International Journal of Applied Science and Engineering

Survey on software defect prediction techniques

Mahesh Kumar Thota1*, Francis H Shajin2, P. Rajesh3
1
Research Scholar, Department of Computer Science Engineering, KL University,
Guntur, India
2
Department of Electronics and Communication Engineering, Anna University,
Chennai, India
3
Department of Electrical and Electronics Engineering, Anna University, Chennai,
India

ABSTRACT
Recent advancements in technology have emerged the requirements of hardware and
software applications. Along with this technical growth, software industries also have
faced drastic growth in the demand of software for several applications. For any software
industry, developing good quality software and maintaining its eminence for user end is
considered as most important task for software industrial growth. In order to achieve this,
software engineering plays an important role for software industries. Software
applications are developed with the help of computer programming where codes are
written for desired task. Generally, these codes contain some faulty instances which may
lead to the buggy software development cause due to software defects. In the field of
software engineering, software defect prediction is considered as most important task
which can be used for maintaining the quality of software. Defect prediction results
provide the list of defect-prone source code artefacts so that quality assurance team scan
effectively allocate limited resources for validating software products by putting more
effort on the defect-prone source code. As the size of software projects becomes larger,
defect prediction techniques will play an important role to support developers as well as
to speed up time to market with more reliable software products. One of the most
OPEN ACCESS exhaustive and pricey part of embedded software development is consider as the process
of finding and fixing the defects. Due to complex infrastructure, magnitude, cost and
Received: September 6, 2019 time limitations, monitoring and fulfilling the quality is a big challenge, especially in
Revised: December 12, 2019 automotive embedded systems. However, meeting the superior product quality and
Accepted: July 3, 2020 reliability is mandatory. Hence, higher importance is given to V&V (Verification &
Validation). Software testing is an integral part of software V&V, which is focused on
Corresponding Author: promising accurate functionality and long-term reliability of software systems.
Mahesh Kumar Thota Simultaneously, software testing requires much effort, cost, infrastructure and expertise
[email protected]
as the development. The costs and efforts elevate in safety critical software systems.
Therefore, it is essential to have a good testing strategy for any industry with high
Copyright: The Author(s). software development costs. In this work, we are planning to develop an efficient
This is an open access article approach for software defect prediction by using soft computing based machine learning
distributed under the terms of the
Creative Commons Attribution
techniques which helps to predict optimize the features and efficiently learn the features.
License (CC BY 4.0), which
permits unrestricted distribution Keywords: Defect prediction, Soft computing, Verification, Validation.
provided the original author and
source are cited.

Publisher:
1. INTRODUCTION
Chaoyang University of
One of the most exhaustive and pricey part of embedded software development is
Technology
consider as the process of finding and fixing the defects (Ebert and Jones, 2009). Due to
ISSN: 1727-2394 (Print) complex infrastructure, magnitude, cost and time limitations, monitoring and fulfilling
ISSN: 1727-7841 (Online) the quality is a big challenge, especially in automotive embedded systems. However,
meeting the superior product quality and reliability is mandatory. Hence, higher
importance is given to V&V (Verification & Validation). Software testing is an integral

https://doi.org/10.6703/IJASE.202012_17(4).331 331
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

part of software V&V, which is focused on promising constrained resources to those modules of the software
accurate functionality and long-term reliability of software framework, which are more liable to be affected by bugs.
systems. Simultaneously, software testing requires much Constructing a defect prediction models for a software
effort, cost, infrastructure and expertise as the development framework is helpful for numerous of developmental or
(Lemos et al., 2015). The costs and efforts elevate in safety maintenance activities, for example, software quality
critical software systems. Therefore, it is essential to have a assessment and monitoring quality assurance (QA).
good testing strategy for any industry with high software The significance of defect prediction has propelled
development costs. various scholars and engineers to characterize distinctive
Nowadays, the growth of the software industry is huge kinds of models or indicators that portray different parts of
and more sophisticated. Therefore, anticipating the programming quality. Most research generally evaluates
reliability of the software is an important task in software this issue as supervised learning problems and the results of
development process (Roy et al., 2014). A software bug is a those defect prediction models is dependent on the previous
defective behavior of the software system which arises due defect information. To be precise, a predictor model is built
to definite and possible violation of security policies during based on the training data obtained from the previous
the application runtime. It is mainly caused by improper defects seen in past software releases. This defect
development or erroneous specification of the software predictor’s can be used to defect bugs in upcoming software
system (Ghaffarian and Shahriari, 2017). According to ref. projects or to cross-validate on the same data set (He et al.,
of Abaei and Selamat (2014), analysis and prediction of 2012), also known as Within-Project Defect Prediction
defects are essential to serve three important requirements. (WPDP). Zimmermann et al. (2009) expressed that the
First, it helps in assessing the progress of the project and performance of defect prediction models can be better, if
assists in scheduling testing process by the project manager. there are adequate quantity of information accessible to
Second, it helps in investigating the quality of the product. train the models. Nevertheless, this type of information is
Lastly, it improves the reliability and functionality of the not available for freshly started projects. Therefore, high
product. The fault-prone modules can be identified by precision in defect prediction process in such projects
distinct metrics, which have been reported by the previous become extremely difficult, sometimes implausible.
fault prediction. Some of the crucial information, such as However, there are little open-source information on defect
number of faults, location, severity, and distribution of datasets, such PROMISE (Wang and Li, 2010), Apache
defects are extracted to enhance the efficiency of testing (Ghotra et al., 2015) and Eclipse (Ryu et al., 2016), which
process. It further helps in improving the software quality can be used to train the defect predictors.
of the upcoming software release. The two main advantages To overcome such challenges, few engineers and scholars
of software fault prediction are, enhancement of the overall have made an attempt to apply the predictors from one
testing process by emphasizing on fault-prone modules, project, on to a different one ( Li et al., 2017; Lu et al.,
identification of the refactoring candidates which are 2015). This process of using information between different
rendered as most likely to undergo fault (Catal, 2014). projects to construct defect models is generally termed as
The models used for Software engineering cost and Cross-Project Defect Prediction (CPDP). It involves the
schedules, their estimation, etc., are implemented for process of implementing a predictor model in a project,
several reasons which are, which was built for some other project.
 Budgeting: It is the first and foremost implication, The choice of training samples relies upon the
but it is not the only purpose. The most important distributional attributes of datasets. Few experimental
factor is “overall accuracy of the system”. examinations assessed the practical advantages of cross-
 Project planning and control: It is yet another critical project defect predictors with various programming metric,
feature to offer cost and scheduling estimations with such as, process measurements, static code metrics, system
respect to modules, stage and process. metrics, etc., (Li et al., 2017; Lu et al., 2015), and how to
 Tradeoff and risk analysis: It involves the uses such metrics in a complementary way (Zimmermann et
supplementary capability to focus on the project al., 2009). Even though, several attempts are established for
scheduling and costs involved in the project the implementation of CPDP, it is still not well developed,
decisions (staffing, scoping, tools, reuse, etc.). and suffers from poor performance in practice (Rahman et
 Software improvement investment analysis: In al., 2012). Besides, no definitive information is available on
involves the additional cost and efforts required for how the defect predictors amongst WPDP and CPDP are
other strategies, such as recycling, tools, inventory, sanely selected, when there are no proper historical data on
process maturity, etc. the project. In general, several type of software metrics, for
In software programming, defect analysis and prediction example, history of code change, static code metrics,
can decisively determine potential bugs in the software and network metrics, process metrics (He et al., 2013), etc., are
helps in discovering the modules which are more vulnerable used for building defect predictors for various types of fault
to such problems. It can assist the engineers to allocate detection (Radjenović et al., 2013).

https://doi.org/10.6703/IJASE.202009_17(4).331 332
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Software Reliability Growth Model

Black Box

Capture/Recapture Analysis

Prediction Expert Opinions

Casual Models
Defect
prediction White Box Analogy based Predictions
techniques

Multivariate Regression

Constructive Quality Model

Software Reliability Growth Model

Logistic Regression
Classification
ML based Model
Fig. 1. Software defect prediction techniques

All current defect prediction models are constructed on foreseeing anticipated that number of imperfections would
the sophisticated amalgamation of programming metrics, be found in a given programming antique (Prediction) and
with which a defect predictor can generally attain good level Fig. 1 outlines normally utilized programming imperfection
of precision. Nevertheless, few feature selection algorithms forecast methods clustered by the reason –fault check
such as principal component analysis (PCA), can greatly expectation or defect inclined arrangement.
lower the amount of data dimensions (He et al., 2015; Wu In an investigation by Staron and Meding (Rajbahadur et
et al., 2017; Wang et al., 2013), they still result in a time- al., 2017), professional views were utilized and their
consuming process. Can a compromise solution be found, execution contrasted with other information based models.
which can attain a tradeoff between cost and accuracy? As Author’s former works establishes the long term analytical
it were, would we be able to build a generic universal power of SRGMs (Software Reliability Growth Models)
predictor with hand few of metrics, such as Lines of Code within the automotive realm indicating their utility in
(LOC), which can attain accurate results in comparison to analyzing or predicting fault and consistency. To categorize
other complex prediction models? Apart from choosing a the software modules which are likely to be defective or to
proper software metric, there are numerous classifiers analyze the compactness of software defect, various
available at disposal, such as Naive Bayes (Zhang et al., software modules related to code features like complexity,
2016), J48 (Song et al., 2006), Support Vector Machine size etc., has been utilized effectively.
(SVM) (Xia et al., 2016), Logistic Regression (Li et al., Techniques that utilize code and modify measurements as
2014), and Random Tree (Staron and Meding, 2008), etc. sources of info and utilize machine learning strategies for
Apart from these, there are a few improved classifiers (Rana categorizing and predicting have additionally been
et al., 2013) and hybrid classifiers (Gondra, 2008) which are examined by Iker Gondra (Kim et al., 2011) and Xie et al.
known to effectively improve classification results. (2011). Pertinence of different strategies for programming
imperfection forecasts over the life cycle periods of
1.1 Software Defect Prediction Techniques programming advancement and the attributes of every
To foresee the quantity of flaws anticipated that would be strategy are shown in Table 1.
found in a product module/venture or to group which
modules are likely to be imperfect, Programming Defect 1.2 Techniques for Defect Classification
Prediction (PDP) systems are utilized. Various distinctive Software defect classification is another important
strategies have been utilized for characterization technique of defect prediction. These models strive to
/anticipating absconds; they can be extensively gathered identify fault-prone software modules using variety of
into methods that are utilized to foresee if or not a given software project and product attributes. In general, defect
programming ancient rarity is probably going to contain a classification models are implemented at lower granularity
deformity (Classification) and procedures utilized for levels, more predominantly at file and class level. Hence,

https://doi.org/10.6703/IJASE.202009_17(4).331 333
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Table 1. Different strategies for programming imperfection forecasts

Method Input data required Advantages and limitations
Causal Inputs about estimated size, Causal models biggest advantage is that they can be
Models complexity, qualitative inputs on applied very early in the development process. Possible
planned testing and quality to analyse what-if scenarios to estimate output quality
requirements or level of testing needed to meet desired quality goals.
Expert Domain experience (software This is the quickest and easiest way to get the
Opinions development, testing and quality predictions (if experts are available). Uncertainty of
assessment). predictions is high and forecasts may be subjected to
individual biases
Analogy Project characteristics and Quick and easy to use, the current project is
Based observations from large number of compared to previous project with most similar
Predictions historical projects. characteristics. Evolution of software process,
development tool chain may lead to inapplicability or
large prediction errors.
Constructive Software size estimates, product, Can be used to predict cost, schedule or the residual
Quality personal and project attributes; defect defect density of the software under development.
Model removal level. Needs large effort to calibrate the model.
Correlation Number of defects found in given This method needs little data input which is available
Analysis iteration; size and test effort after each iteration. The method provides easy to use
estimates can also be used in rules that can be quickly applied. The model can also be
extended models. used to identify modules that show higher/lower levels
of defect density and thus allow early interventions
Regression Software code (or model) metrics as Uses actual code/models characteristic metrics which
Models measure of different characteristics means estimates are made based on data from actual
of software code/model; Another software under development. Can only be applied when
input can be the change metrics. code/models are already implemented and access to the
source code/model is available. The regression model
relationship between input characteristics and output
can be difficult to interpret –do not map causal
relationship
Machine Software code (or model) metrics as Similar to regression models, these can be used for
Learning measure of different characteristics either classification (defective/not defective) or to
based of software code/model; Another estimate defect count/densities. Over time as more data
models input can be the change metrics. is made available, the models improvise on their
predictive accuracy by adjusting their value of
parameters (learning by experience). While some
models as Decision Trees are easy to understand others
may act like a black box (for example Artificial Neural
Networks) where their internal working is not explicit
Software Defect inflow data of software under Can use defect inflow data to make defect predictions
Reliability development (life cycle model) or or forecast the reliability of software based system.
Growth software under testing. Reliability growth models are also useful to assess the
Models maturity/release readiness of software close to its
release. These models need substantial data points to
make precise and stable predictions

the software products which are flagged as defect-prone can product metrics are employed as predictor variables.
be prioritized according to their severity for more rigorous Zimmermann, et al. (Köksal et al., 2011) worked on the
verification and validation activities. principle of logistic regression to categorize file/packages in
Eclipse project as defect prone.
1.2.1 Logistic Regression
A software module can be categorized as defect-prone or 1.2.2 Machine Learning Models
not, on the basis of logistic regression. Much like the Some popular machine learning techniques uses
multivariate regression, the classification of software statistical algorithms and data mining techniques, which is
modules is done by using several variety of process and helpful for predicting and classifying defects. Such

https://doi.org/10.6703/IJASE.202009_17(4).331 334
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

techniques are identical to regression approaches that use Menzies et al. (2004) carried out an experiment derived
same type of independent variables. On the upside, the from the open-source NASA datasets with the help of few
machine learning algorithms are dynamic in nature, and data mining techniques. The results were later evaluated
they progressively enhance the overall prediction and with the help of balance parameter, probability of false
classification technique. alarm and probability of detection. Prior to the
implementation of the algorithm, the authors have used the
1.3 General Process of Software Defect Prediction log-transformation with Info-Gain filters. They further
To build an efficient prediction model, we should have assured that performance of Naïve Bayes in terms of fault
proper data on defects and metrics, which can be prediction was better than J48 algorithm. The authors have
accumulated from software development efforts to use as further contended that since a few models with low accuracy
the learning set. Thus, there is tradeoff between its performed well, implementing such models as a dependable
prediction performance on additional data sets and how well parameter for performance assessment was not suggested.
this model fits in its learning set. Therefore, the performance Okutan and Yıldız (2014), estimated the probabilistic
of the model is assessed by the comparison of the predicted influential relationships between software metrics and
defects of the modules in a test, against the actual defects probability of defect, with the help of Bayesian networks.
witnessed (Hewett, 2011). Apart from the metric used in Promise data repository, two
other metric were defined in this proposed research work,
1.4 General Defect Prediction Process which were LOCQ for the source code quality and NOD for
Labeling: An appropriate defect data must be collected the number of developers. These metrics can be derived by
for the purpose of training a prediction model. This step examining the source code repositories of the targeted
generally involves the extraction of instances and labeling Promise data archives. Once the model was complete, the
the data items (True or False). marginal probability of defect of the system can be
Extracting features and creating training sets: The understood, along with the set of influential metrics, and the
extraction of features for prediction labels of instances is correlation between defects and metrics.
performed in this stage. Few common features for defect Likewise, dictionary based learning algorithms were
prediction are keywords, complexity metrics, deviations, more popular in the field of software defect prediction. Jing
and structural dependencies. By consolidating the labels and et al. (2014) implemented software defect prediction models
highlights of instances, a training set is generated which is on the principle of machine learning techniques. The
used by the machine learning algorithms to develop a similarity between different software modules can be
forecast model. exploited to represent a small proportion of few modules
Building prediction models: The prediction models can with the help of some other modules. Furthermore, the
be built with the help of a training set, implemented on the coefficients of the pre-defined dictionary contains the
general machine learning algorithms, such as Bayesian historical software data, which are large inadequate. With
Network or Support Vector Machines (SVM). Based on the the help of the qualities of the metrics extracted from the
learned data, the model can classify and label the test open-source programming modules, the researchers learn
instances as TRUE or FALSE. numerous dictionaries, including but not limited to,
Assessment: The assessment of a prediction display is defective-free module, defective module, total dictionary,
done on the basis of testing dataset collection and training sub-dictionaries, etc. The researchers have also considered
set. The labels of the training dataset are used to build the the problem of misclassification cost, as it usually imposes
prediction model, which is later evaluated by comparing the greater risk than other defective-free ones. Along these lines,
prediction and real labels. The training sets and testing sets we present a cost-sensitive discriminative dictionary
are separated using 10-fold cross-validation technique. learning (CDDL) technique for software defect
classification and prediction.
The representative studies in software defect prediction
2. RELATED WORKS are shown in Table 2. Over the past decade, several attempts
were made to build efficient prediction models. Process
As indicated by Catal and Diri (2009), defect prediction
metrics and source code (Rahman et al., 2012) are some of
models in software programming have become one of the
the widely studied metrics. Process metrics were derived
significant research areas since 1990. In just two decades,
from the software archives, for example, bug tracking
the total amount of research papers in this area had increased
systems, version control systems, etc., which keep track of
two fold. A wide range of procedures and methodologies
all development histories. Process metrics evaluates
were utilized for defect prediction models, for example,
numerous characteristics of software programming process
decision trees (Selby and Porter, 1988) neural network
such as, ownership of source code files, changes of source
system (Hu et al., 2007), Naïve Bayes (Menzies et al., 2004),
code, developer interactions, etc. The source code metric
case-based reasoning (Khoshgoftaar et al., 1997), fluffy
determines the intricate should the source code be. The
logic (Yadav and Yadav, 2015) and the artificial immune
fundamental basis about the source code metric was that
recognition framework technique in Catal and Diri (2007).

https://doi.org/10.6703/IJASE.202012_17(4).331 335
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Table 2. Representative studies software defect prediction

Type Categories Representatives
Sorce code (Jing et al., 2014), Process (Churn (Kim et al., 2007), (Ghotra et
al., 2015), Change (Kamei et al., 2010), Entropy (Zhang et al., 2016),
Popularity (Roy et al., 2014), Authorship (He et al., 2015), Ownership (Catal,
Metrics
2014), MIM (Hewett, 2011), Network measure (Okutan and Yıldız, 2014),
(Peters et al., 2013), (Khoshgoftaar et al., 2010), Antipattern (Shin et al.,
2010)
Within/Cross Classification, Regression, Active/Semi-supervised learning (Hu et al., 2007),
Algorithm/Model
(Bosu et al., 2014), BugCache (Xie et al., 2011)
Finer prediction Change classification (Gondra, 2008), Method level-prediction (Song et al.,
granularity 2006)
Feature selection/Extraction (Walden and Doyle, 2012), (Kim et al., 2007),
Preprocessing Normalisation (Jing et al., 2014), (Catal and Diri, 2009), Noice handling
(Rajbahadur et al., 2017), (Morrison et al., 2015)
Metric compensation (Brereton et al., 2007), NN filter (Moshtari and Sami,
Transfer learning
Cross 2016), TNB (Khoshgoftaar et al., 1997), TCA + (Catal and Diri, 2009)
Feasibility Decision Tree (Catal and Diri, 2009), (Xia et al., 2016)

more complex source code was more likely to be infected vital information about the historical data about the
by bugs. Several studies have emphasized the significance developmental process. Few of the popular representative
of process metrics for defect prediction (Zhang et al., 2016; approaches for cross defect prediction were Nearest
Fenton and Neil, 1999; Kamei et al., 2010). Neighbour (NN) Filter (Zhang et al., 2017), metric
The prediction models built by the machine learning compensation (Watanabe et al., 2008), Transfer Naive
algorithms have the ability to detect the probability of bugs Bayes (TNB) (Ma et al., 2012), and TCA + (Nam et al.,
or defects in the source code. Few research works have 2013).
mplemented latest machine learning algorithms such as
active/semi-supervised learning algorithms, which are 2.1 Within-Project Defect Prediction
known to enhance prediction performance (Li et al., 2012; Catal and Diri (2009) has conducted an investigation on
Zhang et al., 2017). BugCache algorithm was suggested by over 90 software defect prediction research works, which
Kim et al., which uses the locality information of previous were published between the vicinity of 1990 and 2009. He
defects and maintains a list of source code files or modules, reviewed these papers on the basis of the performance
which were more likely to be faulty (Kim et al., 2007). evaluation metrics, learning algorithms, experimental
BugCache algorithm uses machine learning techniques outcomes, datasets, etc. As indicated by this review, the
for building defect prediction models which uses non- author expressed that a large portion of these research works
statistical model. This entirely different from the other were based on utilizing the method-oriented metrics and
defect prediction models. It also fine tunes the prediction prediction-models. Therefore, they were largely dependent
granularity. It attempts to find defects at various levels, such on the machine learning procedures, and Naive Bayes
as, class, file, package, component, system. Few recent techniques, which were regarded as a popular machine
experiments have demonstrated that defects can be found at learning techniques for supervised prediction tasks.
module level or method level, or change level (Koru and Liu, Hall et al. (2011) carried out an investigation on the
2005). The developers can be benefited by the finer metrics, such as model contexts, modeling algorithms,
granularity model, as they can minimize the scope of source independent variables, etc., and characterized their effects
code, which must be inspected. Thus, preprocessing on the performance of defect prediction models, based on
techniques are also an important part of defect prediction the 208 research works. Their outcomes demonstrated that
studies. Prior to the implementation of defect prediction rudimentary modeling systems, for example, Logistic
model, few techniques are applied, such as normalization Regression and Naive Bayes, portrayed better performance.
(Menzies et al., 2004), feature selection (Catal and Diri, Additionally, the performance was further enhanced by the
2009), noise handling (Khoshgoftaar and Rebours, 2007), combination of independent variables. The results are
etc. greatly improved by the application of feature selection on
Several authors have also emphasized on cross-project these combinations. The authors contend that there was
fault prediction. Majority of these experiments were considerable amount of defect prediction models, in which
portrayed and directed inside the prediction setting, which certainty was conceivable. However, more examinations
suggests that the forecast models were constructed and which implemented a reliable technique have witnessed a
executed within the same project. In spite of this, it was comprehensive context, performance, and methodology.
challenging for few new projects, which did not contain any Most of these research works were reviewed with respect to

https://doi.org/10.6703/IJASE.202009_17(4).331 336
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

two systemic literature surveys that were led with regards to Herbold (2013) suggested a few methodologies in view
WPDP. Nevertheless, they overlooked the fact that few of of forty-four informational collections from fourteen open-
these research works were particularly new, and they source ventures regarding training data selection for CPDP.
normally have restricted or deficient information to train a A few portions of their informational collections are utilized
proper prediction model for defect forecasting. Thus, a few here in our paper. The outcomes exhibited that their choice
researchers have started to work their way towards CPDP. procedures enhanced the realized progress rate essentially,
though the nature of the outcomes was as yet unfit to
2.2 Cross-Project Defect Prediction contend with WPDP. The survey uncovers that earlier
The primary research on CPDP was performed by Briand examinations have mostly explored the possibility of CPDP
et al. (2000), who connected models based on an open- and the decision of preparing information from their tasks.
source venture (i.e., Xpose) to another (i.e., Jwriter). Yet moderately little consideration was given to
Despite the fact that the anticipated imperfection experimentally investigating the execution of a forecaster in
recognition probabilities were not reasonable, the defect- light of a disentangled metric set from the viewpoints of
prone class positioning was precise. They additionally exertion and-cost, precision and simplification. Besides,
approved that such a model performed superior to anything next to no was thought about whether the forecasters made
the irregular model and beat it regarding class size. with basic or least programming metric subsets acquired by
Zimmermann et al. (2009) led a large-scale investigation on wiping out some unimportant and repetitive highlights can
information versus province versus process, and found that accomplish adequate outcomes.
CPDP was not generally fruitful (21/622 expectations).
They additionally detected that CPDP was not proportioned 2.3 Software Metrics
amongst internet explorer and Firefox. CPDP utilizing fixed A wide range of software models are regarded as features,
code attributes in the view of 10 projects and even gathered which can be utilized for defect prediction, to enhance
from PROMISE archive was investigated by Turhan et al. overall quality of the software programming.
They suggested a closest-neighbor sifting strategy to Simultaneously, various correlations are made among
channel through the insignificances in cross-venture numerous software metrics to review which metric offers
information. In addition, they examined the situation where good level of performance. Shin and Williams (2013)
models were developed from a combination of inside and examined whether source code and programming histories
cross-venture information, and checked for any were discriminative and detect weak codes among
enhancements to WPDP in the wake of including the sophisticated, code agitate, and parameters followed by the
information from different undertakings or projects. They designer. It was discovered that 24 of the 28 metrics were
presumed that when there was restricted venture chronicled discriminative for both Linux and Mozilla Firefox kernel.
information (e.g., 10% of recorded information), combined By utilizing all the three kinds of metrics, these models
project estimates were reasonable, as they executed and predicted more than 80% of the potential weaknesses in the
additionally within-project forecast models. files within under 25% false positives for the two activities.
Rahman et al. (2012) led a cost-delicate examination of Marco et al. (2010) led three trials on five frameworks with
the viability of CPDP on thirty eight arrivals of nine process metrics, source code metrics, previous defect data,
extensive Apache Software Foundation (ASF) ventures, by entropy of changes, and so forth. They found that the best
contrasting it with WPDP. Their detections uncovered that performance can be obtained by the modest process metrics,
the cost-touchy cross-project estimation execution was not which were marginally better than entropy and churn of
more regrettable than the inside-venture forecast execution, source code metrics.
and was significantly superior to arbitrary expectation Zimmermann et al. (2009) utilized social network
execution. To assist cross-company learning in contrast with parameters extracted from dependency relation between
the state of the art Peters et al. (2013) acquainted a new filter software programming on Windows Server 2003 to predict
called Burak filter. The outcomes uncovered that their which elements were more vulnerable to defects. With
method could assemble sixty-four percent more valuable respect to predicting defects, the experimental results have
indicators than both cross-company and within-company shown that the performance of network metrics was better
approaches in view of Burak channels, and exhibited that than source code metrics. Tosun et al. (2011) conducted
cross-organization fault estimate could be connected ahead experiments on five public datasets to replicate and verify
of schedule in a venture's lifecycle. He et al. (2015) directed their outcomes from two distinct levels of granularity. The
three tests on similar informational indexes utilized as a part outcomes have shown that network metrics were more
of this examination to approve training information from appropriate for detecting defects for large-scale and
different projects can give worthy outcomes. They complicated models, even though their performance in
additionally suggested a way to deal with naturally choosing smaller models were not much impressive. Premraj and
appropriate training information for ventures or projects Herzig (2011) reproduced the Zimmermann and Nagappan's
without neighborhood information. work to conduct further evaluation of the generality of these
results. However, the results were found to be consistent

https://doi.org/10.6703/IJASE.202012_17(4).331 337
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Table 3. Comparative analysis of classification based techniques for software defect prediction
Authors and
publication Objective Methodology Key findings Conclusion
year
Software Feed forward and Genetic algorithm is
Roy et al. Better prediction of
reliability recurrent neural used for training the
(2014) software defects
prediction network neural network
An extensive review
Data mining and ML
Ghaffarian and Data mining and which shows
Survey of SDP techniques are good for
Shahriari machine learning advantages and
techniques early defect prediction
(2017) techniques for SDP disadvantages of DM
and vulnerability
and ML techniques
Comparative
Artificial immune
Significant Feature performance where it
Catal and Diri system and random
Fault prediction selection can improve shows that Random
(2009) forest approach for
the performance forest achieves better
classification
accuracy
Software defect Multi- variants Gauss MvGNB achieves
Wang and Li prediction for Naïve Bayes Naive Bayes (MvGNB) better performance
(2010) improving the classification model used for reducing the when compared with
quality complexity J48 classifier
Different artifact
and defect Phase-wise computation It can be used for
Yadav and Fuzzy logic
prediction in along with fuzzy logic classifying the defect
Yadav (2015) technique
software classification types
engineering
Significant feature
Feature extraction
Software defect extraction and It can be used for both
Okutan and and Bayesian
prediction and relationship between supervised and
Yıldız (2014) classification
level of defect software metrics and unsupervised learning
technique for SDP
defects.

with the original work. In any case, regarding the array of binary module. The Spearman’s rank correlation was used
datasets, code metrics were more suitable for experimental for this purpose. The results revealed that there was a
investigations on open-source programming ventures. noteworthy connection among classical metrics and the
Radjenovic' et al. (2013) grouped 106 papers on defect number of vulnerabilities. Another research was led to
prediction with respect to context properties and metrics. determine the prediction capabilities of these metrics. For
hey discovered that the amount of process metrics, source this purpose, a five groups of classical metrics (i.e.,
code metrics, and object-oriented metrics, were 24%, 27%, dependency, coverage, coverage, organizational, churn)
and 49%, respectively. Chidamber and Kemerer’s (CK) uite were inspected using binary Logistic Regression.
metrics were most frequently used. In comparison to Williams and Meneely (Meneely et al., 2008), examined
complexity metrics and traditional size, the object-oriented the connection between software vulnerabilities and
and process metrics were more efficient. Thus, in developer-activity metrics. The developer-activity metrics
comparison to static code metrics, the process metrics were consists of number of commits made to a file, number of
more proficient in predicting post-release defects. On the developers who have modified the codes in the source
basis of these research works, a comparative review was program, amount of geodesic paths which contains a file in
presented in Table 3, which gives details on techniques used, the contribution network. The research was carried out on
results, and strengths of individual works. The classification three open-source software projects. The assembled
based techniques are presented first. informational in a given research work contains a label
Zimmermann et al. (2011) examined the likelihood of which suggest if the source code file was patched or not.
detecting the presence of vulnerabilities and defects in The version control logs would disclose the developer-
binary modules of a popular software product (Microsoft activity metrics. With the help of statistical correlation
Windows Vista). The researchers have used classical analysis, the researchers have confirmed the existence of
metrics which were implemented in past research works for statistical correlation for every metric with the given
defect prediction. Initially, correlations was computed quantity of vulnerabilities. However, the correlation was not
which exists between the metrics and amount of defects per very strong. The training and validation sets were generated

https://doi.org/10.6703/IJASE.202009_17(4).331 338
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

by using Bayesian network with tenfold cross-validation, as Subsequently, they were able to identify more than 400
the predictive model. vulnerable code changes, with the help of three-stage semi-
Walden and Doyle (2012) have led a study to inspect the automated process. The main objective was to detect the
correlation among software metric and vulnerabilities in 14 characteristics of vulnerable code changes, and developers
different popular open source web applications during 2006 who might cause such vulnerabilities. Some key discoveries
and 2008, for example, Mediawiki, WordPress. The of this study include:
researchers implemented static analytical tools, such as, 1. The probability of fault elevates if the changes made
PHP CodeSniffer, Fortify Source Code Analyzer. With the in the codes are high.
help of this tool, they have estimated various metrics in 2. Changes are made by less experienced developers
source code repositories of these web applications, such as, increases the chances of defects.
source-code size, nesting complexity, static analysis 3. The chances of defects are higher in new files, in
vulnerability density (SAVD), Security Resources Indicator comparison to modified files.
(SRI), etc. Williams and Shin (2008), conducted an To recognize constraints which are responsible for
experiment to check if the conventional defect prediction vulnerabilities, Perl et al. (Brereton et al., 2007) examined
models, which are built on the principle of code-churn the impacts of utilizing the meta-information enclosed in
metrics and complexity, were any help in predicting the fault code sources close by code –metrics. The initiators declare
vulnerability. The experiment was carried out on Mozilla the way that programming develops incrementally, and
Firefox with a fault history metric, 5 code churn metrics, most open-source projects utilize adaptation control
and 18 complexity metrics. With various classification techniques, subsequently, constraints define normal units to
techniques for the fault prediction, the researchers have check for vulnerabilities. With this intention, the creators
concluded that the results were almost identical. accumulate a dataset containing 170,860 confers from sixty
Shin et al. (2010) carried out an intense research to check six C/C ++ GitHub projects, including 640 vulnerability
if the vulnerability prediction was affected by the code- contributing commits (VCCs) plotted to significant CVE
churn and developer-activity (CCD) and complexity. In IDs. The creators select an arrangement of code-beat and
regard to this, the researchers have conducted experiments designer-interest metrics, and in addition GitHub meta-
on two open-source projects. The analysis was performed information from various extensions (creator, document,
on over 28 CCD software metrics, which also consists of 3 commit and project) and concentrate these highlights for the
code-churn metrics, 14 complexity metrics, and 11 accumulated dataset. To distinguish VCCs from unbiased
developer-activity metrics. commits, the creators assess their recommended technique,
The authors have used the Welch’s t-test to assess the named VCC Finder, which utilizes a Support Vector
discriminative power of the metrics. For both the projects, Machine (SVM) classifier based on this dataset.
the test hypotheses were supported by at least 24 of 28 To analyze the execution of foreseeing vulnerable
metrics. For the purpose of evaluation of predictive power programming mechanisms, in light of programming metrics
of the metrics, the authors have tested numerous against text-extracting procedures, Walden et al. (2014)
classification techniques. They have discussed the result played out an investigation. With this thought, the creators
form just one technique, as the performance was similar. To initially developed a manually-built dataset of
verify the predictive capacity of the model, the authors have vulnerabilities assembled from three vast and well known
validation on next-release, where numerous releases were in open-source PHP web applications (Moodle, PhpMyAdmin,
progress. Apart from that, they have also performed cross- Drupal), comprising of two hundred and twenty three
validation, where only a single release would be in progress. vulnerabilities. As an endowment to the investigation group,
Moshtari and Sami (2016) pointed out three important this dataset is presented. An arrangement of twelve code
constraints of vulnerability prediction models of previous unpredictability metrics was chosen for this examination in
research works. Therefore, they presented a new technique order to estimate vulnerability in the light of programming
to predict the potential location of the defects in the software. metrics. For content mining, every PHP source file was
It is accomplished by complexity metrics by resolving the tokenized. Unwanted tokens are either transferred
limitations of previous studies. For the purpose of detecting (punctuations, comments, string, numeric literals, etc.) or
software vulnerabilities, the researchers have proposed a terminated. A count was kept on the frequencies of final
semi-automatic analysis framework. The output from this tokens. The numerical feature-vectors are built from the
framework is used as vulnerability information, which was textual tokens of each PHP source file, using the popular
known to provide more comprehensive details about the “bag-of-words” technique.
vulnerabilities in software, as explained by the authors. This Morrison et al. (2015) explains that defect prediction
research had examined both cross-project and within- models which are implemented by the Microsoft teams, are
project fault prediction, with the help of accumulated different from the vulnerability prediction models (VPMs).
information from over five different open-source projects. To clarify this disparity, for two fresh releases of the
Bosu et al. (2014) conducted a similar experiment, in Microsoft Windows OS the researchers have made an
which they investigated more than 260,000 code review attempt to reproduce a VPM technique, presented by
requests from over 10 different open source projects. Zimmermann et al. (2011).

https://doi.org/10.6703/IJASE.202012_17(4).331 339
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Table 4. Uniqueness and few advantages of each work

Within/Cross-
Authors Metrics Granularity Vulnerability
project
Code churn, coverage,
Zimmerman et al. dependency,
Binary modules Within project Public advisories
(2011) complexity ,
organizational
Meneely et al.
Developer activity Source file Within project Public advisories
(2008)
Code complexity and Tool-based
Source file Within project
security resources defection
Walden and Doyle Complexity, fault-
Source file Within project Public advisories
(2012) history, code churn
Code complexity,
Yonghee et al. (Shin dependency network
Source file Within project Public advisories
and Williams, 2011) complexity and
execution complexity
Shin and Williams Complexity, code-churn,
Source file Within project Public advisories
(2008) developer activity
Self-developed
Unit complexity,
Shin et al. (2010) Source file both detection
coupling
framework
Moshtari and Sami Code churn, developer
Code commits Within project Public advisories
(2016) activity
Bosu et al. (2014) Developer activity Code commits Within project Public advisories
Code churn, developer
Perl et al. (Brereton
activity, GitHub Within project Public advisories
et al., 2007)
Metadata
Walden et al. (2014) Code complexity Source file Both Public advisories
Code churn, complexity,
Morrison et al.
coverage, dependency, Binary module Within project Public advisories
(2015)
organizational
Code complexity,
Younis et al. (2016) information flow, Functions Within project Public advisories
functions, Invocations.

Younis et al. (2016) made an attempt to detect the 3. APPLICATIONS OF DEFECT

attributes of code, which contains defects that was more PREDICTION
ikely to be susceptible. Since they commenced the study,
they were able to recognize over 183 defects from the Linux One of significant objectives of defect prediction models
kernel and Apache HTTPD web server projects. It must be is efficient utilization of available resources for assessing
noted that these projects contained 82 exploitable and testing programming modules. Nevertheless, there is
vulnerabilities. The researchers have chosen over 8 software only a hand few of contextual analyses which use defect
metrics from 4 groups, in order to represent these prediction models (Lewis, 1999). Thus, Rahman et al. (2012)
ulnerabilities. They had used Welch’s t-test to investigate led most of their investigation on cost-viability. Lewis (1999)
the discriminative power of each metric. Furthermore, the pioneered a recent contextual investigation directed by
researcher examined if there is a combination of these Google, which compares the BugCache and Rahman's
metrics which can be exploited as predictors for few defects, technique, with respect to the amount of closed bugs (Peters
wherein, 3 diverse feature selection techniques and 4 et al., 2013). The outcomes have indicated that the designers
classification techniques were verified. favored Rahman's technique.
In the previous section, a review was presented on In any case, the defect prediction models do not give any
various recent researches in the area of defect prediction advantages to the developers. In a recent survey, Rahman et
models based on software metrics. Table 4 presents the al. (2012) demonstrated that defect prediction models could
summary of all the research works reviewed in this section be useful to organize potential warnings discovered by the
and also tabulates the uniqueness and few advantages of bug finders, for example, FindBug. It also helps in
each work. implementation of results from the defect prediction to

https://doi.org/10.6703/IJASE.202009_17(4).331 340
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

organize or choose appropriate test cases. In regression (SRI), which was proposed by Doyle and Walden
testing, performing all the test cases are not financially (2012) this is another territory for future investigations.
feasible, and consumes large amount of time as well.  The use of deep-learning techniques for defect
Therefore, it is best to choose proper test cases, which prediction is not well explored. It has emerged as a new
investigates the potential faults in the system (Lessmann et area of machine-learning algorithm which is made
al., 2008). The results of the defect prediction models can impressive accomplishments in few application
provide an idea on the potential bugs and their severity, specific domains. Furthermore, it is increasing gain
which can be exploited to select and prioritize the test cases. more popularity from scholars and professionals (Jiang
On the basis of previously reviewed works, it is obviously et al., 2008). Yang et al. (2015) proposed a technique
that the area of defect prediction has more to offer, and based on deep-learning methods for just-in-time
hence, it is in its early stages. It can be concluded with few software defect prediction. This laid the foundation for
of the future improvements and limitation, which can be another area of research for future improvements.
extracted from past research works.
 A factual limitation in the area of defect prediction 4. CONCLUSION
models is that the bugs and weaknesses are few in
number in the given datasets. In data mining and This survey paper helps the researchers to study about
machine learning algorithms, this limitation is termed software defects and software defect prediction techniques.
as imbalance class data. This imbalance can create a To implement the data pre-processing technique; data
greater drop in overall performance of the algorithms. cleaning, data normalization and data discretization will be
However, there are few methods to overcome this issue performed in data mining. For feature extraction and
(Khoshgoftaar et al., 2010). Furthermore, few research selection to implement of new approach, to implement of
works were focused on achieving the same, with evolutionary computation and optimization technique for
random under-sampling the majority class. This is best feature selection and to implement machine learning
regarded as a critical problem which should not be classification techniques for bug classification. An
overlooked. improved approach consists of data pre-processing low
 Moshtari et al. (2016) has implemented a semi- computation cost, complex model, software defect
automatic system for fault identification, rather than a prediction comparative analysis and improved classification
data from public repositories and fault databases performance of the system.
(example: NVD). Thus, in comparison to other
techniques, this system resulted in better recall and
precision values. This could pave the way for more
REFERENCES
intense research in the future.
Abaei, G., Selamat, A. 2014. A survey on software fault
 There are only few research works on the cross-project
studies in the area of defect prediction. Therefore, it detection based on different prediction approaches.
Vietnam Journal of Computer Science, 1, 79–95.
can be regarded as a field of future enhancement. The
Bosu, A., Carver, J.C., Hafiz, M., Hilley, P., Janni, D. 2014,
cross-project fault prediction models are not well
November. Identifying the characteristics of vulnerable
researched in the context of defect prediction models.
code changes: An empirical study. In Proceedings of the
There are additional concerns in the Cross-project
22nd ACM SIGSOFT International Symposium on
prediction models which are induced due to
distribution of data in the training set, which can differ Foundations of Software Engineering, 257–268. ACM.
Brereton, P., Kitchenham, B.A., Budgen, D., Turner, M.,
largely among themselves. Such variations can greatly
Khalil, M. 2007. Lessons from applying the systematic
degrade the performance of machine learning
literature review process within the software engineering
algorithms and statistical-analysis techniques. This
domain. Journal of systems and software, 80, 571–583.
limitation can be overcome by a descendant of the
machine-learning algorithm, known as “inductive Briand, L.C., Wüst, J., Daly, J.W., Porter, D.V. 2000.
Exploring the relationships between design measures and
transfer” (or “transfer learning”) techniques. About the
software quality in object-oriented systems. Journal of
implementation of these techniques are well
systems and software, 51, 245–273.
documents has in software defect prediction studies
Catal, C., Diri, B. 2007, February. Software defect
(Catal and Diri, 2009).
prediction using artificial immune recognition system. In
 Majority of the fault prediction techniques offered poor
performance. This is mainly due to the use of Proceedings of the 25th conference on IASTED
International Multi-Conference: Software Engineering
traditional software metrics, which are not considered
285–290. ACTA Press.
as the appropriate indicators of software defects.
Catal, C., Diri, B. 2009. A systematic review of software
Morrison et al. (2015) has discussed about this
fault prediction studies. Expert systems with applications,
situation. Later on, characterizing security-oriented
36, 7346–7354.
metrics, for example, the Security Resources Indicator

https://doi.org/10.6703/IJASE.202012_17(4).331 341
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Catal, C., Diri, B. 2009. Investigating the effect of dataset Hewett, R. 2011. Mining software defect data to support
size, metrics sets, and feature selection techniques on software testing management. Applied Intelligence, 34,
software fault prediction problem. Information Sciences, 245–257.
179, 1040–1058. Hu, Q.P., Xie, M., Ng, S.H., Levitin, G. 2007. Robust
Catal, C., Diri, B. 2009. Investigating the effect of dataset recurrent neural network modeling for software fault
size, metrics sets, and feature selection techniques on detection and correction prediction. Reliability
software fault prediction problem. Information Sciences, Engineering & System Safety, 92, 332–340.
179, 1040–1058. Jiang, Y., Cukic, B., Ma, Y. 2008. Techniques for evaluating
Catal, C. 2014. A comparison of semi-supervised fault prediction models. Empirical Software Engineering,
classification approaches for software defect prediction. 13, 561–595.
Journal of Intelligent Systems, 23, 75–82. Jing, X.Y., Ying, S., Zhang, Z.W., Wu, S.S., Liu, J. 2014,
D'Ambros, M., Lanza, M., Robbes, R. 2010, May. An May. Dictionary learning based software defect
extensive comparison of bug prediction approaches. In prediction. In Proceedings of the 36th International
2010 7th IEEE Working Conference on Mining Software Conference on Software Engineering, 414–423. ACM.
Repositories (MSR 2010), 31–41. IEEE. Kamei, Y., Matsumoto, S., Monden, A., Matsumoto, K.I.,
Ebert, C., Jones, C. 2009. Embedded software: Facts, Adams, B., Hassan, A.E. 2010, September. Revisiting
figures, and future. Computer, 42, 42–52. common bug prediction findings using effort-aware
Fenton, N.E., Neil, M. 1999. A critique of software defect models. In 2010 IEEE International Conference on
prediction models. IEEE Transactions on software Software Maintenance, 1–10. IEEE.
engineering, 25, 675–689. Khoshgoftaar, T.M., Rebours, P. 2007. Improving software
Ghaffarian, S.M., Shahriari, H.R. 2017. Software quality prediction by noise filtering techniques. Journal
vulnerability analysis and discovery using machine- of Computer Science and Technology, 22, 387–396.
learning and data-mining techniques: A survey. ACM Khoshgoftaar, T.M., Ganesan, K., Allen, E.B., Ross, F.D.,
Computing Surveys (CSUR), 50, 56. Munikoti, R., Goel, N., Nandi, A. 1997, November.
Ghotra, B., McIntosh, S., Hassan, A.E. 2015, May. Predicting fault-prone modules with case-based
Revisiting the impact of classification techniques on the reasoning. In Proceedings the eighth international
performance of defect prediction models. In Proceedings symposium on software reliability engineering, 27–35.
of the 37th International Conference on Software IEEE.
Engineering-Volume 1, 789–800. IEEE Press. Khoshgoftaar, T.M., Gao, K., Seliya, N. 2010, October.
Gondra, I. 2008. Applying machine learning to software Attribute selection and imbalanced data: Problems in
fault-proneness prediction. Journal of Systems and software defect prediction. In 2010 22nd IEEE
Software, 8, 186–195. International Conference on Tools with Artificial
Hall, T., Beecham, S., Bowes, D., Gray, D., Counsell, S. Intelligence, 1, 137–144. IEEE.
2011. A systematic literature review on fault prediction Kim, S., Zhang, H., Wu, R., Gong, L. 2011, May. Dealing
performance in software engineering. IEEE Transactions with noise in defect prediction. In 2011 33rd International
on Software Engineering, 38, 1276–1304. Conference on Software Engineering (ICSE). 481–490.
He, P., Li, B., Liu, X., Chen, J., Ma, Y. 2015. An empirical IEEE.
study on software defect prediction with a simplified Kim, S., Zimmermann, T., Whitehead Jr, E.J., Zeller, A.
metric set. Information and Software Technology, 59, 2007, May. Predicting faults from cached history. In
170–190. Proceedings of the 29th international conference on
He, P., Li, B., Liu, X., Chen, J., Ma, Y. 2015. An empirical Software Engineering, 489–498. IEEE Computer Society.
study on software defect prediction with a simplified Köksal, G., Batmaz, İ., Testik, M.C. 2011. A review of data
metric set. Information and Software Technology, 59, mining applications for quality improvement in
170–190. manufacturing industry. Expert systems with
He, P., Li, B., Ma, Y., He, L. 2013. Using software Applications, 38, 13448–13467.
dependency to bug prediction. Mathematical Problems in Koru, A.G., Liu, H. 2005. Building effective defect-
Engineering. prediction models in practice. IEEE software, 22, 23–29.
He, Z., Shu, F., Yang, Y., Li, M., Wang, Q. 2012. An Lemos, O.A.L., Ferrari, F.C., Silveira, F.F., Garcia, A. 2015.
investigation on the feasibility of cross-project defect Experience report: Can software testing education lead to
prediction. Automated Software Engineering, 19, 167– more reliable code?. In 2015 IEEE 26th International
199. Symposium on Software Reliability Engineering
Herbold, S. 2013, October. Training data selection for cross- (ISSRE), 359–369.
project defect prediction. In Proceedings of the 9th Lessmann, S., Baesens, B., Mues, C., Pietsch, S. 2008.
International Conference on Predictive Models in Benchmarking classification models for software defect
Software Engineering 6. ACM. prediction: A proposed framework and novel findings.
IEEE Transactions on Software Engineering, 34, 485–
496.

https://doi.org/10.6703/IJASE.202012_17(4).331 342
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Lewis, N.D. 1999. Assessing the evidence from the use of 2011 International Symposium on Empirical Software
SPC in monitoring, predicting & improving software Engineering and Measurement, 215–224. IEEE.
quality. Computers & Industrial Engineering, 37, 157– Radjenović, D., Heričko, M., Torkar, R., Živkovič, A. 2013.
160. Software fault prediction metrics: A systematic literature
Li, K., Chen, C., Liu, W., Fang, X., Lu, Q. 2014. Software review. Information and software technology, 55, 1397–
defect prediction using fuzzy integral fusion based on 1418.
GA-FM. Wuhan University Journal of Natural Sciences, Rahman, F., Posnett, D., Devanbu, P. 2012, November.
19, 405–408. Recalling the imprecision of cross-project defect
Li, M., Zhang, H., Wu, R., Zhou, Z.H. 2012. Sample-based prediction. In Proceedings of the ACM SIGSOFT 20th
software defect prediction with active and semi- International Symposium on the Foundations of Software
supervised learning. Automated Software Engineering, Engineering, 61. ACM.
19, 201–230. Rajbahadur, G.K., Wang, S., Kamei, Y., Hassan, A.E. 2017,
Li, Z., Jing, X.Y., Zhu, X., Zhang, H., Xu, B., Ying, S. 2017. May. The impact of using regression models to build
On the multiple sources and privacy preservation issues defect classifiers. In 2017 IEEE/ACM 14th International
for heterogeneous defect prediction. IEEE Transactions Conference on Mining Software Repositories (MSR)
on Software Engineering. 135–145. IEEE.
Lu, J., Behbood, V., Hao, P., Zuo, H., Xue, S., Zhang, G. Rana, R., Staron, M., Mellegård, N., Berger, C., Hansson, J.,
2015. Transfer learning using computational intelligence: Nilsson, M., Törner, F. 2013, June. Evaluation of standard
a survey. Knowledge-Based Systems, 80, 14–23. reliability growth models in the context of automotive
Ma, Y., Luo, G., Zeng, X., Chen, A. 2012. Transfer learning software systems. In International Conference on Product
for cross-company software defect prediction. Focused Software Process Improvement, 324–329.
Information and Software Technology, 54, 248–256. Springer, Berlin, Heidelberg.
Meneely, A., Williams, L., Snipes, W., Osborne, J. 2008, Roy, P., Mahapatra, G.S., Rani, P., Pandey, S.K., Dey, K.N.
November. Predicting failures with developer networks 2014. Robust feedforward and recurrent neural network
and social network analysis. In Proceedings of the 16th based dynamic weighted combination models for
ACM SIGSOFT International Symposium on software reliability prediction. Applied Soft Computing,
Foundations of software engineering 13–23. ACM. 22, 629–637.
Menzies, T., DiStefano, J., Orrego, A., Chapman, R. 2004. Ryu, D., Choi, O., Baik, J. 2016. Value-cognitive boosting
Assessing predictors of software defects. In Proc. with a support vector machine for cross-project defect
Workshop Predictive Software Models. prediction. Empirical Software Engineering, 21, 43–71.
Mısırlı, A.T., Çağlayan, B., Miranskyy, A.V., Bener, A., Selby, R.W., Porter, A.A. 1988. Learning from examples:
Ruffolo, N. 2011, May. Different strokes for different generation and evaluation of decision trees for software
folks: A case study on software metrics for different resource analysis. IEEE Transactions on Software
defect categories. In Proceedings of the 2nd International Engineering, 14, 1743–1757.
Workshop on Emerging Trends in Software Metrics, 45– Shin, Y., Williams, L. 2008, October. An empirical model to
51. ACM. predict security vulnerabilities using code complexity
Morrison, P., Herzig, K., Murphy, B., Williams, L. 2015, metrics. In Proceedings of the Second ACM-IEEE
April. Challenges with applying vulnerability prediction international symposium on Empirical software
models. In Proceedings of the 2015 Symposium and engineering and measurement, 315–317. ACM.
Bootcamp on the Science of Security, 4. ACM. Shin, Y., Williams, L. 2011, May. An initial study on the use
Moshtari, S., Sami, A. 2016, April. Evaluating and of execution complexity metrics as indicators of software
comparing complexity, coupling and a new proposed set vulnerabilities. In Proceedings of the 7th International
of coupling metrics in cross-project vulnerability Workshop on Software Engineering for Secure Systems,
prediction. In Proceedings of the 31st Annual ACM 1–7. ACM.
Symposium on Applied Computing, 1415–1421. ACM. Shin, Y., Williams, L. 2013. Can traditional fault prediction
Nam, J., Pan, S.J., Kim, S. 2013, May. Transfer defect models be used for vulnerability prediction?. Empirical
learning. In 2013 35th International Conference on Software Engineering, 18, 25–59.
Software Engineering (ICSE), 382–391. IEEE. Shin, Y., Meneely, A., Williams, L., Osborne, J.A. 2010.
Okutan, A., Yıldız, O.T. 2014. Software defect prediction Evaluating complexity, code churn, and developer
using Bayesian networks. Empirical Software activity metrics as indicators of software vulnerabilities.
Engineering, 19, 154–181. IEEE Transactions on Software Engineering, 37, 772–
Peters, F., Menzies, T., Marcus, A. 2013, May. Better cross 787.
company defect prediction. In Proceedings of the 10th Song, Q., Shepperd, M., Cartwright, M., Mair, C. 2006.
Working Conference on Mining Software Repositories, Software defect association mining and defect correction
409–418. IEEE Press. effort prediction. IEEE Transactions on Software
Premraj, R., Herzig, K. 2011, September. Network versus Engineering, 32, 69–82.
code metrics to predict defects: A replication study. In

https://doi.org/10.6703/IJASE.202012_17(4).331 343
 International Journal of Applied Science and Engineering

Thota et al., International Journal of Applied Science and Engineering, 17(4), 331–344

Staron, M., Meding, W. 2008. Predicting weekly defect Zhang, Z.W., Jing, X.Y., Wang, T.J. 2017. Label propagation
inflow in large software projects based on project based semi-supervised learning for software defect
planning and test status. Information and Software prediction. Automated Software Engineering, 24, 47–69.
Technology, 50, 782–796. Zimmerman, T., Nagappan, N., Herzig, K., Premraj, R.,
Walden, J., Doyle, M. 2012. SAVI: Static-analysis Williams, L. 2011, March. An empirical study on the
vulnerability indicator. IEEE Security & Privacy, 10, 32– relation between dependency neighborhoods and failures.
39. In 2011 Fourth IEEE International Conference on
Walden, J., Stuckman, J., Scandariato, R. 2014, November. Software Testing, Verification and Validation 347–356.
Predicting vulnerable components: Software metrics vs IEEE.
text mining. In 2014 IEEE 25th international symposium Zimmermann, T., Nagappan, N., Gall, H., Giger, E., Murphy,
on software reliability engineering 23–33. IEEE. B. 2009, August. Cross-project defect prediction: a large
Wang, H., Khoshgoftaar, T.M., Liang, Q. 2013. A study of scale experiment on data vs. domain vs. process. In
software metric selection techniques: Stability analysis Proceedings of the the 7th joint meeting of the European
and defect prediction model performance. International software engineering conference and the ACM SIGSOFT
journal on artificial intelligence tools, 22, 1360010. symposium on The foundations of software engineering,
Wang, T., Li, W.H. 2010, December. Naive bayes software 91–100. ACM.
defect prediction model. In 2010 International
Conference on Computational Intelligence and Software
Engineering, 1–4. Ieee.
Watanabe, S., Kaiya, H., Kaijiri, K. 2008, May. Adapting a
fault prediction model to allow inter languagereuse. In
Proceedings of the 4th international workshop on
Predictor models in software engineering, 19–24. ACM.
Wu, F., Jing, X.Y., Dong, X., Cao, J., Xu, M., Zhang, H.,
Ying, S., Xu, B. 2017, May. Cross-project and within-
project semi-supervised software defect prediction
problems study using a unified solution. In 2017
IEEE/ACM 39th International Conference on Software
Engineering Companion (ICSE-C), 195–197. IEEE.
Xia, X., Lo, D., Pan, S.J., Nagappan, N., Wang, X. 2016.
Hydra: Massively compositional model for cross-project
defect prediction. IEEE Transactions on software
Engineering, 42, 977–998.
Xie, X., Ho, J.W., Murphy, C., Kaiser, G., Xu, B., Chen, T.Y.,
2011. Testing and validating machine learning classifiers
by metamorphic testing. Journal of Systems and Software,
84, 544–558.
Yadav, H.B., Yadav, D.K. 2015. A fuzzy logic based
approach for phase-wise software defects prediction
using software metrics. Information and Software
Technology, 63, 44–57.
Yang, X., Lo, D., Xia, X., Zhang, Y., Sun, J. 2015, August.
Deep learning for just-in-time defect prediction. In 2015
IEEE International Conference on Software Quality,
Reliability and Security, 17–26. IEEE.
Younis, A., Malaiya, Y., Anderson, C., Ray, I. 2016, March.
To fear or not to fear that is the question: Code
characteristics of a vulnerable functionwith an existing
exploit. In Proceedings of the Sixth ACM Conference on
Data and Application Security and Privacy, 97–104.
ACM.
Zhang, F., Zheng, Q., Zou, Y., Hassan, A.E. 2016, May.
Cross-project defect prediction using a connectivity-
based unsupervised classifier. In Proceedings of the 38th
International Conference on Software Engineering, 309–
320. ACM.

https://doi.org/10.6703/IJASE.202012_17(4).331 344