中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 期刊论文
题名:
an software vulnerability number prediction model based on micro-parameters
作者: Nie Chujiang ; Zhao Xianfeng ; Chen Kai ; Han Zhengqing
关键词: 漏洞预测 ; 软件分析 ; 漏洞继承 ; 历史漏洞 ; 微观参数Mathematical models ; Security of data
刊名: Jisuanji Yanjiu yu Fazhan/Computer Research and Development
发表日期: 2011
卷: 48, 期:7, 页:1279-1287
部门归属: (1) State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049, China; (3) Institute of Computing Technology of Northern Jiaotong University, Beijing 100029, China
摘要: 全球每年因为软件漏洞造成的损失十分巨大,而软件漏洞分析方法的缺陷使得漏洞本身难以被发现,因此大家开始对漏洞数量进行预测,预测软件的漏洞数量对信息安全评估有着重要的意义.目前主要的估算方法是漏洞密度的方法,但此方法仅是宏观范围内估算,并不能反映漏洞软件本身的性质.提出从软件的微观角度进行软件漏洞数量的估算通过提取软件典型微观参数,从而发现软件漏洞数量与其微观参数的联系,相比漏洞密度的预测方法具有相当的优势.软件微观漏洞模型在提出漏洞继承假设的基础上,认为软件的漏洞数量与它的某些微观参数之间存在线性关系,并给出了根据软件微观参数以及其历史版本漏洞数据预测软件漏洞数量的方法.通过对7款软件进行验证,证明了软件微观漏洞模型在预测软件漏洞数量时的有效性与准确性.
英文摘要: As the cost caused by software vulnerabilities keeps increasing, people pay more and more attention to the researches on the vulnerability. Although discovering vulnerability is difficult because of the defect of vulnerability analysis, to predict the number of vulnerabilities is very useful in some domain, such as information security assessment. At present, the main methods to estimate the density of the vulnerabilities focus on the macro level, but they can not reflect the essential of vulnerability. A prediction model based on micro-parameter is proposed to predict the number of vulnerability with the micro-parameters of software, and it extracts the typical micro-parameters from some software series for the purpose of discovering the relationship between the vulnerability number and micro-parameters. With the hypothesis of vulnerability inheriting, the prediction model abstracts the micro-parameters from software and tries to find a linear relationship between the vulnerability number and some micro-parameters. This model also gives a method to predict the vulnerability number of software with its micro-parameters and the vulnerability number of its previous versions. This method is verified with 7 software series, and the results show the prediction model is effective.
语种: 中文
内容类型: 期刊论文
URI标识: http://ir.iscas.ac.cn/handle/311060/13749
Appears in Collections:信息安全国家重点实验室_期刊论文

Files in This Item:
File Name/ File Size Content Type Version Access License
一种微观漏洞数量预测模型.pdf(2094KB)----限制开放-- 联系获取全文

Recommended Citation:
Nie Chujiang,Zhao Xianfeng,Chen Kai,et al. an software vulnerability number prediction model based on micro-parameters[J]. Jisuanji Yanjiu yu Fazhan/Computer Research and Development,2011-01-01,48(7):1279-1287.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Nie Chujiang]'s Articles
[Zhao Xianfeng]'s Articles
[Chen Kai]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Nie Chujiang]‘s Articles
[Zhao Xianfeng]‘s Articles
[Chen Kai]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace