{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T23:10:43Z","timestamp":1740179443118,"version":"3.37.3"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2024,6,5]],"date-time":"2024-06-05T00:00:00Z","timestamp":1717545600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,6,5]],"date-time":"2024-06-05T00:00:00Z","timestamp":1717545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Iran J Comput Sci"],"published-print":{"date-parts":[[2024,12]]},"DOI":"10.1007\/s42044-024-00195-8","type":"journal-article","created":{"date-parts":[[2024,6,5]],"date-time":"2024-06-05T08:02:35Z","timestamp":1717574555000},"page":"801-812","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Predicting software vulnerability based on software metrics: a deep learning approach"],"prefix":"10.1007","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0569-2985","authenticated-orcid":false,"given":"Francis Kwadzo","family":"Agbenyegah","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Micheal","family":"Asante","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3124-5452","authenticated-orcid":false,"given":"Jinfu","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2540-3861","authenticated-orcid":false,"given":"Ernest","family":"Akpaku","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,6,5]]},"reference":[{"key":"195_CR1","first-page":"1","volume":"2022","author":"X Yuan","year":"2022","unstructured":"Yuan, X., Lin, G., Tai, Y., Zhang, J.: Deep neural embedding for software vulnerability discovery: comparison and optimization. Secur. Commu. Netw. 2022, 1\u201312 (2022)","journal-title":"Secur. Commu. Netw."},{"issue":"3","key":"195_CR2","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1016\/j.dcan.2020.07.003","volume":"6","author":"M Wang","year":"2020","unstructured":"Wang, M., Zhu, T., Zhang, T., Zhang, J., Yu, S., Zhou, W.: Security and privacy in 6g networks: new areas and new challenges. Digit. Commun. Netw. 6(3), 281\u2013291 (2020)","journal-title":"Digit. Commun. Netw."},{"issue":"7","key":"195_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3465171","volume":"54","author":"Y Miao","year":"2022","unstructured":"Miao, Y., Chen, C., Pan, L., Han, Q.-L., Zhang, J., Xiang, Y.: Machine learning based cyber attack targeting on controlled information. ACM Comput. Surv. 54(7), 1\u201336 (2022)","journal-title":"ACM Comput. Surv."},{"key":"195_CR4","doi-asserted-by":"publisher","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","volume":"15","author":"X Chen","year":"2019","unstructured":"Chen, X., Li, C., Wang, D., et al.: Android HIV: a case study of repackaging malware for evading machine learning detection. IEEE Trans. Inf. Forensics Secur. 15, 987\u20131001 (2019)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"195_CR5","doi-asserted-by":"publisher","unstructured":"Li, X., et al.: A mining approach to obtain the software vulnerability characteristics. In: Proceedings of Fifth International Conference on Advanced Cloud and Big Data, CBD 2017, vol. 1, pp. 296\u2013301 (2017). https:\/\/doi.org\/10.1109\/CBD.2017.58","DOI":"10.1109\/CBD.2017.58"},{"issue":"2","key":"195_CR6","doi-asserted-by":"publisher","first-page":"1397","DOI":"10.1109\/COMST.2018.2800740","volume":"20","author":"L Liu","year":"2018","unstructured":"Liu, L., De Vel, O., Han, Q.-L., Zhang, J., Xiang, Y.: Detecting and preventing cyber insider threats: a survey. IEEE Commun. Surv. Tutor. 20(2), 1397\u20131417 (2018)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"195_CR7","unstructured":"De Vel, O., et al.: Deep Learning for Cyber Vulnerability Discovery\u202f: NGTF Project Scoping Study, no. Dl (2021)"},{"key":"195_CR8","doi-asserted-by":"crossref","unstructured":"Votipka, D., Stevens, R., Redmiles, E., Hu, J., Mazurek, M.: Hackers vs. testers: a comparison of software vulnerability discovery processes. In: Proceedings of 2018 IEEE Symposium on Security and Privacy, pp. 374\u2013391 (2018)","DOI":"10.1109\/SP.2018.00003"},{"key":"195_CR9","unstructured":"O\u2019Driscoll, A.: Cybersecurity vulnerability statistics and facts of 2023. Comparitech https:\/\/www.comparitech.com\/blog\/information-security\/cybersecurity-vulnerability-statistics\/ (2023). Accessed 13 Sept 2023"},{"key":"195_CR10","unstructured":"Forrester, R.: Number of common IT security vulnerabilities and exposures (CVEs) worldwide from 2009 to 2017. Statista\u2014The Statistics Portal. https:\/\/www.statista.com\/statistics\/500755\/worldwide-common-vulnerabilities-and-exposures\/ (2022). Accessed 13 Sept 2023"},{"key":"195_CR11","unstructured":"Keary, E.: Cyber vulnerability statistics\u20142021 in review. Forbes. https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2022\/03\/14\/cyber-vulnerability-statistics---2021-in-review\/?sh=593264694ef9 (2022). Accessed 13 Sept 2023"},{"key":"195_CR12","unstructured":"Targett, E.: We analysed 90,000+ software vulnerabilities: Here\u2019s what we learned. The Stack. https:\/\/www.thestack.technology\/analysis-of-cves-in-2022-software-vulnerabilities-cwes-most-dangerous\/ (2023). Accessed 13 Sept 2023"},{"key":"195_CR13","doi-asserted-by":"publisher","first-page":"615","DOI":"10.1007\/s11416-023-00469-y","volume":"19","author":"P Pakshad","year":"2023","unstructured":"Pakshad, P., Shameli-Sendi, A., Khalaji Emamzadeh Abbasi, B.: A security vulnerability predictor based on source code metrics. J. Comput. Virol. Hacking Tech. 19, 615\u2013633 (2023). https:\/\/doi.org\/10.1007\/s11416-023-00469-y","journal-title":"J. Comput. Virol. Hacking Tech."},{"issue":"8","key":"195_CR14","doi-asserted-by":"publisher","first-page":"544","DOI":"10.1109\/TSE.2007.70712","volume":"33","author":"R Telang","year":"2007","unstructured":"Telang, R., Wattal, S.: An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Trans. Softw. Eng. 33(8), 544\u2013557 (2007). https:\/\/doi.org\/10.1109\/TSE.2007.70712","journal-title":"IEEE Trans. Softw. Eng."},{"key":"195_CR15","doi-asserted-by":"publisher","unstructured":"Liu, P., Su, J., Yang, X.: Research on software security vulnerability detection technology. In: Proc. 2011 Int. Conf. Comput. Sci. Netw. Technol. ICCSNT 2011, vol. 3, pp. 1873\u20131876 (2011). https:\/\/doi.org\/10.1109\/ICCSNT.2011.6182335","DOI":"10.1109\/ICCSNT.2011.6182335"},{"key":"195_CR16","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1016\/j.infsof.2019.08.005","volume":"115","author":"MAS Bigonha","year":"2019","unstructured":"Bigonha, M.A.S., Ferreira, K., Souza, P., Sousa, B., Janu\u00e1rio, M., Lima, D.: The usefulness of software metric thresholds for detection of bad smells and fault prediction. Inf. Softw. Technol. 115, 79\u201392 (2019). https:\/\/doi.org\/10.1016\/j.infsof.2019.08.005","journal-title":"Inf. Softw. Technol."},{"key":"195_CR17","doi-asserted-by":"publisher","unstructured":"Walden, J., Stuckman, J., Scandariato, R.: Predicting vulnerable components: software metrics vs text mining. In: Proc.\u2014Int. Symp. Softw. Reliab. Eng. ISSRE, pp. 23\u201333 (2014). https:\/\/doi.org\/10.1109\/ISSRE.2014.32","DOI":"10.1109\/ISSRE.2014.32"},{"key":"195_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1002\/smr.2303","volume":"33","author":"KZ Sultana","year":"2020","unstructured":"Sultana, K.Z., Anu, V.: Using software metrics for predicting vulnerable classes and methods in Java projects: a machine learning approach. J. Softw. Evol. Process 33, 1\u201320 (2020). https:\/\/doi.org\/10.1002\/smr.2303","journal-title":"J. Softw. Evol. Process"},{"key":"195_CR19","doi-asserted-by":"publisher","unstructured":"Tang, Y.: Predicting vulnerable components via text mining or software metrics\u202f? An effort-aware perspective, pp. 27\u201336 (2015). https:\/\/doi.org\/10.1109\/QRS.2015.15.","DOI":"10.1109\/QRS.2015.15"},{"key":"195_CR20","doi-asserted-by":"publisher","unstructured":"Chong, T., Anu, V., Sultana, K.Z.: Using software metrics for predicting vulnerable code-components\u202f: a study on Java and Python open source projects, pp. 98\u2013103 (2019). https:\/\/doi.org\/10.1109\/CSE\/EUC.2019.00028","DOI":"10.1109\/CSE\/EUC.2019.00028"},{"key":"195_CR21","doi-asserted-by":"publisher","unstructured":"Siavvas, M., Kehagias, D., Tzovaras, D.: A preliminary study on the relationship among software metrics and specific vulnerability types, pp. 916\u2013921 (2017). https:\/\/doi.org\/10.1109\/CSCI.2017.159","DOI":"10.1109\/CSCI.2017.159"},{"issue":"4","key":"195_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TDSC.2021.3051525","volume":"5971","author":"Z Li","year":"2021","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Secure Comput. 5971(4), 1\u201316 (2021). https:\/\/doi.org\/10.1109\/TDSC.2021.3051525","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"195_CR23","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10197-4","author":"A Garg","year":"2022","unstructured":"Garg, A., Degiovanni, R., Jimenez, M., Cordy, M., Papadakis, M., Le Traon, Y.: Learning from what we know: how to perform vulnerability prediction using noisy historical data. Empir. Softw. Eng. (2022). https:\/\/doi.org\/10.1007\/s10664-022-10197-4","journal-title":"Empir. Softw. Eng."},{"key":"195_CR24","doi-asserted-by":"publisher","unstructured":"Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection (2018). https:\/\/doi.org\/10.14722\/ndss.2018.23158","DOI":"10.14722\/ndss.2018.23158"},{"issue":"5","key":"195_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/e24050651","volume":"24","author":"I Kalouptsoglou","year":"2022","unstructured":"Kalouptsoglou, I., Siavvas, M., Kehagias, D., Chatzigeorgiou, A., Ampatzoglou, A.: Examining the capacity of text mining and software metrics in vulnerability prediction. Entropy 24(5), 1\u201323 (2022). https:\/\/doi.org\/10.3390\/e24050651","journal-title":"Entropy"},{"key":"195_CR26","doi-asserted-by":"publisher","unstructured":"Ferenc, R., Hegedus, P., Gyimesi, P., Antal, G., Ban, D., Gyimothy, T.: Challenging machine learning algorithms in predicting vulnerable javascript functions. In: Proc.\u20142019 IEEE\/ACM 7th Int. Work. Realise. Artif. Intell. Synergy. Softw. Eng. RAISE 2019, pp. 8\u201314 (2019). https:\/\/doi.org\/10.1109\/RAISE.2019.00010","DOI":"10.1109\/RAISE.2019.00010"},{"key":"195_CR27","doi-asserted-by":"publisher","unstructured":"Cheng, X., Zhang, G., Wang, H., Sui, Y.: Path-sensitive code embedding via contrastive learning for software vulnerability detection. In: ISSTA 2022 - Proc. 31st ACM SIGSOFT Int. Symp. Softw. Test. Anal., pp. 519\u2013531 (2022). https:\/\/doi.org\/10.1145\/3533767.3534371","DOI":"10.1145\/3533767.3534371"},{"key":"195_CR28","doi-asserted-by":"publisher","unstructured":"Fu, M: Toward more effective deep learning-based automated software vulnerability prediction, classification, and repair. In: 2023 IEEE\/ACM 45th Int. Conf. Softw. Eng. Companion Proc., pp. 208\u2013212 (2023). https:\/\/doi.org\/10.1109\/ICSE-Companion58688.2023.00057","DOI":"10.1109\/ICSE-Companion58688.2023.00057"},{"key":"195_CR29","doi-asserted-by":"publisher","unstructured":"Hin, D., Kan, A., Chen, H., Babar, M.A.: LineVD: statement-level vulnerability detection using graph neural networks. In: Proc.\u20142022 Min. Softw. Repos. Conf. MSR 2022, pp. 596\u2013607 (2022). https:\/\/doi.org\/10.1145\/3524842.3527949","DOI":"10.1145\/3524842.3527949"},{"issue":"3","key":"195_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3498537","volume":"31","author":"H Guo","year":"2022","unstructured":"Guo, H., Chen, S., Xing, Z., Li, X., Bai, Y., Sun, J.: Detecting and augmenting missing key aspects in vulnerability descriptions. ACM Trans. Softw. Eng. Methodol. 31(3), 1\u201327 (2022). https:\/\/doi.org\/10.1145\/3498537","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"issue":"10","key":"195_CR31","doi-asserted-by":"publisher","first-page":"231","DOI":"10.14257\/ijsia.2015.9.10.21","volume":"9","author":"M Alenezi","year":"2015","unstructured":"Alenezi, M., Abunadi, I.: Evaluating software metrics as predictors of software vulnerabilities. Int. J. Secur. Its Appl. 9(10), 231\u2013240 (2015). https:\/\/doi.org\/10.14257\/ijsia.2015.9.10.21","journal-title":"Int. J. Secur. Its Appl."},{"key":"195_CR32","doi-asserted-by":"publisher","first-page":"111283","DOI":"10.1016\/j.jss.2022.111283","volume":"188","author":"F Lomio","year":"2022","unstructured":"Lomio, F., Iannone, E., De Lucia, A., Palomba, F., Lenarduzzi, V.: Just-in-time software vulnerability detection: are we there yet? J. Syst. Softw. 188, 111283 (2022). https:\/\/doi.org\/10.1016\/j.jss.2022.111283","journal-title":"J. Syst. Softw."},{"key":"195_CR33","doi-asserted-by":"publisher","unstructured":"Katsadouros, E., Patrikakis, C.: A survey on vulnerability prediction using GNNs. In: ACM Int. Conf. Proceeding Ser., pp. 38\u201343 (2022). https:\/\/doi.org\/10.1145\/3575879.3575964","DOI":"10.1145\/3575879.3575964"},{"key":"195_CR34","unstructured":"Shea, K.O., Nash, R.: An Introduction to Convolutional Neural Networks, pp. 1\u201311 (2015)"},{"key":"195_CR35","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2021","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Secur. Comput. 19, 2244\u20132258 (2021). https:\/\/doi.org\/10.1109\/TDSC.2021.3051525","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"195_CR36","doi-asserted-by":"crossref","unstructured":"Perl, H., Smith, M., Arp, D., Yamaguchi, F., Rieck, K., Fahl, S.: VCCFinder: finding potential vulnerabilities in open-source projects to assist code audits categories and subject descriptors. In: Ccs, pp. 426\u2013437 (2015)","DOI":"10.1145\/2810103.2813604"},{"key":"195_CR37","doi-asserted-by":"publisher","first-page":"74562","DOI":"10.1109\/ACCESS.2020.2988557","volume":"8","author":"M Zagane","year":"2020","unstructured":"Zagane, M., Abdi, M.K., Alenezi, M.: Deep learning for software vulnerabilities detection using code metrics. IEEE Access 8, 74562\u201374570 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2988557","journal-title":"IEEE Access"},{"key":"195_CR38","doi-asserted-by":"publisher","first-page":"2821","DOI":"10.1109\/TDSC.2021.3076142","volume":"19","author":"Z Li","year":"2021","unstructured":"Li, Z., Zou, D., Xu, S., Chen, Z., Zhu, Y., Jin, H.: VulDeeLocator: a deep learning-based fine-grained vulnerability detector. IEEE Trans. Dependable Secur. Comput. 19, 2821\u20132837 (2021). https:\/\/doi.org\/10.1109\/TDSC.2021.3076142","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"2","key":"195_CR39","doi-asserted-by":"publisher","first-page":"1131","DOI":"10.1007\/s00500-021-05994-w","volume":"27","author":"J Guo","year":"2023","unstructured":"Guo, J., Wang, Z., Li, H., Xue, Y.: Detecting vulnerability in source code using CNN and LSTM network. Soft. Comput. 27(2), 1131\u20131141 (2023). https:\/\/doi.org\/10.1007\/s00500-021-05994-w","journal-title":"Soft. Comput."}],"container-title":["Iran Journal of Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42044-024-00195-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42044-024-00195-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42044-024-00195-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T11:49:18Z","timestamp":1732016958000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42044-024-00195-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,5]]},"references-count":39,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2024,12]]}},"alternative-id":["195"],"URL":"https:\/\/doi.org\/10.1007\/s42044-024-00195-8","relation":{},"ISSN":["2520-8438","2520-8446"],"issn-type":[{"type":"print","value":"2520-8438"},{"type":"electronic","value":"2520-8446"}],"subject":[],"published":{"date-parts":[[2024,6,5]]},"assertion":[{"value":"8 March 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 May 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 June 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}