Public code platforms like GitHub are exposed to several different attacks, and in particular to the detection and exploitation of sensitive information (such as passwords or API keys). While both developers and companies are aware of this issue, there is no efficient open-source tool performing leak detection with a significant precision rate. Indeed, a common problem in leak detection is the amount of false positive data (i.e., non critical data wrongly detected as a leak), leading to an important workload for developers manually reviewing them. This paper presents an approach to detect data leaks in open-source projects with a low false positive rate. In addition to regular expression scanners commonly used by current approaches, we propose several machine learning models targeting the false positives, showing that current approaches generate an important false positive rate close to 80%. Furthermore, we demonstrate that our tool, while producing a negligible false negative rate, decreases the false positive rate to, at most, 6% of the output data.
Optimizing leak detection in open-source platforms with machine learning techniques
ICISSP 2021, 7th International Conference on Information Systems Security and Privacy, 11-13 February 2021 (Virtual Conference)
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in ICISSP 2021, 7th International Conference on Information Systems Security and Privacy, 11-13 February 2021 (Virtual Conference) and is available at :
PERMALINK : https://www.eurecom.fr/publication/6403