nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

Modeling Software Vulnerability Injection-Discovery Process Incorporating Time-Delay and VIKOR Based Ranking

verfasst von : Mohini Agarwal, Deepti Aggrawal, Subhrata Das, Adarsh Anand, Navneet Bhatt

Erschienen in: Reliability and Maintainability Assessment of Industrial Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Researchers have widely focused on catering software quality attributes viz. reliability and maintainability. However, the reliance on software and software-based products have redirected the focus of researchers/ engineers towards security. The vulnerability in software can be due to design flaws, implementation errors, configuration errors, etc., making it prone to attacks and can be used for malicious activities. Timely detection and fixation of these loopholes can enhance the development of safe and secure software thereby minimizing the efforts and resources required to fix them afterwards. With the aim of modeling the discovery process of vulnerability, in this chapter time delay-based formulation for vulnerability injection and discovery has been proposed which has been modeled by considering the infinite server queuing theory. For the empirical validation two vulnerability discovery data has been used. Further VIKOR, a well-known Multi Criteria Decision Making (MCDM) technique has been used to rank the different proposed models.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Reliability Assessment of Replaceable Shuffle Exchange Network with an Additional Stage Using Interval-Valued Universal Generating Function

Nächstes Kapitel Assessment of Reliability Function and Signature of Energy Plant Complex System

Alhazmi OH, Malaiya YK, Ray I (2007) Measuring, analyzing and predicting security vulnerabilities in software systems. Comput Secur 26(3):219–228CrossRef

Alhazmi OH, Malaiya YK (2005) Modeling the vulnerability discovery process. In: Proceedings of the 16th IEEE international symposium on software reliability engineering. IEEE, Chicago, IL, pp 138–147

Anand A, Agarwal M, Aggrawal D, Singh O (2016) Unified approach for modeling innovation adoption & optimal model selection for the diffusion process. J Adv Manage Res-An Emerald Insight 13(2):154–178CrossRef

Anand A, Bhatt N (2016) Vulnerability discovery modeling and weighted criteria based ranking. J Indian Soc Probab Stat 1–10

Anderson R (2002) Security in open versus closed systems—the dance of Boltzmann, Coase and Moore. Cambridge University, England, Technical report, pp 1–15

Arora A, Nandkumar A, Telang R (2006) Does information security attack frequency increase with vulnerability disclosure? An empirical analysis. Inf Syst Front 8(5):350–362CrossRef

Bhatt N, Anand A, Aggrawal D (2019) Improving system reliability by optimal allocation of resources for discovering software vulnerabilities. Int J Qual Reliab Manage

Bhatt N, Anand A, Yadavalli VSS, Kumar V (2017) Modeling and characterizing software vulnerabilities. Int J Math, Eng Manage Sci (IJMEMS) 2(4):288–299

CVE (2019) https://www.cvedetails.com/. Accessed 20 Jan 2020

10.

Chatterjee S, Saha D, Sharma A (2021) Multi‐upgradation software reliability growth model with dependency of faults under change point and imperfect debugging. J Softw: Evol Process e2344

11.

Gao X, Zhong W, Mei S (2015) Security investment and information sharing under an alternative security breach probability function. Inf Syst Front 17(2):423–438CrossRef

12.

Garg S, Singh RK, Mohapatra AK (2019) Analysis of software vulnerability classification based on different technical parameters. Inf Sec J: A Glob Perspect 28(1–2):1–19

13.

Hanebutte N, Oman PW (2005) Software vulnerability mitigation as a proper subset of software maintenance. J Softw Maint Evol Res Pract 17(6):379–400CrossRef

14.

Inoue S, Yamada S (2002) A software reliability growth model based on infinite server queuing theory. In: Proceedings 9th ISSAT international conference on reliability and quality in design. Honolulu, HI, pp 305–309

15.

Joh H, Kim J, Malaiya YK (2008) Vulnerability discovery modeling using Weibull distribution. In: 2008 19th international symposium on software reliability engineering (ISSRE). IEEE, pp 299–300

16.

Kapur PK, Pham H, Gupta A, Jha PC (2011) Software reliability assessment with OR applications. Springer, London LimitedCrossRef

17.

Kapur PK, Sachdeva N, Khatri SK (2015) Vulnerability discovery modeling. In: International conference on quality, reliability, infocom technology and industrial technology management, pp 34–54

18.

Kaur J, Anand A, Singh O (2019) Modeling software vulnerability correction/fixation process incorporating time lag. In: Boca Raton FL (ed) Recent advancements in software reliability assurance. CRC Press, pp 39–58CrossRef

19.

Kudjo PK, Chen J, Brown SA, Mensah S (2019) The effect of weighted moving windows on security vulnerability prediction. In: 2019 34th IEEE/ACM international conference on automated software engineering workshop (ASEW). IEEE, pp 65–68

20.

Kumar A, Ram M (2018) System reliability analysis based on Weibull distribution and hesitant fuzzy set. Int J Math Eng Manag Sci 3(4):513–521. https://doi.org/10.33889/IJMEMS.2018.3.4-037

21.

Liu B, Shi L, Cai Z, Li M (2012) Software vulnerability discovery techniques: a survey. In: 2012 fourth international conference on multimedia information networking and security. IEEE, pp 152–156

22.

Liu Q, Xing L (2021) Survivability and vulnerability analysis of cloud RAID systems under disk faults and attacks. Int J Math Eng Manag Sci 6(1):15–29. https://doi.org/10.33889/IJMEMS.2021.6.1.003

23.

MSRC Team (2017) Customer Guidance for WannaCrypt attacks. Accessed 25th Jan 2020

24.

Massacci F, Nguyen VH (2014) An empirical methodology to evaluate vulnerability discovery models. IEEE Trans Softw Eng 40(12):1147–1162CrossRef

25.

Opricovic S (1998) Multicriteria optimization of civil engineering systems. Faculty Civ Eng, Belgrade 2(1):5–21MathSciNet

26.

Opricovic S, Tzeng GH (2004) Compromise solution by MCDM methods: a comparative analysis of VIKOR and TOPSIS. Eur J Oper Res 156(2):445–455CrossRef

27.

Rescorla E (2005) Is finding security holes a good idea? IEEE Secur Priv 3(1):14–19CrossRef

28.

Ryan KT (2016) Software processes for a changing world. J Softw: Evol Process 28(4):236–240

29.

Schatz D, Bashroush R (2017) Economic valuation for information security investment: a systematic literature review. Inf Syst Front 19(5):1205–1228CrossRef

30.

Tong LI, Chen CC, Wang CH (2007) Optimization of multi-response processes using the VIKOR method. The Int J Adv Manuf Technol 31(11–12):1049–1057CrossRef

31.

Verma R, Parihar RS, Das S (2018) Modeling software multi up-gradations with error generation and fault severity. Int J Math Eng Manag Sci 3(4):429–437. https://doi.org/10.33889/IJMEMS.2018.3.4-030

32.

Winder D (2019) https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/#6e20808bd549, Accessed 25th Jan 2020

33.

Woo SW, Joh H, Alhazmi OH, Malaiya YK (2011) Modeling vulnerability discovery process in Apache and IIS HTTP servers. Comput Secur 30(1):50–62CrossRef

34.

Yang SS, Choi H, Joo H (2010) Vulnerability analysis of the grid data security authentication system. Inf Secur J: A Glob Perspect 19(4):182–190

35.

Younis A, Joh H, Malaiya Y (2011) Modeling learning less vulnerability discovery using a folded distribution. In: Proceedings of SAM, vol 11, pp 617–623

Titel: Modeling Software Vulnerability Injection-Discovery Process Incorporating Time-Delay and VIKOR Based Ranking
verfasst von: Mohini Agarwal
Deepti Aggrawal
Subhrata Das
Adarsh Anand
Navneet Bhatt
Verlag: Springer International Publishing
Buch: Reliability and Maintainability Assessment of Industrial Systems
Print ISBN: 978-3-030-93622-8

Electronic ISBN: 978-3-030-93623-5

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-3-030-93623-5_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner