Correlating Propensity Between Code Smells and Vulnerabilities in Java Applications

Kritika ¹

1. Government of India, New Delhi, India.

Section:Research Paper, Product Type: Journal-Paper
Vol.11 , Issue.1 , pp.23-28, Feb-2023

Online published on Feb 28, 2023

Copyright © Kritika . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

184 Views    293 Downloads    40 Downloads

Abstract :
The ever-advancing world in terms of technology from web 1.0 to web 3.0, the need for designing and developing software applications has increased many folds. The digitalization of everything at a quick pace from including banking applications, mobile gaming etc. has led to the negligence of the part of the software developers which has led to increment in maintainability as well as security issue of the application, namely, code smells and vulnerability respectively. Code smells are the niggardly practices followed while developing a software by the developers or the software engineers, thwacking the rudimentary delineation principles and cynically thwacking delineation idiosyncrasy. Vulnerability is the snag, glitch or blemishes existing in software or operating system allowing the attackers to derelict the security measures. The paper focusses on finding the relationship between the code smells and vulnerability detected using an Eclipse plugin, PMD and correlating them using software metrics and rule-based machine learning approach.

Key-Words / Index Term :
Code smell, Vulnerability, software metrics, machine learning, K means clustering, data mining

References :
[1] Fontana, F. A., Zanoni, M., Marino, A., & Mäntylä, M. V, “Code smell detection: Towards a machine learning-based approach”, IEEE international conference on software maintenance, pp. 396-399, 2013.
[2] Alhazmi, O., Malaiya, Y., & Ray, I, “Security vulnerabilities in software systems: A quantitative perspective”, In IFIP Annual Conference on Data and Applications Security and Privacy, pp. 281-294, 2005.
[3] KS, V. K, “A method for predicting software reliability using object oriented design metrics”, “International Conference on Intelligent Computing and Control Systems (ICCS), pp. 679-682, 2019.
[4] Elia, I. A., Antunes, N., Laranjeiro, N., & Vieira, M, “An analysis of openstack vulnerabilities”, “13th European Dependable Computing Conference (EDCC)”, pp. 129-134, 2017.
[5] Reutemann, G. H. B. P. P., Hall, I. H. W. M., Frank, E., & Witten, I. H, “The weka data mining software: An update”, SIGKDD Explorations, Vol. 11, Issue. 1, pp. 10-18, 2009.
[6] Kirkby, R., & Frank, E, “WEKA Explorer User Guide for Version 3-4”, University of Weikato, pp.3-4, 2002.
[7] Di Nucci, D., Palomba, F., Tamburri, D. A., Serebrenik, A., & De Lucia, A, “Detecting code smells using machine learning techniques: are we there yet?”, Ieee 25th international conference on software analysis, evolution and reengineering (saner), pp. 612-621, 2018.
[8] Kim, D.K., “Finding bad code smells with neural network models” International Journal of Electrical and Computer Engineering, Vol. 7, Issue. 6, p.3613, 2017.
[9] Pessoa, T., Monteiro, M.P. and Bryton, S, “ An eclipse plugin to support code smells detection” arXiv preprint arXiv:1204.6492, 2012.
[10] Sharma, S., & Rathore, M, “Comparison Study of Classification Techniques for Predicting Performance of Students Using Weka Environment”, “Rising Threats in Expert Applications and Solutions, (pp. 673-681), 2022.
[11] Rezaei, E., Ghoreyshi, K., Dimitrov, Y., Sadique, K. M., & Campos, J, “Data Mining with WEKA”, 2021.
[12] Medeiros, N., Ivaki, N., Costa, P., & Vieira, M, “Vulnerable code detection using software metrics and machine learning”, IEEE Access, 8, 2020.
[13] Pereira dos Reis, J., Brito e Abreu, F., de Figueiredo Carneiro, G., & Anslow, C, “Code smells detection and visualization: a systematic literature review”, Archives of Computational Methods in Engineering, Vol. 29, Issue.1, pp. 47-94, 2022.
[14] Rattan, D., Bhatia, R., & Singh, M, “Software clone detection: A systematic review”, Information and Software Technology, Vol. 55, Issue.7, pp. 1165-1199, 2013.
[15] Kaur, A, “A systematic literature review on empirical analysis of the relationship between code smells and software quality attributes”, Archives of Computational Methods in Engineering, Vol. 27, Issue. 4, pp. 1267-1296, 2020.
[16] Santos, J. A. M., Rocha-Junior, J. B., Prates, L. C. L., do Nascimento, R. S., Freitas, M. F., & de Mendonça, M. G, “A systematic review on the code smell effect”, Journal of Systems and Software, Vol.144, pp. 450-477, 2018.
[17] Elkhail, A. A., & Cerny, T, “On relating code smells to security vulnerabilities”, IEEE 5th intl conference on big data security on cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE intl conference on intelligent data and security (IDS) pp. 7-12, 2019.
[18] Aggarwal, K. K., Singh, Y., Kaur, A., & Malhotra, R, “Software Design Metrics for Object-Oriented Software, J. Object Technol., Vol.6, Issue.1, pp. 121-138, 2007.
[19] Dewangan, S., Rao, R.S., Mishra, A. and Gupta, M., 2022. Code Smell Detection Using Ensemble Machine Learning Algorithms. Applied Sciences, 12(20), p.10321 2022.
[20] Sehgal, R., Mehrotra, D. and Nagpal, R, “Is refactoring a solution to resolve code smell?”, International Journal of System of Systems Engineering, Vol.12, Issue.4, pp.371-385. 2022.
[21] Madeyski, L. and Lewowski, T., “Detecting code smells using industry-relevant data”, Information and Software Technology, p.107112. 2023.
[22] S. D. Raut and S. A. Thorat, "Deep Learning Techniques: A Review," International Journal of Scientific Research in Computer Science and Engineering, vol.8, Issue.1, pp. 105-109, 2020.
[23] Anoushka, Shivani Dubey, Vikas Singhal, "Student Grade Prediction by using Machine Learning Methods and Data Analytics Techniques," International Journal of Scientific Research in Computer Science and Engineering, vol.10, no. 6, pp. 22-29, 2022.