基于组件依赖图的软件安全漏洞预测方法

Sheng Jun Wei; Tao He; Chang Zhen Hu; Chun Shan

doi:10.15918/j.tbit1001-0645.2018.05.014

基于组件依赖图的软件安全漏洞预测方法

Sheng Jun Wei, Tao He^*, Chang Zhen Hu, Chun Shan

^*此作品的通讯作者

Beijing Institute of Technology

科研成果: 期刊稿件 › 文章 › 同行评审

4 引用（Scopus）

摘要

Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.

投稿的翻译标题	Predicting Software Security Vulnerabilities withComponent Dependency Graphs
源语言	繁体中文
页（从-至）	525-530
页数	6
期刊	Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology
卷	38
期	5
DOI	https://doi.org/10.15918/j.tbit1001-0645.2018.05.014
出版状态	已出版 - 1 5月 2018

关键词

Component dependency graph
Machine learning
Software security
Vulnerability prediction

访问文件

10.15918/j.tbit1001-0645.2018.05.014

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{6ad1b8715e22433a91e82c834d3486d9,

title = "基于组件依赖图的软件安全漏洞预测方法",

abstract = "Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.",

keywords = "Component dependency graph, Machine learning, Software security, Vulnerability prediction",

author = "Wei, {Sheng Jun} and Tao He and Hu, {Chang Zhen} and Chun Shan",

year = "2018",

month = may,

day = "1",

doi = "10.15918/j.tbit1001-0645.2018.05.014",

language = "繁体中文",

volume = "38",

pages = "525--530",

journal = "Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology",

issn = "1001-0645",

publisher = "Beijing Institute of Technology",

number = "5",

}

TY - JOUR

T1 - 基于组件依赖图的软件安全漏洞预测方法

AU - Wei, Sheng Jun

AU - He, Tao

AU - Hu, Chang Zhen

AU - Shan, Chun

PY - 2018/5/1

Y1 - 2018/5/1

N2 - Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.

AB - Aiming at the prediction of vulnerability, a vulnerability prediction method based on the component dependency graph was proposed. Firstly, the complexity, coupling and cohesion metrics of a software component were defined based on the component dependency graph. Then these metrics were used to establish a machine learning model to predict vulnerabilities in a component. Finally, a crawler tool was designed and implemented to collect all public security vulnerabilities in Mozilla Firefox from version 1.0 to version 43. Based on these data, the prediction model was trained and tested. The results show that the proposed metrics are also effective in vulnerability prediction.

KW - Component dependency graph

KW - Machine learning

KW - Software security

KW - Vulnerability prediction

UR - http://www.scopus.com/inward/record.url?scp=85052108644&partnerID=8YFLogxK

U2 - 10.15918/j.tbit1001-0645.2018.05.014

DO - 10.15918/j.tbit1001-0645.2018.05.014

M3 - 文章

AN - SCOPUS:85052108644

SN - 1001-0645

VL - 38

SP - 525

EP - 530

JO - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology

JF - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology

IS - 5

ER -

基于组件依赖图的软件安全漏洞预测方法

摘要

关键词

访问文件

其它文件与链接

指纹

引用此