{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T16:05:36Z","timestamp":1758816336343,"version":"3.37.3"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2023,4,15]],"date-time":"2023-04-15T00:00:00Z","timestamp":1681516800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,4,15]],"date-time":"2023-04-15T00:00:00Z","timestamp":1681516800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"abstract":"Abstract<\/jats:title>Software security vulnerabilities are significant for the software development industry. Exploration is conducted for software development industry landscape, software development eco-system landscape, and software system customer landscape. The focus is to explore the data sources that can provide the software development team with insights to act upon the security vulnerabilities proactively. Across these modules of software landscape, customer landscape, and industry landscape, data sources are leveraged using artificial intelligence approaches to identify the security insights. The focus is also on building a smart knowledge management system that integrates the information processed across modules into a central system. This central intelligence system can be further leveraged to manage software development activities proactively. In this exploration, machine learning and deep learning approaches are devised to model the data and learn from across the modules. Architecture for all the modules and their integration is also proposed. Work helps to envision a smart system for Artificial Intelligence-based knowledge management for managing software security vulnerabilities.<\/jats:p>","DOI":"10.1007\/s42979-023-01785-2","type":"journal-article","created":{"date-parts":[[2023,4,15]],"date-time":"2023-04-15T13:03:03Z","timestamp":1681563783000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Design and Development of Artificial Intelligence Knowledge Processing System for Optimizing Security of Software System"],"prefix":"10.1007","volume":"4","author":[{"given":"Raghavendra Rao","family":"Althar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Debabrata","family":"Samanta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sathvik","family":"Purushotham","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2171-9332","authenticated-orcid":false,"given":"Sandeep Singh","family":"Sengar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chaminda","family":"Hewage","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,4,15]]},"reference":[{"key":"1785_CR1","doi-asserted-by":"crossref","unstructured":"Rao Althar R, Samanta D, Konar D, Bhattacharyya S. Software source code: statistical modeling. De Gruyter; 2021.","DOI":"10.1515\/9783110703399"},{"issue":"1","key":"1785_CR2","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s11334-020-00383-2","volume":"17","author":"RR Althar","year":"2021","unstructured":"Althar RR, Samanta D. The realist approach for evaluation of computational intelligence in software engineering. Innov Syst Softw Eng. 2021;17(1):17\u201327.","journal-title":"Innov Syst Softw Eng"},{"issue":"2","key":"1785_CR3","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/s41019-016-0019-8","volume":"2","author":"L Ben Othmane","year":"2017","unstructured":"Ben Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker AD. Time for addressing software security issues: prediction models and impacting factors. Data Sci Eng. 2017;2(2):107\u201324.","journal-title":"Data Sci Eng"},{"key":"1785_CR4","doi-asserted-by":"crossref","unstructured":"Singh AP, Kumar V, Sengar SS, Wairiya M. Detection and prevention of phishing attack using dynamic watermarking. In: International conference on advances in information technology and mobile communication. Berlin: Springer; 2011. p. 132-137.","DOI":"10.1007\/978-3-642-20573-6_21"},{"key":"1785_CR5","doi-asserted-by":"crossref","unstructured":"Mishra MK, Sengar SS, Mukhopadhyay S. Algorithm for secure visual communication In: 2015 2nd international conference on signal processing and integrated networks. IEEE; 2015. p. 831\u2013836.","DOI":"10.1109\/SPIN.2015.7095310"},{"issue":"6","key":"1785_CR6","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1016\/S0950-5849(96)00006-7","volume":"39","author":"AR Gray","year":"1997","unstructured":"Gray AR, MacDonell SG. A comparison of techniques for developing predictive models of software metrics. Inf Softw Technol. 1997;39(6):425\u201337.","journal-title":"Inf Softw Technol"},{"issue":"1","key":"1785_CR7","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1016\/j.infsof.2011.09.002","volume":"54","author":"J Wen","year":"2012","unstructured":"Wen J, Li S, Lin Z, Hu Y, Huang C. Systematic literature review of machine learning based software development effort estimation models. Inf Softw Technol. 2012;54(1):41\u201359.","journal-title":"Inf Softw Technol"},{"issue":"2","key":"1785_CR8","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s11334-020-00364-5","volume":"16","author":"T Given-Wilson","year":"2020","unstructured":"Given-Wilson T, Jafri N, Legay A. Combined software and hardware fault injection vulnerability detection. Innov Syst Softw Eng. 2020;16(2):101\u201320.","journal-title":"Innov Syst Softw Eng"},{"issue":"3","key":"1785_CR9","doi-asserted-by":"publisher","first-page":"813","DOI":"10.1007\/s10664-014-9300-5","volume":"20","author":"E Kocaguneli","year":"2015","unstructured":"Kocaguneli E, Menzies T, Mendes E. Transfer learning in effort estimation. Empir Softw Eng. 2015;20(3):813\u201343.","journal-title":"Empir Softw Eng"},{"key":"1785_CR10","first-page":"4","volume":"50","author":"SM Ghaffarian","year":"2017","unstructured":"Ghaffarian SM, Shahriari HR. Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput Surv. 2017;50:4.","journal-title":"ACM Comput Surv"},{"issue":"1","key":"1785_CR11","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/s10664-011-9190-8","volume":"18","author":"Y Shin","year":"2013","unstructured":"Shin Y, Williams L. Can traditional fault prediction models be used for vulnerability prediction? Empir Softw Eng. 2013;18(1):25\u201359.","journal-title":"Empir Softw Eng"},{"key":"1785_CR12","unstructured":"Chapter 16: lessons learned from software analytics in practice\u2014the art and science of analyzing software data [Book]"},{"key":"1785_CR13","doi-asserted-by":"crossref","unstructured":"Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker AD, Miseldine P. Factors impacting the effort required to fix security vulnerabilities. In: Proceedings of the 18th international conference on information security, vol 9290, Trondheim. 2015. p. 102\u2013119.","DOI":"10.1007\/978-3-319-23318-5_6"},{"key":"1785_CR14","unstructured":"Mezouar ME, Zhang F, Zou Y. Local versus global models for effort-aware defect prediction. In: Proceedings of the 26th annual international conference on computer science and software engineering, Toronto, 2016. p. 178\u2013187."},{"key":"1785_CR15","unstructured":"Wallace D. Software requirements analysis as fault predictor. 2003."},{"key":"1785_CR16","unstructured":"Hamill M, Goseva-Popstojanova K. Software faults fixing effort, NASA Goddard Space Flight Center, Greenbelt, 2014."},{"issue":"4","key":"1785_CR17","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1016\/j.jss.2006.07.009","volume":"80","author":"P Brereton","year":"2007","unstructured":"Brereton P, Kitchenham BA, Budgen D, Turner M, Khalil M. Lessons from applying the systematic literature review process within the software engineering domain. J Syst Softw. 2007;80(4):571\u201383.","journal-title":"J Syst Softw"},{"key":"1785_CR18","doi-asserted-by":"crossref","unstructured":"ben Othmane L, Chehrazi G, Bodden E, Tsalovski P. Brucker AD, Miseldine P. Factors impacting the effort required to fix security vulnerabilities. Inf Secur. 2015:102\u2013119.","DOI":"10.1007\/978-3-319-23318-5_6"},{"key":"1785_CR19","doi-asserted-by":"crossref","unstructured":"Bosu A, Carver JC, Hafiz M, Hilley P , Janni D. Identifying the characteristics of vulnerable code changes: an empirical study. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering, Hong Kong, China. 2014. p. 257\u2013268.","DOI":"10.1145\/2635868.2635880"},{"key":"1785_CR20","doi-asserted-by":"crossref","unstructured":"Aggarwal CC, Wang H. A Survey of clustering algorithms for graph data. In: Aggarwal CC, Wang H, editors. Managing and mining graph data. Boston: Springer US; 2010. p. 275\u2013301.","DOI":"10.1007\/978-1-4419-6045-0_9"},{"issue":"01","key":"1785_CR21","doi-asserted-by":"publisher","first-page":"1450001","DOI":"10.1142\/S0218001414500013","volume":"28","author":"P Foggia","year":"2014","unstructured":"Foggia P, Percannella G, Vento M. Graph matching and learning in pattern recognition in the last 10 years. Int J Pattern Recognit Artif Intell. 2014;28(01):1450001.","journal-title":"Int J Pattern Recognit Artif Intell"},{"key":"1785_CR22","doi-asserted-by":"crossref","unstructured":"Mining graph patterns. Frequent pattern mining. 2014. p. 307\u2013338.","DOI":"10.1007\/978-3-319-07821-2_13"},{"key":"1785_CR23","doi-asserted-by":"crossref","unstructured":"A survey of clustering algorithms for graph data, Managing and mining graph data. 2010. p. 275\u2013301.","DOI":"10.1007\/978-1-4419-6045-0_9"},{"key":"1785_CR24","doi-asserted-by":"crossref","unstructured":"Long F, Rinard M. Automatic patch generation by learning correct code. In: Proceedings of the 43rd annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, St. Petersburg. 2016. p. 298\u2013312.","DOI":"10.1145\/2837614.2837617"},{"key":"1785_CR25","doi-asserted-by":"crossref","unstructured":"Yamaguchi F, Lottmann M, Rieck K. Generalized vulnerability extrapolation using abstract syntax trees. in: proceedings of the 28th annual computer security applications conference, Orlando. 2012. p. 359\u2013368.","DOI":"10.1145\/2420950.2421003"},{"key":"1785_CR26","doi-asserted-by":"crossref","unstructured":"Peng H, Mou L, Li G, Liu Y, Zhang L, Jin Z. Building program vector representations for deep learning. In: Proceedings of the 8th international conference on knowledge science, engineering and management, vol 9403, Chongqing, China. 2015. p. 547\u2013553.","DOI":"10.1007\/978-3-319-25159-2_49"},{"key":"1785_CR27","doi-asserted-by":"publisher","first-page":"19139","DOI":"10.1109\/ACCESS.2021.3052311","volume":"9","author":"RA Khan","year":"2021","unstructured":"Khan RA, Khan SU, Khan HU, Ilyas M. Systematic mapping study on security approaches in secure software engineering. IEEE Access. 2021;9:19139\u201360.","journal-title":"IEEE Access"},{"key":"1785_CR28","doi-asserted-by":"crossref","unstructured":"Sengar SS, Hariharan U, Rajkumar K. Multimodal biometric authentication system using deep learning method. In: 2020 international conference on emerging smart computing and informatics (ESCI). IEEE. 2020. p. 309\u2013312.","DOI":"10.1109\/ESCI48226.2020.9167512"},{"issue":"10","key":"1785_CR29","doi-asserted-by":"publisher","first-page":"10250","DOI":"10.1109\/JIOT.2020.2997651","volume":"7","author":"W Iqbal","year":"2020","unstructured":"Iqbal W, Abbas H, Daneshmand M, Rauf B, Bangash YA. An in-depth analysis of iot security requirements, challenges, and their countermeasures via software-defined security. IEEE Internet Things J. 2020;7(10):10250\u201376.","journal-title":"IEEE Internet Things J"},{"issue":"5","key":"1785_CR30","first-page":"37","volume":"244","author":"SS Sengar","year":"2020","unstructured":"Sengar SS, Kumar S, Raina P, Mahaliyan M. Bot detection in social networks based on multilayered deep learning approach. Sens Transducers. 2020;244(5):37\u201343.","journal-title":"Sens Transducers"},{"key":"1785_CR31","doi-asserted-by":"publisher","first-page":"33735","DOI":"10.1109\/ACCESS.2020.2971000","volume":"8","author":"S Moyo","year":"2020","unstructured":"Moyo S, Mnkandla E. A novel lightweight solo software development methodology with optimum security practices. IEEE Access. 2020;8:33735\u201347.","journal-title":"IEEE Access"},{"key":"1785_CR32","doi-asserted-by":"publisher","first-page":"215758","DOI":"10.1109\/ACCESS.2020.3040220","volume":"8","author":"H Al-Matouq","year":"2020","unstructured":"Al-Matouq H, Mahmood S, Alshayeb M, Niazi M. A maturity model for secure software design: a multivocal study. IEEE Access. 2020;8:215758\u201376.","journal-title":"IEEE Access"},{"key":"1785_CR33","doi-asserted-by":"publisher","first-page":"25858","DOI":"10.1109\/ACCESS.2021.3057044","volume":"9","author":"F \u00d6. S\u00f6nmez","year":"2021","unstructured":"\u00d6. S\u00f6nmez F, Kili\u00e7 BG. Holistic web application security visualization for multi-project and multi-phase dynamic application security test results. IEEE Access. 2021;9:25858\u201384.","journal-title":"IEEE Access"},{"key":"1785_CR34","doi-asserted-by":"publisher","first-page":"36852","DOI":"10.1109\/ACCESS.2021.3062388","volume":"9","author":"H Nina","year":"2021","unstructured":"Nina H, Pow-Sang JA, Villavicencio M. Systematic mapping of the literature on secure software development. IEEE Access. 2021;9:36852\u201367.","journal-title":"IEEE Access"},{"key":"1785_CR35","doi-asserted-by":"publisher","first-page":"219174","DOI":"10.1109\/ACCESS.2020.3041181","volume":"8","author":"N Medeiros","year":"2020","unstructured":"Medeiros N, Ivaki N, Costa P, Vieira M. Vulnerable code detection using software metrics and machine learning. IEEE Access. 2020;8:219174\u201398.","journal-title":"IEEE Access"},{"issue":"2","key":"1785_CR36","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1109\/TSE.2019.2892959","volume":"47","author":"Y Qu","year":"2021","unstructured":"Qu Y. Using K-core decomposition on class dependency networks to improve bug prediction model\u2019s practical performance. IEEE Trans Softw Eng. 2021;47(2):348\u201366.","journal-title":"IEEE Trans Softw Eng"},{"issue":"1","key":"1785_CR37","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/TSE.2018.2881961","volume":"47","author":"HK Dam","year":"2021","unstructured":"Dam HK, Tran T, Pham T, Ng SW, Grundy J, Ghose A. Automatic feature learning for predicting vulnerable software components. IEEE Trans Softw Eng. 2021;47(1):67\u201385.","journal-title":"IEEE Trans Softw Eng"},{"key":"1785_CR38","doi-asserted-by":"crossref","unstructured":"Althar RR, Samanta D, Kaur M, Alnuaim AA, Aljaffan N, Aman Ullah M. Software systems security vulnerabilities management by exploring the capabilities of language models using NLP. Comput Intell Neurosci. 2021:e8522839.","DOI":"10.1155\/2021\/8522839"},{"key":"1785_CR39","doi-asserted-by":"crossref","unstructured":"Rodeghero P, Jiang S, Armaly A, McMillan C. Detecting user story information in developer-client conversations to generate extractive summaries. In: 2017 IEEE\/ACM 39th international conference on software engineering (ICSE). 2017. p. 49\u201359.","DOI":"10.1109\/ICSE.2017.13"},{"key":"1785_CR40","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/8830683","volume":"2020","author":"A Ahmad","year":"2020","unstructured":"Ahmad A. A systematic literature review on using machine learning algorithms for software requirements identification on stack overflow. Secur Commun Netw. 2020;2020: e8830683.","journal-title":"Secur Commun Netw"},{"issue":"1","key":"1785_CR41","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1109\/TSE.2007.256941","volume":"33","author":"T Menzies","year":"2007","unstructured":"Menzies T, Greenwald J, Frank A. Data mining static code attributes to learn defect predictors. IEEE Trans Softw Eng. 2007;33(1):2\u201313.","journal-title":"IEEE Trans Softw Eng"},{"issue":"6","key":"1785_CR42","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1109\/TSE.2014.2321179","volume":"40","author":"AT Misirli","year":"2014","unstructured":"Misirli AT, Bener AB. Bayesian networks for evidence-based decision-making in software engineering. IEEE Trans Softw Eng. 2014;40(6):533\u201354.","journal-title":"IEEE Trans Softw Eng"},{"key":"1785_CR43","doi-asserted-by":"publisher","first-page":"197158","DOI":"10.1109\/ACCESS.2020.3034766","volume":"8","author":"P Zeng","year":"2020","unstructured":"Zeng P, Lin G, Pan L, Tai Y, Zhang J. Software vulnerability analysis and discovery using deep learning techniques: a survey. IEEE Access. 2020;8:197158\u201372.","journal-title":"IEEE Access"},{"key":"1785_CR44","doi-asserted-by":"crossref","unstructured":"Shin Y, Williams, L. An initial study on the use of execution complexity metrics as indicators of software vulnerabilities. In: Proceeding of the 7th international workshop on Software engineering for secure systems-SESS \u201911. 2011.","DOI":"10.1145\/1988630.1988632"},{"issue":"1","key":"1785_CR45","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1145\/2914770.2837617","volume":"51","author":"F Long","year":"2016","unstructured":"Long F, Rinard M. Automatic patch generation by learning correct code. SIGPLAN Not. 2016;51(1):298\u2013312.","journal-title":"SIGPLAN Not"}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-023-01785-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-023-01785-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-023-01785-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,17]],"date-time":"2023-06-17T15:09:32Z","timestamp":1687014572000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-023-01785-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,15]]},"references-count":45,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,7]]}},"alternative-id":["1785"],"URL":"https:\/\/doi.org\/10.1007\/s42979-023-01785-2","relation":{},"ISSN":["2661-8907"],"issn-type":[{"type":"electronic","value":"2661-8907"}],"subject":[],"published":{"date-parts":[[2023,4,15]]},"assertion":[{"value":"14 October 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 March 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 April 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no conflicts of interest to declare.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}],"article-number":"331"}}