English (United Kingdom)

https://curated-unify.zendy.io/wp-json/zendy-region/v1/featured_content/oa?rat=en

https://curated-unify.zendy.io/wp-json/zendy-region/v1/highlighted_journal/

Global: Zendy Plus annual

Presents the access of premium content as premium feature

Premium Content

Presents the keyphrase highlighting as premium feature

Keyphrase Highlighting

Presents the summarisation as premium feature

Summarisation

Insights

Presents the pdf analysis as premium feature

PDF Analysis

Presents the zaia usage as premium feature

ZAIA

Global: Zendy Plus monthly

Global: Zendy Tools annual

Global: Zendy Tools monthly

Global: Zendy Free Plan

Bug tracking systems store many bug reports, some of which are related tosecurity. Identifying those security bug reports (SBRs) may help us predictsome security-related bugs and solve security issues promptly so that theproject can avoid threats and attacks. However, in the real world, the ratio ofsecurity bug reports is severely low; thus, directly training a predictionmodel with raw data may result in inaccurate results. Faced with the massivechallenge of data imbalance, many researchers in the past have attempted to usetext filtering or clustering methods to minimize the proportion of non-securitybug reports (NSBRs) or apply oversampling methods to synthesize SBRs to makethe dataset as balanced as possible. Nevertheless, there are still twochallenges to those methods: 1) They ignore long-distance contextualinformation. 2) They fail to generate an utterly balanced dataset. To tacklethese two challenges, we propose SEDAC, a new SBR identification method thatgenerates similar bug report vectors to solve data imbalance problems andaccurately detect security bug reports. Unlike previous studies, it firstconverts bug reports into individual bug report vectors with distilBERT, whichare based on word2vec. Then, it trains a generative model through conditionalvariational auto-encoder (CVAE) to generate similar vectors with securitylabels, which makes the number of SBRs equal to NSBRs'. Finally, balanced dataare used to train a security bug report classifier. To evaluate theeffectiveness of our framework, we conduct it on 45,940 bug reports fromChromium and four Apache projects. The experimental results show that SEDACoutperforms all the baselines in g-measure with improvements of around14.24%-50.10%.

SEDAC: A CVAE-Based Data Augmentation Method for Security Bug Report Identification