An Software Vulnerability Number Prediction Model Based on Micro-Parameters

Nie Chujiang; Zhao Xianfeng; Chen Kai; Han Zhengqing

Journal of Computer Research and Development > 2011 > 48(7): 1279-1287.

Nie Chujiang, Zhao Xianfeng, Chen Kai, Han Zhengqing. An Software Vulnerability Number Prediction Model Based on Micro-Parameters[J]. Journal of Computer Research and Development, 2011, 48(7): 1279-1287.

Citation:

PDF (1407 KB)

An Software Vulnerability Number Prediction Model Based on Micro-Parameters

1(State Key Laboratory of Information Security(Institute of Software, Chinese Academy of Sciences), Beijing 100190) 2(State Key Laboratory of Information Security(Graduate University of Chinese Academy of Sciences), Beijing 100049) 3(Institute of Computing Technology of Northern Jiaotong University, Beijing 100029)

More Information

Published Date: July 14, 2011

Graphical Abstract

Abstract

Abstract

As the cost caused by software vulnerabilities keeps increasing, people pay more and more attention to the researches on the vulnerability. Although discovering vulnerability is difficult because of the defect of vulnerability analysis, to predict the number of vulnerabilities is very useful in some domain, such as information security assessment. At present, the main methods to estimate the density of the vulnerabilities focus on the macro level, but they can not reflect the essential of vulnerability. A prediction model based on micro-parameter is proposed to predict the number of vulnerability with the micro-parameters of software, and it extracts the typical micro-parameters from some software series for the purpose of discovering the relationship between the vulnerability number and micro-parameters. With the hypothesis of vulnerability inheriting, the prediction model abstracts the micro-parameters from software and tries to find a linear relationship between the vulnerability number and some micro-parameters. This model also gives a method to predict the vulnerability number of software with its micro-parameters and the vulnerability number of its previous versions. This method is verified with 7 software series, and the results show the prediction model is effective.
- vulnerability predicts,
- software analysis,
- inherited vulnerability,
- history vulnerability,
- microscopic parameters

FullText(HTML)

References (0)

[1]	Wu Zehui, Wei Qiang, Wang Xinlei, Wang Yunchao, Yan Chenyu, Chen Jing. Survey of Automatic Software Vulnerability Exploitation[J]. Journal of Computer Research and Development, 2024, 61(9): 2261-2274. DOI: 10.7544/issn1000-1239.202220410
[2]	Tian Xiao, Chang Jiyou, Zhang Chi, Rong Jingfeng, Wang Ziyu, Zhang Guanghua, Wang He, Wu Gaofei, Hu Jinglu, Zhang Yuqing. Survey of Open-Source Software Defect Prediction Method[J]. Journal of Computer Research and Development, 2023, 60(7): 1467-1488. DOI: 10.7544/issn1000-1239.202221046
[3]	Zhou Peng, Wu Yanjun, Zhao Chen. Identify Linux Security Vulnerability Fix Patches Automatically[J]. Journal of Computer Research and Development, 2022, 59(1): 197-208. DOI: 10.7544/issn1000-1239.20200492
[4]	Gu Mianxue, Sun Hongyu, Han Dan, Yang Su, Cao Wanying, Guo Zhen, Cao Chunjie, Wang Wenjie, Zhang Yuqing. Software Security Vulnerability Mining Based on Deep Learning[J]. Journal of Computer Research and Development, 2021, 58(10): 2140-2162. DOI: 10.7544/issn1000-1239.2021.20210620
[5]	Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572
[6]	Yang Dingning, Xiao Hui, and Zhang Yuqing. Vulnerability Detection in ActiveX Controls Based on Fuzzing Technology[J]. Journal of Computer Research and Development, 2012, 49(7): 1525-1532.
[7]	Wang Lei, Chen Gui, and Jin Maozhong. Detection of Code Vulnerabilities via Constraint-Based Analysis and Model Checking[J]. Journal of Computer Research and Development, 2011, 48(9): 1659-1666.
[8]	Hu Chaojian, Li Zhoujun, Guo Tao, Shi Zhiwei. Detecting the Vulnerability Pattern of Writing Tainted Value to Tainted Address[J]. Journal of Computer Research and Development, 2011, 48(8): 1455-1463.
[9]	Liu Xumin, Huang Houkuan, Wang Liuqiang, Ma Sujing. Study of Spline-Curves with Shape Parameters[J]. Journal of Computer Research and Development, 2007, 44(3).
[10]	Wang Zhiming, Cai Lianhong, Ai Haizhou. Automatic Estimation of Visual Speech Parameters[J]. Journal of Computer Research and Development, 2005, 42(7): 1185-1190.