publi. (IJSRP) 6(6), 660\u2013667 (2016)","journal-title":"Int. J. Sci. Res. Publi. (IJSRP)"},{"key":"7_CR15","unstructured":"Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in java applications with static analysis. In: USENIX security symposium, vol. 14, pp. 18\u201318 (2005)"},{"key":"7_CR16","doi-asserted-by":"publisher","unstructured":"M. Parizi, R., Qian, K., Shahriar, H., Wu, F., Tao, L.: Benchmark requirements for assessing software security vulnerability testing tools. In: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), vol. 01, pp. 825\u2013826 (2018). https:\/\/doi.org\/10.1109\/COMPSAC.2018.00139","DOI":"10.1109\/COMPSAC.2018.00139"},{"key":"7_CR17","doi-asserted-by":"publisher","unstructured":"Mburano, B., Si, W.: Evaluation of web vulnerability scanners based on owasp benchmark. In: 2018 26th International Conference on Systems Engineering (ICSEng), pp. 1\u20136 (2018). https:\/\/doi.org\/10.1109\/ICSENG.2018.8638176","DOI":"10.1109\/ICSENG.2018.8638176"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Mosolyg\u00f3, B., V\u00e1ndor, N., Antal, G., Heged\u0171s, P., Ferenc, R.: Towards a prototype based explainable javascript vulnerability prediction model. In: 1st International Conference on Code Quality, ICCQ 2021, pp. 15\u201325 (2021)","DOI":"10.1109\/ICCQ51190.2021.9392984"},{"key":"7_CR19","doi-asserted-by":"publisher","unstructured":"Pashchenko, I., Dashevskyi, S., Massacci, F.: Delta-bench: Differential benchmark for static analysis security testing tools. In: 2017 ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pp. 163\u2013168 (2017). https:\/\/doi.org\/10.1109\/ESEM.2017.24","DOI":"10.1109\/ESEM.2017.24"},{"issue":"2","key":"7_CR20","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1147\/sj.462.0265","volume":"46","author":"M Pistoia","year":"2007","unstructured":"Pistoia, M., Chandra, S., Fink, S.J., Yahav, E.: A survey of static analysis methods for identifying security vulnerabilities in software systems. IBM Syst. J. 46(2), 265\u2013288 (2007). https:\/\/doi.org\/10.1147\/sj.462.0265","journal-title":"IBM Syst. J."},{"key":"7_CR21","doi-asserted-by":"publisher","unstructured":"Shi, H.z., Chen, B., Yu, L.: Analysis of web security comprehensive evaluation tools. In: 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing. vol. 1, pp, 285\u2013289 (2010). https:\/\/doi.org\/10.1109\/NSWCTC.2010.72","DOI":"10.1109\/NSWCTC.2010.72"},{"key":"7_CR22","unstructured":"Suteva, N., Zlatkovski, D., Mileva, A.: Evaluation and testing of several free\/open source web vulnerability scanners (2013)"}],"container-title":["Lecture Notes in Computer Science","Computational Science and Its Applications \u2013 ICCSA 2022 Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-10542-5_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,22]],"date-time":"2022-07-22T06:04:50Z","timestamp":1658469890000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-10542-5_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031105418","9783031105425"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-10542-5_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"23 July 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICCSA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Computational Science and Its Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Malaga","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 July 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 July 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iccsa2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iccsa.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"CyberChair 4","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"279","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"57","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.6","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8.7","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"285 Workshop submission accepted out of 815 submissions","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}