Publication Type
Journal Article
Version
acceptedVersion
Publication Date
2-2022
Abstract
A common cause of bugs and vulnerabilities are the violations of usage constraints associated with Application Programming Interfaces (APIs). API misuses are common in software projects, and while there have been techniques proposed to detect such misuses, studies have shown that they fail to reliably detect misuses while reporting many false positives. One limitation of prior work is the inability to reliably identify correct patterns of usage. Many approaches confuse a usage pattern’s frequency for correctness. Due to the variety of alternative usage patterns that may be uncommon but correct, anomaly detection-based techniques have limited success in identifying misuses. We address these challenges and propose ALP (Actively Learned Patterns), reformulating API misuse detection as a classification problem. After representing programs as graphs, ALP mines discriminative subgraphs. While still incorporating frequency information, through limited human supervision, we reduce the reliance on the assumption relating frequency and correctness. The principles of active learning are incorporated to shift human attention away from the most frequent patterns. Instead, ALP samples informative and representative examples while minimizing labeling effort. In our empirical evaluation, ALP substantially outperforms prior approaches on both MUBench, an API Misuse benchmark, and a new dataset that we constructed from real-world software projects.
Keywords
API-Misuse Detection, Discriminative Subgraph Mining, Graph Classification, Active Learning
Discipline
Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
IEEE Transactions on Software Engineering
Volume
48
Issue
8
First Page
2761
Last Page
2781
ISSN
0098-5589
Identifier
10.1109/TSE.2021.3069978
Publisher
Institute of Electrical and Electronics Engineers
Citation
KANG, Hong Jin and LO, David.
Active learning of discriminative subgraph patterns for API misuse detection. (2022). IEEE Transactions on Software Engineering. 48, (8), 2761-2781.
Available at: https://ink.library.smu.edu.sg/sis_research/7635
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/TSE.2021.3069978