OALib Journal期刊
ISSN: 2333-9721
费用：99美元

投递稿件

查看量	下载量

相关文章
更多...

电子学报 2013

基于漏洞严重程度分类的漏洞预测模型

DOI: 10.3969/j.issn.0372-2112.2013.09.018, PP. 1784-1787

高志伟,姚尧,饶飞,刘延钊,罗平

Keywords: 漏洞预测模型,马尔科夫链,漏洞严重程度,分类预测

Full-Text Cite this paper Add to My Lib

Abstract:

软件漏洞预测模型有许多种,能预测软件中存在的漏洞总数以及发生的时间间隔,但不能预测软件漏洞的严重程度.然而在某些场合,如软件可信性,我们不仅要考虑软件漏洞发生的总数和时间间隔,而且也要考虑漏洞发生的严重程度对软件可信性的影响.既是在传统的软件安全性研究中,考虑漏洞发生的严重程度的影响,对软件的使用和风险控制也是很重要的.本文基于传统的马尔可夫模型,将软件漏洞按发生的严重程度进行分类,获得了一种新的软件漏洞预测数学模型.利用该模型不仅能够预测软件中存在的漏洞总数和时间间隔,而且同时也能预测每一类的漏洞总数和漏洞种类,试验表明有较好的准确度,这是其它漏洞预测模型所无法预测的.

References

[1]	Pfleeger Charles P.Security in Computing[M].USA:Prentice-Hall,1997.46-48.
[2]	Shin Y,Williams L.Is complexity really the enemy of software security [A].Proceedings of the Fourth ACM Workshop on Quality of Protection [C].Alexandria,Virginia,USA:ACM,2008.47-50.
[3]	Alhazmi OH,Malaiya YK.Prediction capabilities of vulnerability discovery models [A].Annual Reliability and Maintainability Symposium [C].Newport Beach,CA:RAMS,2006.86-91.
[4]	Shin Y,Williams L.An empirical model to predict security vulnerabilities using code complexity metrics [A].Proceedings of the Second ACM-IEEE InternationalSymposium on Empirical Software Engineering and Measurement [C].Kaiserslautern,Germany:ACM,2008.315-317.
[5]	Musa J D,Okumoto K.A logarithmic Poisson execution time model for software reliability measurement [A].Proceedings of the 7th International Conference on Software Engineering [C].Orlando:IEEE Press,1984.230-238.
[6]	Rescorla E.Is fining security holes a good idea[J].IEEE Security and Privacy,2005,3(1):14-19.
[7]	陈恺,冯登国,苏璞睿,等.一种多周期漏洞发布预测模型[J].软件学报,2010(9):2367-2375. Chen Kai,Feng Deng-guo,Su Pu-rui,et al.Multi-cycle vulnerability discovery model for prediction[J].Journal of Software,2010(9):2367-2375.(in Chinese)
[8]	Schultz Jr EE,Brown DS,Longstaff TA.Responding to Computer Security Incidents [OL].Lawrence Livermore National Laboratory,ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz,1990.
[9]	Alhazmi OH,Malaiya YK,Ray I.Measuring,analyzing and predicting security vulnerabilities in software systems[J].Computers ＆ Security,2007,26(3):219-228.
[10]	Zhang Su,Caragea D,Ou Xinming.An empirical study on using the national vulnerability database to predict software vulnerabilities [A].Proceedings of the 22nd International Conference Database and Expert Systems Applications [C].Toulouse,France:DEXA,2011.217-231.
[11]	Kim J,Malaiya YK,Ray I.Vulnerability discovery in multi-version software systems [A].IEEE International Symposium on Software Reliability Engineering [C].Seattle,Washington:IEEE CPS,2008.299-300.
[12]	Anderson R.Security in open VeTSUS closed systems-The dance of Boltzmann,Coase and Moore [A].Proceedings of the Conference on Open Source Software Economics [C].Cambridge:MIT Press,2002.1-15.
[13]	Musa J D,Iannino A,Okumoto K.Software Reliability Engineering[M].NY:McGraw-Hill,1999.193-223.

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133