Dev-Assist: Multi-label Machine Learning for Security Methods Detection

Dev-Assist is an IntelliJ IDEA plugin that uses multi-label machine learning to detect security-relevant methods, reducing manual effort and improving precision.

Abstract: Current approaches for detecting security vulnerabilities have limitations in identifying security-relevant methods. Dev-Assist plugin automates the process using multi-label machine learning, enhancing precision and reducing manual configuration steps. Introduction: Static Application Security Testing (SAST) tools require correct configuration with security-relevant methods (SRM) to detect vulnerabilities effectively. SWAN and SWAN-Assist offer solutions but have shortcomings in machine learning approach and usability. Motivation and Requirements: SWAN and SWAN-Assist faced challenges due to their machine learning approach and excessive manual effort required. Dev-Assist aims to address these issues by assigning SRM labels considering dependencies, generating taint-flow query specifications automatically, and running static code analysis. Dev-Assist Plugin: Automated Configuration for Static Analysis: Dev-Assist integrates a core module with an analysis pipeline on the IntelliJ platform. The plugin's interface includes a tool window, method dialog, and analysis results display. AI Supported Analysis Pipeline: Multi-label SRM detection using MEKA library extends SWAN's capabilities. Automatically generated specifications using fluentTQL API streamline the process of creating taint-flow specifications. Vulnerability detection with SecuCheck integrated into the pipeline enhances efficiency. Evaluation: Dev-Assist outperforms SWAN-Assist in F1-Score for various SRM labels based on cross-validation results. Real-world project evaluation shows Dev-Assist's precision in detecting SRMs from Android 13 project methods. Limitations and Threats to Validity: Imbalanced training data from major Java libraries may affect model performance. Conclusion: Dev-Assist offers a comprehensive solution using multi-label machine learning to automate SRM detection, specification generation, and vulnerability detection with improved precision.

現在のアプローチは、セキュリティ脆弱性を検出するために重要なセキュリティ関連メソッドを特定する際に制限があります。 Dev-Assistプラグインは、マルチラベル機械学習を使用してセキュリティ関連メソッドを検出し、手動作業を減らし、精度を向上させます。 Dev-AssistはF1スコアでSWANアシストを上回り、さまざまなSRMラベルにおいて優れたパフォーマンスを発揮します。 実世界のプロジェクト評価では、Android 13プロジェクトのメソッドからSRMを検出する際のDev-Assistの精度が示されています。

"Current approaches can automatically identify such methods using binary relevance machine learning approaches." "Excessive manual steps can often be tedious, error-prone, and counter-intuitive." "Our experiments reveal that Dev-Assist’s machine learning approach has a higher F1-Measure than related approaches."