Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Detection of Lurkers in Online Social Networks Read chapter Read first chapter

2017 | OriginalPaper | Chapter

Predicting Vulnerable Software Components Using Software Network Graph

Authors : Shengjun Wei, Xiaojiang Du, Changzhen Hu, Chun Shan

Published in: Cyberspace Safety and Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Vulnerability Prediction Models (VPMs) are used to predict vulnerability-prone modules and now many software security metrics have been proposed. In this paper, we predict vulnerability-prone components. Based on software network graph we define component cohesion and coupling metrics which are used as security metrics to build the VPM. To validate the prediction performance, we conduct an empirical study on Firefox 3.6. We compare the results with other works’, it shows that our model has a good performance in the accuracy, precision, and recall, and indicate that the proposed metrics are also effective in vulnerability prediction.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter A Privacy-Preserving Framework for Collaborative Intrusion Detection Networks Through Fog Computing
next chapter My Smartphone Knows Your Health Data: Exploiting Android-Based Deception Attacks Against Smartbands
Literature
1.
Liang, S., Du, X.: Permission-combination-based scheme for android mobile malware detection. In: Proceedings of the IEEE ICC 2014, Sydney, Australia (2014)
2.
Du, X., Rozenblit, M., Shayman, M.: Implementation and performance analysis of SNMP on a TLS/TCP base. In: 7th IFIP/IEEE International Symposium on Integrated Network Management, Seattle, WA, pp. 453–466 (2001)
3.
Xiao, Y., Chen, H., Du, X., Guizani, M.: Stream-based cipher feedback mode in wireless error channel. IEEE Trans. Wireless Commun. 8(2), 662–666 (2009)CrossRef
4.
Yao, X., Han, X., Du, X., Zhou, X.: A lightweight multicast authentication mechanism for small scale IoT applications. IEEE Sens. J. 13(10), 3693–3701 (2013)CrossRef
5.
Cheng, Y., Fu, X., Du, X., Luo, B., Guizani, M.: A lightweight live memory forensic approach based on hardware virtualization, vol. 379, pp. 23–41. Elsevier Information Sciences (2017)
6.
Fu, X., Graham, B., Bettati, R., Zhao, W.: On countermeasures to traffic analysis attacks. In: 4th IEEE SMC Information Assurance Workshop (2003)
7.
Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell counting based attack against tor. IEEE/ACM Trans. Network. (ToN) 20(4), 1245–1261 (2012)CrossRef
8.
Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., Zhao, W.: Blind recognition of touched keys on mobile devices. In: 21st ACM Conference on Computer and Communications Security, Scottsdale, Arizona, USA (2014)
9.
Qian, Y., Moayeri, N.: Design of secure and application-oriented VANETs. In: Proceedings of IEEE VTC2008-Spring, Singapore (2008)
10.
Zhou, J., Hu, R., Qian, Y.: Scalable distributed communication architectures to support advanced metering infrastructure in smart grid. IEEE Trans. Parallel Distrib. Syst. 23(9), 1632–1642 (2012)CrossRef
11.
Wei, L., Hu, R., Qian, Y., Wu, G.: Enabling device-to-device communications underlaying cellular networks: challenges and research aspects. IEEE Commun. 52(6), 90–96 (2014)CrossRef
12.
13.
Viega, J., Mcgraw, G.: Building Secure Software. Addison-Wesley, Boston (2002)
14.
Morrison, P., Herzig, K., Murphy, B., Williams, L.: Challenges with applying vulnerability prediction models. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security. ACM-Association for Computing Machinery (2015)
15.
Shin, Y., Meneely, A., Williams, L., Osborne, J.A.: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Softw. Eng. 37(6), 772–787 (2011)CrossRef
16.
Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Archit. 57(3), 294–313 (2011)CrossRef
17.
Zimmermann, T., Nagappan, N., Williams, L.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: Software Testing, Verification and Validation (ICST), pp. 421–428. IEEE (2010)
18.
Shin, Y., Williams, L.: Is complexity really the enemy of software security? In: Proceedings of the ACM Workshop Quality Protection, pp. 47–50 (2008)
19.
Fenton, N., Krause, P., Neil, M.: A probabilistic model for software defect prediction. IEEE Trans. Softw. Eng. 2143, 444–453 (2001)MATH
20.
Emam, K., Melo, W., Machado, J.C.: The prediction of faulty classes using object-oriented design metrics. J. Syst. Softw. 56, 63–75 (2001)CrossRef
21.
Succi, G., Pedrycz, W., Stefanovic, M., Miller, J.: Practical assessment of the models for identification of defect-prone classes in object-oriented commercial systems using design metrics. J. Syst. Softw. 65, 1–12 (2003)CrossRef
22.
Shin, Y., Williams, L.: An empirical model to predict security vulnerabilities using code complexity metrics. In: Proceedings of the International Symposium Empirical Software Engineering and Measurement, pp. 315–317 (2008)
23.
Shin, Y., Williams, L.: An initial study on the use of execution complexity metrics as indicators of software vulnerabilities. In: SESS 2011, Waikiki, Honolulu, HI, USA (2011)
24.
Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empir. Softw. Eng. 18, 25–59 (2013)CrossRef
25.
Zimmermann, T., Nagappan, N., Williams, L.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: Third International Conference on Software Testing, Verification and Validation (ICST), pp. 421–428. IEEE (2010)
26.
Nguyen, V.H., Tran, L.M.S.: Predicting vulnerable software components with dependency graphs. In: MetriSec2010, Bolzano-Bozen, Italy (2010)
27.
Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Architect. 57, 294–313 (2011)CrossRef
28.
Neuhaus S., Zimmermann T., Holler C., Zeller A.: Predicting vulnerable software components. In: CCS’07, pp. 529–540 (2007)
29.
Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Trans. Softw. Eng. 40(10), 993–1006 (2014)CrossRef
30.
Walden, J., Stuckman, J., Scandariato, R.: Predicting vulnerable components: software metrics vs text mining. In: IEEE 25th International Symposium on Software Reliability Engineering, pp. 23–33 (2014)
31.
Jimenez, M., Papadakis, M., Traon, Y.L.: Vulnerability prediction models: a case study on the linux kernel. In: IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 1–10 (2016)
32.
33.
34.
Metadata
Title
Predicting Vulnerable Software Components Using Software Network Graph
Authors
Shengjun Wei
Xiaojiang Du
Changzhen Hu
Chun Shan
Copyright Year
2017
Book
Cyberspace Safety and Security

Print ISBN: 978-3-319-69470-2

Electronic ISBN: 978-3-319-69471-9

Copyright Year: 2017

DOI
https://doi.org/10.1007/978-3-319-69471-9_21

Premium Partner

    Image Credits