Skip to main content
SpringerLink
Log in

Predicting Severity of Software Vulnerability Based on Grey System Theory

  • Conference paper
  • First Online:
Book cover Algorithms and Architectures for Parallel Processing (ICA3PP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9532))

  • 1788 Accesses

Abstract

Vulnerabilities usually represents the risk level of software, therefore, it is of high value to predict vulnerabilities so as to evaluate the security level of software. Current researches mainly focus on predicting the number of vulnerabilities or the occurrence time of vulnerabilities, however, to our best knowledge, there are no other researches focusing on the prediction of vulnerabilities’ severity, which we think is an important aspect reflecting vulnerabilities and software security. To compensate for this deficiency, we propose a novel method based on grey system theory to predict the severity of vulnerabilities. The experiment is carried on the real data collected from CVE and proves the feasibility of our predicting method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Nguyen, V.H., Tran, L.M.S.: Predicting vulnerable software components with dependency graphs. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, ser. MetriSec 2010, pp. 3:1–3:8. ACM, New York (2010). http://doi.acm.org/10.1145/1853919.1853923

  2. Gürbüz, H.G., Er, N.P., Tekinerdogan, B.: Architecture framework for software safety. In: Amyot, D., Casas, P.F., Mussbacher, G. (eds.) SAM 2014. LNCS, vol. 8769, pp. 64–79. Springer, Heidelberg (2014)

    Google Scholar 

  3. Yafang, H., Yanzhao, L., Ping, L.: Ssrgm: software strong reliability growth model based on failure loss. In: 2012 Fifth International Symposium on Parallel Architectures, Algorithms and Programming (PAAP), pp. 255–261 (2012)

    Google Scholar 

  4. Yanzhao, L., Lei, Z., Ping, L., Yao, Y.: Research of trustworthy software system in the network. In: 2012 Fifth International Symposium on Parallel Architectures, Algorithms and Programming (PAAP), pp. 287–294 (2012)

    Google Scholar 

  5. Leveson, N.G.: Software safety: why, what, and how. ACM Comput. Surv. 18(2), 125–163 (1986)

    Article  Google Scholar 

  6. Deng, J.L.: Introduction to grey system theory. J. Grey Syst. 1(1), 1–24 (1989)

    MathSciNet  MATH  Google Scholar 

  7. Alhazmi, O.H., Malaiya, Y.K.: Quantitative vulnerability assessment of systems software. In: Proceedings of Annual Reliability and Maintainability Symposium, pp. 615–620 (2005)

    Google Scholar 

  8. Alhazmi, O., Malaiya, Y.: Prediction capabilities of vulnerability discovery models. In: Proceedings of the RAMS 2006, Annual Reliability and Maintainability Symposium, pp. 86–91 (2006)

    Google Scholar 

  9. Rahimi, S., Zargham, M.: Vulnerability scrying method for software vulnerability discovery prediction without a vulnerability database. IEEE Trans. Reliab. 62(2), 395–407 (2013)

    Article  Google Scholar 

  10. Shin, Y., Williams, L.: An empirical model to predict security vulnerabilities using code complexity metrics. In: Proceedings of ESEM 2008, pp. 315–317 (2008)

    Google Scholar 

  11. Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Trans. Softw. Eng. 40(10), 1 (2014)

    Article  Google Scholar 

  12. Shin, Y., Meneely, A., Williams, L., Osborne, J.A.: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Softw. Eng. 37(6), 772–787 (2010)

    Article  Google Scholar 

  13. Shin, Y., Williams, L.: Is complexity really the enemy of software security?. In: ACM Conference on Computer and Communications Security, pp. 47–50 (2008)

    Google Scholar 

  14. Rescorla, E.: Is finding security holes a good idea? IEEE Secur. Priv. Mag. 3(1), 14–19 (2005)

    Article  Google Scholar 

  15. Kayacan, E., Ulutas, B., Kaynak, O.: Grey system theory-based models in time series prediction. Expert Syst. Appl. 37(2), 1784–1789 (2010)

    Article  Google Scholar 

  16. Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-enabled authorization in the grey system. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 431–445. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  17. Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empirical Softw. Eng. 18(1), 25–59 (2013)

    Article  Google Scholar 

  18. Common Vulnerabilities and Exposures. http://cve.scap.org.cn/

  19. Forecasting electricity demand using Grey-Markov model. In: 2008 International Conference on Machine Learning and Cybernetics, pp. 1244–1248. IEEE (2008)

    Google Scholar 

  20. Chen, C.I., Chen, H.L., Chen, S.P.: Forecasting of foreign exchange rates of Taiwan’s major trading partners by novel nonlinear Grey Bernoulli model NGBM(1, 1). Commun. Nonlinear Sci. Numer. Simul. 13(6), 1194–1204 (2008)

    Article  Google Scholar 

  21. Rotchana, I., Salam, P.A., Kumar, S., et al.: Forecasting of municipal solid waste quantity in a developing country using multivariate grey models. Waste Manag. 39, 3–14 (2015)

    Article  Google Scholar 

  22. Hamzacebi, C., Es, H.A.: Forecasting the annual electricity consumption of Turkey using an optimized grey model. Energy 70(3), 165–171 (2014). As the access to this document is restricted, you may want to look for a different version under “Related research” (further below) or for a different version of it

    Article  Google Scholar 

  23. Xie, N.M., Liu, S.F., Yang, Y.J., et al.: On novel grey forecasting model based on non-homogeneous index sequence. Appl. Math. Model. 37(7), 5059–5068.27 (2013)

    Article  MathSciNet  Google Scholar 

  24. Truong, D.Q., Ahn, K.K.: Wave prediction based on a modified grey model MGM(1,1) for real-time control of wave energy converters in irregular waves. Renew. Ener. 43, 242–255 (2012)

    Article  Google Scholar 

  25. Wang, Z.X., Dang, Y.G., Pei, L.L.: Modeling approach for oscillatory sequences based on GM(1,1) power model. Syst. Eng. Electron. 33(11), 2440–2444 (2011). (In Chinese)

    MATH  Google Scholar 

  26. Wang, Z.X.: Grey forecasting method for small sample oscillating sequences based on Fourier series. Control Decis. 29(2), 270–274 (2014). (In Chinese)

    MATH  Google Scholar 

  27. Wang, Z.X.: Oscillating GM(1,1) power model and its application. Control Decis. 28, 1459–1464 (2013). (In Chinese)

    Google Scholar 

Download references

Acknowledgments

This paper is supported by Nuclear Takamoto Significant Special and National Development and Reform Commission Information Security Special.

Author information

Authors and Affiliations

  1. School of Software, Beihang University, Beijing, 100191, China

    Jinkun Geng & Daren Ye

  2. Key Laboratory for Information System Security, Ministry of Education, Tsinghua National Laboratory for Information Science and Technology (TNlist), School of Software, Tsinghua University, Beijing, 100084, China

    Ping Luo

Authors
  1. Jinkun Geng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daren Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ping Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jinkun Geng .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Guojin Wang

  2. Sch of Information Technologies, Sydney University, Sydney, New South Wales, Australia

    Albert Zomaya

  3. Department of Information and Commu, University of Murcia, Murcia, Murcia, Spain

    Gregorio Martinez

  4. Changsha, China

    Kenli Li

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Geng, J., Ye, D., Luo, P. (2015). Predicting Severity of Software Vulnerability Based on Grey System Theory. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27161-3_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27160-6

  • Online ISBN: 978-3-319-27161-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation