Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Detection of Lurkers in Online Social Networks Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Predicting Vulnerable Software Components Using Software Network Graph

verfasst von : Shengjun Wei, Xiaojiang Du, Changzhen Hu, Chun Shan

Erschienen in: Cyberspace Safety and Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Vulnerability Prediction Models (VPMs) are used to predict vulnerability-prone modules and now many software security metrics have been proposed. In this paper, we predict vulnerability-prone components. Based on software network graph we define component cohesion and coupling metrics which are used as security metrics to build the VPM. To validate the prediction performance, we conduct an empirical study on Firefox 3.6. We compare the results with other works’, it shows that our model has a good performance in the accuracy, precision, and recall, and indicate that the proposed metrics are also effective in vulnerability prediction.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel A Privacy-Preserving Framework for Collaborative Intrusion Detection Networks Through Fog Computing
Nächstes Kapitel My Smartphone Knows Your Health Data: Exploiting Android-Based Deception Attacks Against Smartbands
Literatur
1.
Liang, S., Du, X.: Permission-combination-based scheme for android mobile malware detection. In: Proceedings of the IEEE ICC 2014, Sydney, Australia (2014)
2.
Du, X., Rozenblit, M., Shayman, M.: Implementation and performance analysis of SNMP on a TLS/TCP base. In: 7th IFIP/IEEE International Symposium on Integrated Network Management, Seattle, WA, pp. 453–466 (2001)
3.
Xiao, Y., Chen, H., Du, X., Guizani, M.: Stream-based cipher feedback mode in wireless error channel. IEEE Trans. Wireless Commun. 8(2), 662–666 (2009)CrossRef
4.
Yao, X., Han, X., Du, X., Zhou, X.: A lightweight multicast authentication mechanism for small scale IoT applications. IEEE Sens. J. 13(10), 3693–3701 (2013)CrossRef
5.
Cheng, Y., Fu, X., Du, X., Luo, B., Guizani, M.: A lightweight live memory forensic approach based on hardware virtualization, vol. 379, pp. 23–41. Elsevier Information Sciences (2017)
6.
Fu, X., Graham, B., Bettati, R., Zhao, W.: On countermeasures to traffic analysis attacks. In: 4th IEEE SMC Information Assurance Workshop (2003)
7.
Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell counting based attack against tor. IEEE/ACM Trans. Network. (ToN) 20(4), 1245–1261 (2012)CrossRef
8.
Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., Zhao, W.: Blind recognition of touched keys on mobile devices. In: 21st ACM Conference on Computer and Communications Security, Scottsdale, Arizona, USA (2014)
9.
Qian, Y., Moayeri, N.: Design of secure and application-oriented VANETs. In: Proceedings of IEEE VTC2008-Spring, Singapore (2008)
10.
Zhou, J., Hu, R., Qian, Y.: Scalable distributed communication architectures to support advanced metering infrastructure in smart grid. IEEE Trans. Parallel Distrib. Syst. 23(9), 1632–1642 (2012)CrossRef
11.
Wei, L., Hu, R., Qian, Y., Wu, G.: Enabling device-to-device communications underlaying cellular networks: challenges and research aspects. IEEE Commun. 52(6), 90–96 (2014)CrossRef
12.
13.
Viega, J., Mcgraw, G.: Building Secure Software. Addison-Wesley, Boston (2002)
14.
Morrison, P., Herzig, K., Murphy, B., Williams, L.: Challenges with applying vulnerability prediction models. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security. ACM-Association for Computing Machinery (2015)
15.
Shin, Y., Meneely, A., Williams, L., Osborne, J.A.: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Softw. Eng. 37(6), 772–787 (2011)CrossRef
16.
Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Archit. 57(3), 294–313 (2011)CrossRef
17.
Zimmermann, T., Nagappan, N., Williams, L.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: Software Testing, Verification and Validation (ICST), pp. 421–428. IEEE (2010)
18.
Shin, Y., Williams, L.: Is complexity really the enemy of software security? In: Proceedings of the ACM Workshop Quality Protection, pp. 47–50 (2008)
19.
Fenton, N., Krause, P., Neil, M.: A probabilistic model for software defect prediction. IEEE Trans. Softw. Eng. 2143, 444–453 (2001)MATH
20.
Emam, K., Melo, W., Machado, J.C.: The prediction of faulty classes using object-oriented design metrics. J. Syst. Softw. 56, 63–75 (2001)CrossRef
21.
Succi, G., Pedrycz, W., Stefanovic, M., Miller, J.: Practical assessment of the models for identification of defect-prone classes in object-oriented commercial systems using design metrics. J. Syst. Softw. 65, 1–12 (2003)CrossRef
22.
Shin, Y., Williams, L.: An empirical model to predict security vulnerabilities using code complexity metrics. In: Proceedings of the International Symposium Empirical Software Engineering and Measurement, pp. 315–317 (2008)
23.
Shin, Y., Williams, L.: An initial study on the use of execution complexity metrics as indicators of software vulnerabilities. In: SESS 2011, Waikiki, Honolulu, HI, USA (2011)
24.
Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empir. Softw. Eng. 18, 25–59 (2013)CrossRef
25.
Zimmermann, T., Nagappan, N., Williams, L.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: Third International Conference on Software Testing, Verification and Validation (ICST), pp. 421–428. IEEE (2010)
26.
Nguyen, V.H., Tran, L.M.S.: Predicting vulnerable software components with dependency graphs. In: MetriSec2010, Bolzano-Bozen, Italy (2010)
27.
Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Architect. 57, 294–313 (2011)CrossRef
28.
Neuhaus S., Zimmermann T., Holler C., Zeller A.: Predicting vulnerable software components. In: CCS’07, pp. 529–540 (2007)
29.
Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Trans. Softw. Eng. 40(10), 993–1006 (2014)CrossRef
30.
Walden, J., Stuckman, J., Scandariato, R.: Predicting vulnerable components: software metrics vs text mining. In: IEEE 25th International Symposium on Software Reliability Engineering, pp. 23–33 (2014)
31.
Jimenez, M., Papadakis, M., Traon, Y.L.: Vulnerability prediction models: a case study on the linux kernel. In: IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 1–10 (2016)
32.
33.
34.
Metadaten
Titel
Predicting Vulnerable Software Components Using Software Network Graph
verfasst von
Shengjun Wei
Xiaojiang Du
Changzhen Hu
Chun Shan
Copyright-Jahr
2017
Buch
Cyberspace Safety and Security

Print ISBN: 978-3-319-69470-2

Electronic ISBN: 978-3-319-69471-9

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-69471-9_21