基于组件依赖图的软件安全漏洞预测方法

Sheng Jun Wei; Tao He; Chang Zhen Hu; Chun Shan

doi:10.15918/j.tbit1001-0645.2018.05.014

基于组件依赖图的软件安全漏洞预测方法

Translated title of the contribution: Predicting Software Security Vulnerabilities withComponent Dependency Graphs

Sheng Jun Wei, Tao He^*, Chang Zhen Hu, Chun Shan

^*Corresponding author for this work

Beijing Institute of Technology

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.

Translated title of the contribution	Predicting Software Security Vulnerabilities withComponent Dependency Graphs
Original language	Chinese (Traditional)
Pages (from-to)	525-530
Number of pages	6
Journal	Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology
Volume	38
Issue number	5
DOIs	https://doi.org/10.15918/j.tbit1001-0645.2018.05.014
Publication status	Published - 1 May 2018

Access to Document

10.15918/j.tbit1001-0645.2018.05.014

Cite this

@article{6ad1b8715e22433a91e82c834d3486d9,

title = "基于组件依赖图的软件安全漏洞预测方法",

abstract = "Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.",

keywords = "Component dependency graph, Machine learning, Software security, Vulnerability prediction",

author = "Wei, {Sheng Jun} and Tao He and Hu, {Chang Zhen} and Chun Shan",

year = "2018",

month = may,

day = "1",

doi = "10.15918/j.tbit1001-0645.2018.05.014",

language = "繁体中文",

volume = "38",

pages = "525--530",

journal = "Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology",

issn = "1001-0645",

publisher = "Beijing Institute of Technology",

number = "5",

}

TY - JOUR

T1 - 基于组件依赖图的软件安全漏洞预测方法

AU - Wei, Sheng Jun

AU - He, Tao

AU - Hu, Chang Zhen

AU - Shan, Chun

PY - 2018/5/1

Y1 - 2018/5/1

N2 - Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.

AB - Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.

KW - Component dependency graph

KW - Machine learning

KW - Software security

KW - Vulnerability prediction

UR - http://www.scopus.com/inward/record.url?scp=85052108644&partnerID=8YFLogxK

U2 - 10.15918/j.tbit1001-0645.2018.05.014

DO - 10.15918/j.tbit1001-0645.2018.05.014

M3 - 文章

AN - SCOPUS:85052108644

SN - 1001-0645

VL - 38

SP - 525

EP - 530

JO - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology

JF - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology

IS - 5

ER -

基于组件依赖图的软件安全漏洞预测方法

Abstract

Access to Document

Other files and links

Fingerprint

Cite this