Detecting Security-Relevant Methods using Multi-label Machine Learning (IDE 2024)

Who

Oshando Johnson, Goran Piskachev, Ranjith Krishnamurthy, Eric Bodden

Track

IDE 2024

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Sat 20 Apr 2024 11:30 - 12:00 at Lopes Graça - Poster Session Chair(s): Yaroslav Golubev

Abstract

To detect security vulnerabilities, static analysis tools need to be configured with security-relevant methods (SRM). Machine learning (ML) can help identify such methods. However, current ML approaches ignore dependencies among SRM labels and This may lead to poor performance in practice. Additionally, experts currently need to configure static analysis tools manually with SRMs detected by machine learning approaches.

In this paper, we present Dev-Assist, an improved IntelliJ IDEA plugin that detects SRMs using a multi-label ML approach that considers dependencies among labels. Dev-Assist allows users to generate configurations for SAST tools automatically, and to detect security vulnerabilities directly within the Integrated Development Environment (IDE). Our experiments reveal that the multi-label approach has a higher F1-Measure than related approaches. Dev-Assist’s source code and documentation are available online.

Link to Preprint

https://arxiv.org/abs/2403.07501

Oshando Johnson

Fraunhofer IEM

Germany

Goran Piskachev

Amazon Web Services

Germany

Ranjith Krishnamurthy

Fraunhofer IEM

Germany

Eric Bodden

Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM

Germany

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Sat 20 Apr
Displayed time zone: Lisbon change

11:00 - 12:30	Poster SessionIDE at Lopes Graça Chair(s): Yaroslav Golubev JetBrains Research The poster session takes place in three iterations by 8–9 papers. Some posters include small demos.

11:00 30m Poster		Jasay: Towards Voice Commands in Projectional Editors IDE André L. Santos University Institute of Lisbon, Portugal, Alexandre Cancelinha ISCTE-IUL, Fernando Batista ISCTE-IUL Pre-print
11:00 30m Poster		Embedding-Based Search in JetBrains IDEs IDE Evgeny Abramov JetBrains, Nikolai Palchikov JetBrains Pre-print
11:00 30m Poster		On the Integration of Spectrum-Based Fault Localization Tools into IDEs IDE Attila Szatmári Szegedi Tudományegyetem, Qusay Idrees Sarhan Department of Software Engineering, University of Szeged, Péter Attila Soha Department of Software Engineering, University of Szeged, Gergő Balogh Department of Software Engineering, University of Szeged, Árpád Beszédes Department of Software Engineering, University of Szeged Pre-print
11:00 30m Poster		JetTrain: IDE-Native Machine Learning Experiments IDE Artem Trofimov JetBrains, Mikhail Kostyukov JetBrains, Sergei Ugdyzhekov JetBrains, Natalia Ponomareva JetBrains, Igor Naumov JetBrains, Maksim Melekhovets JetBrains Pre-print
11:00 30m Poster		Trigram-Based Persistent IDE indices with Quick Startup IDE Zakhar Iakovlev ITMO University, Nikita Golikov ITMO University, Alexey Chulkov ITMO University, Vyacheslav Lukianov Huawei RRI, Nikita Zinoviev Huawei RRI, Dmitry Ivanov Huawei, Vitaly Aksenov City, University of London Pre-print
11:00 30m Poster		Context Composing for Full Line Code Completion IDE Anton Semenkin JetBrains, Yaroslav Sokolov JetBrains, Evgeniia Vu JetBrains Pre-print
11:00 30m Poster		Understanding and Evaluating Developer Behaviour in Programming Tasks IDE Martin Schröer University of Bremen, Germany, Rainer Koschke University of Bremen Pre-print
11:00 30m Poster		"Don't Step on My Toes": Resolving Editing Conflicts in Real-Time Collaboration in Computational Notebooks IDE April Wang University of Michigan, Zihan Wu University of Michigan, Christopher Brooks University of Michigan, Steve Oney University of Michigan Pre-print
11:30 30m Poster		An IDE Plugin for Gamified Continuous Integration IDE Philipp Straubinger University of Passau, Gordon Fraser University of Passau Pre-print
11:30 30m Poster		IntelliGame in Action: An Experience Report on Gamifying JavaScript Unit Tests IDE Philipp Straubinger University of Passau, Tommaso Fulcini Politecnico di Torino, Gordon Fraser University of Passau, Marco Torchiano Politecnico di Torino Pre-print
11:30 30m Poster		Detecting Security-Relevant Methods using Multi-label Machine Learning IDE Oshando Johnson Fraunhofer IEM, Goran Piskachev Amazon Web Services, Ranjith Krishnamurthy Fraunhofer IEM, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM Pre-print
11:30 30m Poster		HyLiMo: A Hybrid Live-Synchronized Modular Diagramming Editor as IDE Extension for Technical and Scientific Publications IDE Niklas Krieger Institute of Software Engineering, University of Stuttgart, Sandro Speth Institute of Software Engineering, University of Stuttgart, Steffen Becker University of Stuttgart DOI Pre-print
11:30 30m Poster		I3DE: An IDE for Inspecting Inconsistencies in PL/SQL Code IDE Jiangshan Liu , Shuang Liu Tianjin University, Junjie Chen Tianjin University Pre-print
11:30 30m Poster		Challenges of Processing Data Clumps within Plugin Architectures of Integrated Development Environment IDE Nils Baumgartner Institute of Computer Science, University of Osnabrueck, Elke Pulvermueller Institute of Computer Science, University of Osnabrueck Pre-print
11:30 30m Poster		In-IDE Human-AI Experience in the Era of Large Language Models; A Literature Review IDE Agnia Sergeyuk JetBrains Research, Sergey Titov JetBrains Reserach, Maliheh Izadi Delft University of Technology Pre-print
11:30 30m Poster		Gamified GUI Testing with Selenium in the IntelliJ IDE: A Prototype Plugin IDE Giacomo Garaccione Politecnico di Torino, Tommaso Fulcini Politecnico di Torino, Paolo Stefanut Bodnarescul Politecnico di Torino, Riccardo Coppola Politecnico di Torino, Luca Ardito Politecnico di Torino Pre-print
11:30 30m Poster		The Visual Debugger: Past, Present, and Future IDE Tim Kräuter Western Norway University of Applied Sciences, Patrick Stünkel Western Norway University of Applied Sciences, Adrian Rutle Western Norway University of Applied Sciences, Yngve Lamo Western Norway University of Applied Sciences Pre-print
12:00 30m Poster		Envisioning the Next-Generation AI Coding Assistants: Insights & Proposals IDE Khanh Nghiem FPT Software AI Center, Anh Minh Nguyen FPT Software AI Center, Nghi D. Q. Bui Fulbright University, Viet Nam Pre-print
12:00 30m Poster		Help Me to Understand This Commit! - A Vision for Contextualized Code Reviews IDE Michael Unterkalmsteiner Blekinge Institute of Technology, Deepika Badampudi Blekinge Institute of Technology, Ricardo Britto Ericsson / Blekinge Institute of Technology, Nauman Bin Ali Blekinge Institute of Technology Pre-print
12:00 30m Poster		IDEs in the Age of LLMs and XR IDE Jesus M. Gonzalez-Barahona Universidad Rey Juan Carlos Pre-print
12:00 30m Poster		Lessons from a Pioneering Software Engineering Environment: Design Principles of Software through Pictures IDE Anthony I. (Tony) Wasserman Software Methods and Tools Pre-print
12:00 30m Poster		Bridging Education and Development: IDEs as Interactive Learning Platforms IDE Anastasiia Birillo JetBrains Research, Maria Tigina JetBrains Research, Zarina Kurbatova JetBrains Research, Anna Potriasaeva JetBrains Research, Ilya Vlasov JetBrains Research, Valerii Ovchinnikov Constructor University, Igor Gerasimov JetBrains Pre-print
12:00 30m Poster		Hidden Gems in the Rough: Computational Notebooks as an Uncharted Oasis for IDEs IDE Sergey Titov JetBrains Reserach, Konstantin Grotov JetBrains Research, Constructor University, Ashwin Prasad Shivarpatna Venkatesh University of Paderborn Pre-print
12:00 30m Poster		A New Generation of Intelligent Development Environment IDE Mark Marron University of Kentucky
12:00 30m Poster		Tool-augmented LLMs as a Universal Interface for IDEs IDE Yaroslav Zharov JetBrains Research, Yury Khudyakov JetBrains Research, Evgeniia Fedotova JetBrains Research, Evgeny Grigorenko JetBrains Research, Egor Bogomolov JetBrains Research Pre-print