Abstract
Vulnerabilities usually represents the risk level of software, therefore, it is of high value to predict vulnerabilities so as to evaluate the security level of software. Current researches mainly focus on predicting the number of vulnerabilities or the occurrence time of vulnerabilities, however, to our best knowledge, there are no other researches focusing on the prediction of vulnerabilities’ severity, which we think is an important aspect reflecting vulnerabilities and software security. To compensate for this deficiency, we propose a novel method based on grey system theory to predict the severity of vulnerabilities. The experiment is carried on the real data collected from CVE and proves the feasibility of our predicting method.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Nguyen, V.H., Tran, L.M.S.: Predicting vulnerable software components with dependency graphs. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, ser. MetriSec 2010, pp. 3:1–3:8. ACM, New York (2010). http://doi.acm.org/10.1145/1853919.1853923
Gürbüz, H.G., Er, N.P., Tekinerdogan, B.: Architecture framework for software safety. In: Amyot, D., Casas, P.F., Mussbacher, G. (eds.) SAM 2014. LNCS, vol. 8769, pp. 64–79. Springer, Heidelberg (2014)
Yafang, H., Yanzhao, L., Ping, L.: Ssrgm: software strong reliability growth model based on failure loss. In: 2012 Fifth International Symposium on Parallel Architectures, Algorithms and Programming (PAAP), pp. 255–261 (2012)
Yanzhao, L., Lei, Z., Ping, L., Yao, Y.: Research of trustworthy software system in the network. In: 2012 Fifth International Symposium on Parallel Architectures, Algorithms and Programming (PAAP), pp. 287–294 (2012)
Leveson, N.G.: Software safety: why, what, and how. ACM Comput. Surv. 18(2), 125–163 (1986)
Deng, J.L.: Introduction to grey system theory. J. Grey Syst. 1(1), 1–24 (1989)
Alhazmi, O.H., Malaiya, Y.K.: Quantitative vulnerability assessment of systems software. In: Proceedings of Annual Reliability and Maintainability Symposium, pp. 615–620 (2005)
Alhazmi, O., Malaiya, Y.: Prediction capabilities of vulnerability discovery models. In: Proceedings of the RAMS 2006, Annual Reliability and Maintainability Symposium, pp. 86–91 (2006)
Rahimi, S., Zargham, M.: Vulnerability scrying method for software vulnerability discovery prediction without a vulnerability database. IEEE Trans. Reliab. 62(2), 395–407 (2013)
Shin, Y., Williams, L.: An empirical model to predict security vulnerabilities using code complexity metrics. In: Proceedings of ESEM 2008, pp. 315–317 (2008)
Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Trans. Softw. Eng. 40(10), 1 (2014)
Shin, Y., Meneely, A., Williams, L., Osborne, J.A.: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Softw. Eng. 37(6), 772–787 (2010)
Shin, Y., Williams, L.: Is complexity really the enemy of software security?. In: ACM Conference on Computer and Communications Security, pp. 47–50 (2008)
Rescorla, E.: Is finding security holes a good idea? IEEE Secur. Priv. Mag. 3(1), 14–19 (2005)
Kayacan, E., Ulutas, B., Kaynak, O.: Grey system theory-based models in time series prediction. Expert Syst. Appl. 37(2), 1784–1789 (2010)
Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-enabled authorization in the grey system. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 431–445. Springer, Heidelberg (2005)
Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empirical Softw. Eng. 18(1), 25–59 (2013)
Common Vulnerabilities and Exposures. http://cve.scap.org.cn/
Forecasting electricity demand using Grey-Markov model. In: 2008 International Conference on Machine Learning and Cybernetics, pp. 1244–1248. IEEE (2008)
Chen, C.I., Chen, H.L., Chen, S.P.: Forecasting of foreign exchange rates of Taiwan’s major trading partners by novel nonlinear Grey Bernoulli model NGBM(1, 1). Commun. Nonlinear Sci. Numer. Simul. 13(6), 1194–1204 (2008)
Rotchana, I., Salam, P.A., Kumar, S., et al.: Forecasting of municipal solid waste quantity in a developing country using multivariate grey models. Waste Manag. 39, 3–14 (2015)
Hamzacebi, C., Es, H.A.: Forecasting the annual electricity consumption of Turkey using an optimized grey model. Energy 70(3), 165–171 (2014). As the access to this document is restricted, you may want to look for a different version under “Related research” (further below) or for a different version of it
Xie, N.M., Liu, S.F., Yang, Y.J., et al.: On novel grey forecasting model based on non-homogeneous index sequence. Appl. Math. Model. 37(7), 5059–5068.27 (2013)
Truong, D.Q., Ahn, K.K.: Wave prediction based on a modified grey model MGM(1,1) for real-time control of wave energy converters in irregular waves. Renew. Ener. 43, 242–255 (2012)
Wang, Z.X., Dang, Y.G., Pei, L.L.: Modeling approach for oscillatory sequences based on GM(1,1) power model. Syst. Eng. Electron. 33(11), 2440–2444 (2011). (In Chinese)
Wang, Z.X.: Grey forecasting method for small sample oscillating sequences based on Fourier series. Control Decis. 29(2), 270–274 (2014). (In Chinese)
Wang, Z.X.: Oscillating GM(1,1) power model and its application. Control Decis. 28, 1459–1464 (2013). (In Chinese)
Acknowledgments
This paper is supported by Nuclear Takamoto Significant Special and National Development and Reform Commission Information Security Special.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Geng, J., Ye, D., Luo, P. (2015). Predicting Severity of Software Vulnerability Based on Grey System Theory. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-27161-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27160-6
Online ISBN: 978-3-319-27161-3
eBook Packages: Computer ScienceComputer Science (R0)