论文信息 - Vulnerability Discovery Modeling and Weighted Criteria Based Ranking

Vulnerability Discovery Modeling and Weighted Criteria Based Ranking

Attacks on code based systems have been recent area of concern for the software developers. Of late, this side of the coin has received much attention as the loss happening due to this exploitation has been understood to a good extent. In today’s neck to neck competitive marketplace, firms have to come with their software products as quickly as possible. In order to do so, they are releasing their offerings at a much higher pace as it used to be earlier and so, many bugs sustain in the software at the time of release. Such a code is prone to be easily attacked by any community working in the field. With the goal of predicting or investigating these potential number of loop holes (vulnerabilities); many vulnerability discovery models (VDMs) have been proposed in the literature. In this paper, we develop a model which follows a hump-shaped curve while discovering the security vulnerabilities. Furthermore, we have compared different set of VDMs with the proposed model using the five comparison criteria and each criterion has been assigned different weight in order to capture the ranking of proposed model. For checking the veracity and predictive capabilities of proposed model, validation is done on two different data sets and results shows that the weighted criteria methodology shows very promising results for model comparison.

Adarsh Anand | Navneet Bhatt | Adarsh Anand | N. Bhatt

[1] Yashwant K. Malaiya,et al. Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[2] P. K. Kapur,et al. A software reliability growth model for an error-removal phenomenon , 1992, Softw. Eng. J..

[3] P. C. Jha,et al. Software Reliability Assessment with OR Applications , 2011 .

[4] K Okumoto,et al. TIME-DEPENDENT ERROR-DETECTION RATE MODEL FOR SOFTWARE AND OTHER PERFORMANCE MEASURES , 1979 .

[5] Michael R. Lyu,et al. Estimation and Analysis of Some Generalized Multiple Change-Point Software Reliability Models , 2011, IEEE Transactions on Reliability.

[6] Amrit L. Goel,et al. Time-Dependent Error-Detection Rate Model for Software Reliability and Other Performance Measures , 1979, IEEE Transactions on Reliability.

[7] Eric Rescorla,et al. Is finding security holes a good idea? , 2005, IEEE Security & Privacy.

[8] Nesar Ahmad,et al. Analysis and Ranking of Software Reliability Models Based on Weighted Criteria Value , 2013 .

[9] Xiang Li,et al. Reliability analysis and optimal version-updating for open source software , 2011, Inf. Softw. Technol..

[10] Adarsh Anand,et al. Generalized Innovation Diffusion Modeling & Weighted Criteria Based Ranking , 2014, Proceedings of 3rd International Conference on Reliability, Infocom Technologies and Optimization.