Predicting vulnerable software components using software network graph

Shengjun Wei; Xiaojiang Du; Changzhen Hu; Chun Shan

doi:10.1007/978-3-319-69471-9_21

Predicting vulnerable software components using software network graph

Shengjun Wei^*, Xiaojiang Du, Changzhen Hu, Chun Shan

^*此作品的通讯作者

Department of Computer and Information Sciences

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

1 引用（Scopus）

摘要

Vulnerability Prediction Models (VPMs) are used to predict vulnerability-prone modules and now many software security metrics have been proposed. In this paper, we predict vulnerability-prone components. Based on software network graph we define component cohesion and coupling metrics which are used as security metrics to build the VPM. To validate the prediction performance, we conduct an empirical study on Firefox 3.6. We compare the results with other works’, it shows that our model has a good performance in the accuracy, precision, and recall, and indicate that the proposed metrics are also effective in vulnerability prediction.

源语言	英语
主期刊名	Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings
编辑	Wei Wu, Aniello Castiglione, Sheng Wen
出版商	Springer Verlag
页	280-290
页数	11
ISBN（印刷版）	9783319694702
DOI	https://doi.org/10.1007/978-3-319-69471-9_21
出版状态	已出版 - 2017
活动	9th International Symposium on Cyberspace Safety and Security, CSS 2017 - Xi'an, 中国期限: 23 10月 2017 → 25 10月 2017

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	10581 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	9th International Symposium on Cyberspace Safety and Security, CSS 2017
国家/地区	中国
市	Xi'an
时期	23/10/17 → 25/10/17

访问文件

10.1007/978-3-319-69471-9_21

其它文件与链接

链接到 Scopus 的出版物

引用此

Wei, S., Du, X., Hu, C., & Shan, C. (2017). Predicting vulnerable software components using software network graph. 在 W. Wu, A. Castiglione, & S. Wen (编辑), Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings (页码 280-290). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 10581 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-69471-9_21

Wei, Shengjun ; Du, Xiaojiang ; Hu, Changzhen 等. / Predicting vulnerable software components using software network graph. Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings. 编辑 / Wei Wu ; Aniello Castiglione ; Sheng Wen. Springer Verlag, 2017. 页码 280-290 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1a3b49385d4d4ed684c60293dff3ae11,

title = "Predicting vulnerable software components using software network graph",

abstract = "Vulnerability Prediction Models (VPMs) are used to predict vulnerability-prone modules and now many software security metrics have been proposed. In this paper, we predict vulnerability-prone components. Based on software network graph we define component cohesion and coupling metrics which are used as security metrics to build the VPM. To validate the prediction performance, we conduct an empirical study on Firefox 3.6. We compare the results with other works{\textquoteright}, it shows that our model has a good performance in the accuracy, precision, and recall, and indicate that the proposed metrics are also effective in vulnerability prediction.",

keywords = "Component cohesion and coupling, Software network, Software security, Vulnerability prediction",

author = "Shengjun Wei and Xiaojiang Du and Changzhen Hu and Chun Shan",

note = "Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 9th International Symposium on Cyberspace Safety and Security, CSS 2017 ; Conference date: 23-10-2017 Through 25-10-2017",

year = "2017",

doi = "10.1007/978-3-319-69471-9_21",

language = "English",

isbn = "9783319694702",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "280--290",

editor = "Wei Wu and Aniello Castiglione and Sheng Wen",

booktitle = "Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings",

address = "Germany",

}

Wei, S, Du, X, Hu, C & Shan, C 2017, Predicting vulnerable software components using software network graph. 在 W Wu, A Castiglione & S Wen (编辑), Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 10581 LNCS, Springer Verlag, 页码 280-290, 9th International Symposium on Cyberspace Safety and Security, CSS 2017, Xi'an, 中国, 23/10/17. https://doi.org/10.1007/978-3-319-69471-9_21

Predicting vulnerable software components using software network graph. / Wei, Shengjun; Du, Xiaojiang; Hu, Changzhen 等.
Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings. 编辑 / Wei Wu; Aniello Castiglione; Sheng Wen. Springer Verlag, 2017. 页码 280-290 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 10581 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Predicting vulnerable software components using software network graph

AU - Wei, Shengjun

AU - Du, Xiaojiang

AU - Hu, Changzhen

AU - Shan, Chun

PY - 2017

Y1 - 2017

N2 - Vulnerability Prediction Models (VPMs) are used to predict vulnerability-prone modules and now many software security metrics have been proposed. In this paper, we predict vulnerability-prone components. Based on software network graph we define component cohesion and coupling metrics which are used as security metrics to build the VPM. To validate the prediction performance, we conduct an empirical study on Firefox 3.6. We compare the results with other works’, it shows that our model has a good performance in the accuracy, precision, and recall, and indicate that the proposed metrics are also effective in vulnerability prediction.

AB - Vulnerability Prediction Models (VPMs) are used to predict vulnerability-prone modules and now many software security metrics have been proposed. In this paper, we predict vulnerability-prone components. Based on software network graph we define component cohesion and coupling metrics which are used as security metrics to build the VPM. To validate the prediction performance, we conduct an empirical study on Firefox 3.6. We compare the results with other works’, it shows that our model has a good performance in the accuracy, precision, and recall, and indicate that the proposed metrics are also effective in vulnerability prediction.

KW - Component cohesion and coupling

KW - Software network

KW - Software security

KW - Vulnerability prediction

UR - http://www.scopus.com/inward/record.url?scp=85034251228&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-69471-9_21

DO - 10.1007/978-3-319-69471-9_21

M3 - Conference contribution

AN - SCOPUS:85034251228

SN - 9783319694702

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 280

EP - 290

BT - Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings

A2 - Wu, Wei

A2 - Castiglione, Aniello

A2 - Wen, Sheng

PB - Springer Verlag

T2 - 9th International Symposium on Cyberspace Safety and Security, CSS 2017

Y2 - 23 October 2017 through 25 October 2017

ER -

Wei S, Du X, Hu C , Shan C. Predicting vulnerable software components using software network graph. 在 Wu W, Castiglione A, Wen S, 编辑, Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings. Springer Verlag. 2017. 页码 280-290. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-69471-9_21

Predicting vulnerable software components using software network graph

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此