Auto-tuning program analysis tools using machine learning
First Claim
1. A method to reduce false alarms generated by an automated analysis tool performing static security analysis on a software system, comprising:
- with respect to each of one or more particular findings in a set of data, automatically generating a classification for the particular finding, wherein the classification is based at least in part on a characteristic associated with the particular finding;
based on the automatically-generated classifications for the particular findings, computing a machine learning classifier using software executing in a hardware element;
applying the machine learning classifier to a set of data representing findings generated by the static security analysis.
1 Assignment
0 Petitions
Accused Products
Abstract
Machine learning (ML) significantly reduces false alarms generated by an automated analysis tool performing static security analysis. Using either user-supplied or system-generated annotation of particular findings, a “hypothesis” is generated about how to classify other static analysis findings. The hypothesis is implemented as a machine learning classifier. To generate the classifier, a set of features are abstracted from a typical witness, and the system compares feature sets against one another to determine a set of weights for the classifier. The initial hypothesis is then validated against a second set of findings, and the classifier is adjusted as necessary based on how close it fits the new data. Once the approach converges on a final classifier, it is used to filter remaining findings in the report.
-
Citations
21 Claims
-
1. A method to reduce false alarms generated by an automated analysis tool performing static security analysis on a software system, comprising:
-
with respect to each of one or more particular findings in a set of data, automatically generating a classification for the particular finding, wherein the classification is based at least in part on a characteristic associated with the particular finding; based on the automatically-generated classifications for the particular findings, computing a machine learning classifier using software executing in a hardware element; applying the machine learning classifier to a set of data representing findings generated by the static security analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to reduce false alarms generated by an automated analysis tool performing static security analysis on a software system, the computer program instructions operative to; with respect to each of one or more particular findings in a set of data, automatically generate a classification for the particular finding, wherein the classification is based at least in part on a characteristic associated with the particular finding; based on the automatically-generated classifications for the particular findings, compute a machine learning classifier; and apply the machine learning classifier to a set of data representing findings generated by the static security analysis. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the data processing system to reduce false alarms generated by an automated analysis tool performing static security analysis on a software system, the computer program instructions operative to:
-
with respect to each of one or more particular findings in a set of data, automatically generate a classification for the particular finding, wherein the classification is based at least in part on a characteristic associated with the particular finding; based on the automatically-generated classifications for the particular findings, compute a machine learning classifier; and apply the machine learning classifier to a set of data representing findings generated by the static security analysis. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification