| an software vulnerability number prediction model based on micro-parameters | |
| Nie Chujiang; Zhao Xianfeng; Chen Kai; Han Zhengqing | |
| 2011 | |
| 发表期刊 | Jisuanji Yanjiu yu Fazhan/Computer Research and Development
 |
| ISSN | 10001239 |
| 卷号 | 48期号:7页码:1279-1287 |
| 摘要 | As the cost caused by software vulnerabilities keeps increasing, people pay more and more attention to the researches on the vulnerability. Although discovering vulnerability is difficult because of the defect of vulnerability analysis, to predict the number of vulnerabilities is very useful in some domain, such as information security assessment. At present, the main methods to estimate the density of the vulnerabilities focus on the macro level, but they can not reflect the essential of vulnerability. A prediction model based on micro-parameter is proposed to predict the number of vulnerability with the micro-parameters of software, and it extracts the typical micro-parameters from some software series for the purpose of discovering the relationship between the vulnerability number and micro-parameters. With the hypothesis of vulnerability inheriting, the prediction model abstracts the micro-parameters from software and tries to find a linear relationship between the vulnerability number and some micro-parameters. This model also gives a method to predict the vulnerability number of software with its micro-parameters and the vulnerability number of its previous versions. This method is verified with 7 software series, and the results show the prediction model is effective. |
| 其他摘要 | 全球每年因为软件漏洞造成的损失十分巨大,而软件漏洞分析方法的缺陷使得漏洞本身难以被发现,因此大家开始对漏洞数量进行预测,预测软件的漏洞数量对信息安全评估有着重要的意义.目前主要的估算方法是漏洞密度的方法,但此方法仅是宏观范围内估算,并不能反映漏洞软件本身的性质.提出从软件的微观角度进行软件漏洞数量的估算通过提取软件典型微观参数,从而发现软件漏洞数量与其微观参数的联系,相比漏洞密度的预测方法具有相当的优势.软件微观漏洞模型在提出漏洞继承假设的基础上,认为软件的漏洞数量与它的某些微观参数之间存在线性关系,并给出了根据软件微观参数以及其历史版本漏洞数据预测软件漏洞数量的方法.通过对7款软件进行验证,证明了软件微观漏洞模型在预测软件漏洞数量时的有效性与准确性. |
| 关键词 | 漏洞预测 软件分析 漏洞继承 历史漏洞 微观参数mathematical Models Security Of Data |
| 部门归属 | (1) State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049, China; (3) Institute of Computing Technology of Northern Jiaotong University, Beijing 100029, China |
| 语种 | 中文 |
| 内容类型 | 期刊论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/13749 |
| 专题 | 信息安全国家重点实验室 |
| 推荐引用方式 GB/T 7714 | Nie Chujiang,Zhao Xianfeng,Chen Kai,et al. an software vulnerability number prediction model based on micro-parameters[J]. Jisuanji Yanjiu yu Fazhan/Computer Research and Development,2011,48(7):1279-1287. |
| APA | Nie Chujiang,Zhao Xianfeng,Chen Kai,&Han Zhengqing.(2011).an software vulnerability number prediction model based on micro-parameters.Jisuanji Yanjiu yu Fazhan/Computer Research and Development,48(7),1279-1287. |
| MLA | Nie Chujiang,et al."an software vulnerability number prediction model based on micro-parameters".Jisuanji Yanjiu yu Fazhan/Computer Research and Development 48.7(2011):1279-1287. |
| 条目包含的文件 | ||||||
| 文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
| 一种微观漏洞数量预测模型.pdf(2094KB) | 开放获取 | -- | 请求全文 | |||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论