E-WBM: An Effort-Based Vulnerability Discovery Model

Xiajing Wang, Rui Ma*, Binbin Li, Donghai Tian, Xuefei Wang

*此作品的通讯作者

科研成果: 期刊稿件文章同行评审

11 引用 (Scopus)

摘要

Vulnerability discovery models (VDMs) have recently been proposed to estimate the cumulative number of vulnerabilities that will be disclosed after software is released. A precise VDM would offer an available quantitative insight to assess software security. Even though VDM has demonstrated its effectiveness in multiple software, it remains limited in accuracy, especially with weak versatility. We propose a novel effort-based VDMs, named E-WBM, to improve critical vulnerability discovery rate algorithm using Weibull probability distribution function towards efficient vulnerability discovery models. E-WBM accurately portrays the trend of software security vulnerabilities disclosure. We evaluate E-WBM on eight popular real-world operating systems and show the feasibility of the proposed model. We further compare E-WBM with a state-of-the-art effort-based model AME and time-based model JW on the above eight operating systems. Our comparison also demonstrates that E-WBM consistently outperforms AME and JW both at reducing the deviations and fitting curve trends. In addition to the model fitting, predictive capabilities of two effort-based models E-WBM and AME are also examined. The results show that the E-WBM model yields a more stable prediction with a significantly less error than AME.

源语言英语
文章编号8676014
页(从-至)44276-44292
页数17
期刊IEEE Access
7
DOI
出版状态已出版 - 2019

指纹

探究 'E-WBM: An Effort-Based Vulnerability Discovery Model' 的科研主题。它们共同构成独一无二的指纹。

引用此