Vulnerability discovery modelling: A general framework

被引：2

作者：

Anand A. ^{[1
]}

Bhatt N. ^{[1
]}

Alhazmi O.H. ^{[2
]}

机构：

[1] Department of Operational Research, Faculty of Mathematical Sciences, University of Delhi, Room No. 208, 2nd floor, Delhi

[2] Department of Computer Science, Taibah University, Medina

来源：

International Journal of Information and Computer Security | 2021年 / 16卷 / 1-2期

关键词：

Breaches; Hazard rate; Ranking method; Security; Unification approach; VDMs; Vulnerability; Vulnerability discovery models;

D O I：

10.1504/IJICS.2021.117402

中图分类号：

学科分类号：

摘要：

Due to the rising popularity of software-based systems, software engineers are required to continuously monitor the software to have deep insights about the loopholes and keep a close check on the vulnerability discovery process. Over time of each module of the software is tested and identified for loopholes using various vulnerability discovery models (VDMs) that exist. In this paper, based on hazard rate function approach, we have developed a unified framework to capture the behaviour of various vulnerability trends during the discovery process. The utility of the proposed approach helps in identifying and studying different discovery scenarios (various distribution functions) under one canopy. Furthermore, we also discuss a method called normalised criteria distance, which compares different sets of VDMs using a set of comparison criteria in order to rank and select the best model from among VDMs. The proposal has been supplemented with validation done on real life vulnerability discovery data sets. Copyright © 2021 Inderscience Enterprises Ltd.

引用

页码：192 / 206

页数：14

共 23 条

[1] Alhazmi O.H., Malaiya Y.K., Modeling the vulnerability discovery process, ISSRE 2005: 16th IEEE International Symposium on Software Reliability Engineering, (2005)
[2] Alhazmi O.H., Malaiya Y.K., Application of vulnerability discovery models to major operating systems, IEEE Transactions on Reliability, 57, 1, pp. 14-22, (2008)
[3] Anand A., Bhatt N., Vulnerability discovery modeling and weighted criteria based ranking, Journal of the Indian Society for Probability and Statistics, 17, 1, pp. 1-10, (2016)
[4] Anand A., Agarwal M., Aggrawal D., Singh O., Unified approach for modeling innovation adoption and optimal model selection for the diffusion process, Journal of Advances in Management Research, 13, 2, pp. 154-178, (2016)
[5] Anand A., Agarwal M., Tamura Y., Yamada S., Economic impact of software patching and optimal release scheduling, Quality and Reliability Engineering International, 33, 1, pp. 149-157, (2017)
[6] Anand A., Das S., Aggrawal D., Klochkov Y., Vulnerability discovery modelling for software with multi-versions, Advances in Reliability and System Engineering, pp. 255-262, (2017)
[7] Anderson R., Security in Open versus Closed Systems – The Dance of Boltzmann, (2002)
[8] Bhatt N., Anand A., Yadavalli V.S.S., Kumar V., Modeling and characterizing software vulnerabilities, International Journal of Mathematical, Engineering and Management Sciences, 2, 4, pp. 288-299, (2017)
[9] Brady R.M., Anderson R.J., Ball R.C., Murphy’s Law, the Fitness of Evolving Species and the Limits of Software Reliability, (1999)
[10] Huang C.Y., Lyu M.R., Kuo S.Y., A unified scheme of some nonhomogenous poisson process models for software reliability estimation, IEEE Transactions on Software Engineering, 29, 3, pp. 261-269, (2003)

← 1 2 3 →