P. Kudjo, Jinfu Chen, Selasie Brown Aformaley, Solomon Mensah
{"title":"The Effect of Weighted Moving Windows on Security Vulnerability Prediction","authors":"P. Kudjo, Jinfu Chen, Selasie Brown Aformaley, Solomon Mensah","doi":"10.1109/ASEW.2019.00031","DOIUrl":null,"url":null,"abstract":"Vulnerability prediction models strive to identify vulnerable modules in large software systems. Consequently, several vulnerability prediction approaches have been proposed to identify such susceptible units by using software metrics, historical data, and machine learning techniques. However, in spite of the key role seasonal trends of vulnerabilities play in estimating the resources needed for developing corrective measures, most of the proffered models fail to examine the trend, level, and seasonality of security vulnerability. To address this lacuna, this paper examines the statistical significance of the annual seasonal patterns and trends in vulnerability discovery using the weighted moving window. Our approach takes into account the chronological order within vulnerability data and assigns different weights of importance to projects in a window to effectively portray current security practices. Specifically, we used three regression-based models as vulnerability predictors for historical vulnerability data mined from five open-source applications offered by the Common Vulnerability Exposures and the National Vulnerability Database (CVE-NVD). In addition, we evaluate the performance and reliability of the models with symmetric mean absolute percent error (SMAPE). The preliminary results suggest that weighting the moving window based on Gaussian function yields improved accuracy and the recommended forecasting model is the robust regression.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASEW.2019.00031","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Vulnerability prediction models strive to identify vulnerable modules in large software systems. Consequently, several vulnerability prediction approaches have been proposed to identify such susceptible units by using software metrics, historical data, and machine learning techniques. However, in spite of the key role seasonal trends of vulnerabilities play in estimating the resources needed for developing corrective measures, most of the proffered models fail to examine the trend, level, and seasonality of security vulnerability. To address this lacuna, this paper examines the statistical significance of the annual seasonal patterns and trends in vulnerability discovery using the weighted moving window. Our approach takes into account the chronological order within vulnerability data and assigns different weights of importance to projects in a window to effectively portray current security practices. Specifically, we used three regression-based models as vulnerability predictors for historical vulnerability data mined from five open-source applications offered by the Common Vulnerability Exposures and the National Vulnerability Database (CVE-NVD). In addition, we evaluate the performance and reliability of the models with symmetric mean absolute percent error (SMAPE). The preliminary results suggest that weighting the moving window based on Gaussian function yields improved accuracy and the recommended forecasting model is the robust regression.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
