Vulnerability Prediction Based on Weighted Software Network for Secure Software Building

Shengjun Wei; Hao Zhong; Chun Shan; Lin Ye; Xiaojiang Du; Mohsen Guizani

doi:10.1109/GLOCOM.2018.8647583

Vulnerability Prediction Based on Weighted Software Network for Secure Software Building

Shengjun Wei, Hao Zhong, Chun Shan, Lin Ye, Xiaojiang Du, Mohsen Guizani

Research output: Contribution to journal › Conference article › peer-review

2 Citations (Scopus)

Abstract

To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.

Original language	English
Article number	8647583
Journal	Proceedings - IEEE Global Communications Conference, GLOBECOM
DOIs	https://doi.org/10.1109/GLOCOM.2018.8647583
Publication status	Published - 2018
Event	2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates Duration: 9 Dec 2018 → 13 Dec 2018

Access to Document

10.1109/GLOCOM.2018.8647583

Cite this

@article{473f80155fcd43d4b2abf593fddead30,

title = "Vulnerability Prediction Based on Weighted Software Network for Secure Software Building",

abstract = "To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.",

author = "Shengjun Wei and Hao Zhong and Chun Shan and Lin Ye and Xiaojiang Du and Mohsen Guizani",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 2018 IEEE Global Communications Conference, GLOBECOM 2018 ; Conference date: 09-12-2018 Through 13-12-2018",

year = "2018",

doi = "10.1109/GLOCOM.2018.8647583",

language = "English",

journal = "Proceedings - IEEE Global Communications Conference, GLOBECOM",

issn = "2334-0983",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Vulnerability Prediction Based on Weighted Software Network for Secure Software Building

AU - Wei, Shengjun

AU - Zhong, Hao

AU - Shan, Chun

AU - Ye, Lin

AU - Du, Xiaojiang

AU - Guizani, Mohsen

PY - 2018

Y1 - 2018

N2 - To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.

AB - To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.

UR - http://www.scopus.com/inward/record.url?scp=85063477400&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2018.8647583

DO - 10.1109/GLOCOM.2018.8647583

M3 - Conference article

AN - SCOPUS:85063477400

SN - 2334-0983

JO - Proceedings - IEEE Global Communications Conference, GLOBECOM

JF - Proceedings - IEEE Global Communications Conference, GLOBECOM

M1 - 8647583

T2 - 2018 IEEE Global Communications Conference, GLOBECOM 2018

Y2 - 9 December 2018 through 13 December 2018

ER -

Vulnerability Prediction Based on Weighted Software Network for Secure Software Building

Abstract

Access to Document

Other files and links

Fingerprint

Cite this