Register
 ALL Title Author Keyword Sponsors Type Publication date Submitted Time Subject Conference Name Source Categories KOS Subject Advisor ORCID Advanced
 ISCAS OpenIR  > 信息安全国家重点实验室  > 期刊论文
 Title: an software vulnerability number prediction model based on micro-parameters Author: Nie Chujiang ; Zhao Xianfeng ; Chen Kai ; Han Zhengqing Keyword: 漏洞预测 ; 软件分析 ; 漏洞继承 ; 历史漏洞 ; 微观参数Mathematical models ; Security of data Source: Jisuanji Yanjiu yu Fazhan/Computer Research and Development Issued Date: 2011 Volume: 48, Issue:7, Pages:1279-1287 Department: (1) State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049, China; (3) Institute of Computing Technology of Northern Jiaotong University, Beijing 100029, China Abstract: 全球每年因为软件漏洞造成的损失十分巨大,而软件漏洞分析方法的缺陷使得漏洞本身难以被发现,因此大家开始对漏洞数量进行预测,预测软件的漏洞数量对信息安全评估有着重要的意义.目前主要的估算方法是漏洞密度的方法,但此方法仅是宏观范围内估算,并不能反映漏洞软件本身的性质.提出从软件的微观角度进行软件漏洞数量的估算通过提取软件典型微观参数,从而发现软件漏洞数量与其微观参数的联系,相比漏洞密度的预测方法具有相当的优势.软件微观漏洞模型在提出漏洞继承假设的基础上,认为软件的漏洞数量与它的某些微观参数之间存在线性关系,并给出了根据软件微观参数以及其历史版本漏洞数据预测软件漏洞数量的方法.通过对7款软件进行验证,证明了软件微观漏洞模型在预测软件漏洞数量时的有效性与准确性. English Abstract: As the cost caused by software vulnerabilities keeps increasing, people pay more and more attention to the researches on the vulnerability. Although discovering vulnerability is difficult because of the defect of vulnerability analysis, to predict the number of vulnerabilities is very useful in some domain, such as information security assessment. At present, the main methods to estimate the density of the vulnerabilities focus on the macro level, but they can not reflect the essential of vulnerability. A prediction model based on micro-parameter is proposed to predict the number of vulnerability with the micro-parameters of software, and it extracts the typical micro-parameters from some software series for the purpose of discovering the relationship between the vulnerability number and micro-parameters. With the hypothesis of vulnerability inheriting, the prediction model abstracts the micro-parameters from software and tries to find a linear relationship between the vulnerability number and some micro-parameters. This model also gives a method to predict the vulnerability number of software with its micro-parameters and the vulnerability number of its previous versions. This method is verified with 7 software series, and the results show the prediction model is effective. Language: 中文 Content Type: 期刊论文 URI: http://ir.iscas.ac.cn/handle/311060/13749 Appears in Collections: 信息安全国家重点实验室_期刊论文

 Files in This Item:
File Name/ File Size Content Type Version Access License

 Recommended Citation: Nie Chujiang,Zhao Xianfeng,Chen Kai,et al. an software vulnerability number prediction model based on micro-parameters[J]. Jisuanji Yanjiu yu Fazhan/Computer Research and Development,2011-01-01,48(7):1279-1287.
 Service Recommend this item Sava as my favorate item Show this item's statistics Export Endnote File Google Scholar Similar articles in Google Scholar [Nie Chujiang]'s Articles [Zhao Xianfeng]'s Articles [Chen Kai]'s Articles CSDL cross search Similar articles in CSDL Cross Search [Nie Chujiang]‘s Articles [Zhao Xianfeng]‘s Articles [Chen Kai]‘s Articles Related Copyright Policies Null Social Bookmarking

 您对该条目有什么异议，请填写以下表单，管理员会尽快联系您。 `内 容：` Email： * 单位： 验证码： 刷新
 您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。 `标 题：` * `内 容：` Email： * 验证码： 刷新