漏洞发现建模:一个通用框架

Int. J. Inf. Comput. Secur. Pub Date : 2021-08-27 DOI:10.1504/ijics.2021.10040720

Adarsh Anand, N. Bhatt, O.H. Alhazmi

{"title":"漏洞发现建模:一个通用框架","authors":"Adarsh Anand, N. Bhatt, O.H. Alhazmi","doi":"10.1504/ijics.2021.10040720","DOIUrl":null,"url":null,"abstract":"Due to the rising popularity of software-based systems, software engineers are required to continuously monitor the software to have deep insights about the loopholes and keep a close check on the vulnerability discovery process. Over time of each module of the software is tested and identified for loopholes using various vulnerability discovery models (VDMs) that exist. In this paper, based on hazard rate function approach, we have developed a unified framework to capture the behaviour of various vulnerability trends during the discovery process. The utility of the proposed approach helps in identifying and studying different discovery scenarios (various distribution functions) under one canopy. Furthermore, we also discuss a method called normalised criteria distance, which compares different sets of VDMs using a set of comparison criteria in order to rank and select the best model from among VDMs. The proposal has been supplemented with validation done on real life vulnerability discovery data sets.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"177 20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Vulnerability discovery modelling: a general framework\",\"authors\":\"Adarsh Anand, N. Bhatt, O.H. Alhazmi\",\"doi\":\"10.1504/ijics.2021.10040720\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to the rising popularity of software-based systems, software engineers are required to continuously monitor the software to have deep insights about the loopholes and keep a close check on the vulnerability discovery process. Over time of each module of the software is tested and identified for loopholes using various vulnerability discovery models (VDMs) that exist. In this paper, based on hazard rate function approach, we have developed a unified framework to capture the behaviour of various vulnerability trends during the discovery process. The utility of the proposed approach helps in identifying and studying different discovery scenarios (various distribution functions) under one canopy. Furthermore, we also discuss a method called normalised criteria distance, which compares different sets of VDMs using a set of comparison criteria in order to rank and select the best model from among VDMs. The proposal has been supplemented with validation done on real life vulnerability discovery data sets.\",\"PeriodicalId\":164016,\"journal\":{\"name\":\"Int. J. Inf. Comput. Secur.\",\"volume\":\"177 20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Inf. Comput. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/ijics.2021.10040720\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Inf. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijics.2021.10040720","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

由于基于软件的系统越来越受欢迎，软件工程师需要持续监控软件，以深入了解漏洞，并密切检查漏洞发现过程。随着时间的推移，软件的每个模块都使用存在的各种漏洞发现模型(vdm)进行测试和漏洞识别。在本文中，基于危险率函数方法，我们开发了一个统一的框架来捕捉在发现过程中各种漏洞趋势的行为。该方法有助于识别和研究同一树冠下不同的发现场景(各种分布函数)。此外，我们还讨论了一种称为归一化标准距离的方法，该方法使用一组比较标准来比较不同的vdm集，以便从vdm中排序和选择最佳模型。该提案还补充了对现实生活中的漏洞发现数据集进行的验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Vulnerability discovery modelling: a general framework

Due to the rising popularity of software-based systems, software engineers are required to continuously monitor the software to have deep insights about the loopholes and keep a close check on the vulnerability discovery process. Over time of each module of the software is tested and identified for loopholes using various vulnerability discovery models (VDMs) that exist. In this paper, based on hazard rate function approach, we have developed a unified framework to capture the behaviour of various vulnerability trends during the discovery process. The utility of the proposed approach helps in identifying and studying different discovery scenarios (various distribution functions) under one canopy. Furthermore, we also discuss a method called normalised criteria distance, which compares different sets of VDMs using a set of comparison criteria in order to rank and select the best model from among VDMs. The proposal has been supplemented with validation done on real life vulnerability discovery data sets.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Inf. Comput. Secur.

自引率

0.00%

发文量