高级检索

    一种微观漏洞数量预测模型

    An Software Vulnerability Number Prediction Model Based on Micro-Parameters

    • 摘要: 全球每年因为软件漏洞造成的损失十分巨大,而软件漏洞分析方法的缺陷使得漏洞本身难以被发现,因此大家开始对漏洞数量进行预测,预测软件的漏洞数量对信息安全评估有着重要的意义.目前主要的估算方法是漏洞密度的方法,但此方法仅是宏观范围内估算,并不能反映漏洞软件本身的性质.提出从软件的微观角度进行软件漏洞数量的估算通过提取软件典型微观参数,从而发现软件漏洞数量与其微观参数的联系,相比漏洞密度的预测方法具有相当的优势.软件微观漏洞模型在提出漏洞继承假设的基础上,认为软件的漏洞数量与它的某些微观参数之间存在线性关系,并给出了根据软件微观参数以及其历史版本漏洞数据预测软件漏洞数量的方法.通过对7款软件进行验证,证明了软件微观漏洞模型在预测软件漏洞数量时的有效性与准确性.

       

      Abstract: As the cost caused by software vulnerabilities keeps increasing, people pay more and more attention to the researches on the vulnerability. Although discovering vulnerability is difficult because of the defect of vulnerability analysis, to predict the number of vulnerabilities is very useful in some domain, such as information security assessment. At present, the main methods to estimate the density of the vulnerabilities focus on the macro level, but they can not reflect the essential of vulnerability. A prediction model based on micro-parameter is proposed to predict the number of vulnerability with the micro-parameters of software, and it extracts the typical micro-parameters from some software series for the purpose of discovering the relationship between the vulnerability number and micro-parameters. With the hypothesis of vulnerability inheriting, the prediction model abstracts the micro-parameters from software and tries to find a linear relationship between the vulnerability number and some micro-parameters. This model also gives a method to predict the vulnerability number of software with its micro-parameters and the vulnerability number of its previous versions. This method is verified with 7 software series, and the results show the prediction model is effective.

       

    /

    返回文章
    返回