Predicting vulnerable software components using software network graph

Shengjun Wei*, Xiaojiang Du, Changzhen Hu, Chun Shan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

Vulnerability Prediction Models (VPMs) are used to predict vulnerability-prone modules and now many software security metrics have been proposed. In this paper, we predict vulnerability-prone components. Based on software network graph we define component cohesion and coupling metrics which are used as security metrics to build the VPM. To validate the prediction performance, we conduct an empirical study on Firefox 3.6. We compare the results with other works’, it shows that our model has a good performance in the accuracy, precision, and recall, and indicate that the proposed metrics are also effective in vulnerability prediction.

Original languageEnglish
Title of host publicationCyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings
EditorsWei Wu, Aniello Castiglione, Sheng Wen
PublisherSpringer Verlag
Pages280-290
Number of pages11
ISBN (Print)9783319694702
DOIs
Publication statusPublished - 2017
Event9th International Symposium on Cyberspace Safety and Security, CSS 2017 - Xi'an, China
Duration: 23 Oct 201725 Oct 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10581 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference9th International Symposium on Cyberspace Safety and Security, CSS 2017
Country/TerritoryChina
CityXi'an
Period23/10/1725/10/17

Keywords

  • Component cohesion and coupling
  • Software network
  • Software security
  • Vulnerability prediction

Fingerprint

Dive into the research topics of 'Predicting vulnerable software components using software network graph'. Together they form a unique fingerprint.

Cite this