A Survey on Data-driven Software Vulnerability Assessment and Prioritization

被引:22
|
作者
Le, Triet H. M. [1 ]
Chen, Huaming [1 ]
Babar, M. Ali [1 ,2 ]
机构
[1] Univ Adelaide, CREST Ctr Res Engn Software Technol, Adelaide, SA, Australia
[2] Cyber Secur Cooperat Res Ctr, Joondalup, Australia
来源
ACM COMPUTING SURVEYS | 2023年 / 55卷 / 05期
关键词
Software vulnerability; Vulnerability assessment and prioritization; NEURAL-NETWORKS; SEVERITY; CLASSIFICATION; FRAMEWORK; PATTERNS; TIME;
D O I
10.1145/3529757
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.
引用
收藏
页数:39
相关论文
共 50 条
  • [41] A Survey and Study of Signal and Data-Driven Approaches for Pipeline Leak Detection and Localization
    Rajasekaran, Uma
    Kothandaraman, Mohanaprasad
    JOURNAL OF PIPELINE SYSTEMS ENGINEERING AND PRACTICE, 2024, 15 (02)
  • [42] A Survey on the Methods and Results of Data-Driven Koopman Analysis in the Visualization of Dynamical Systems
    Parmar, Nishaal
    Refai, Hazem H.
    Runolfsson, Thordur
    IEEE TRANSACTIONS ON BIG DATA, 2022, 8 (03) : 723 - 738
  • [43] A Data-Driven Vulnerability Evaluation Method in Grid Edge Based on Random Matrix Theory Indicators
    Ding, Kai
    Qian, Yimin
    Wang, Yi
    Hu, Pan
    Wang, Bo
    IEEE ACCESS, 2020, 8 (08): : 26495 - 26504
  • [44] Data-driven software defined network attack detection : State-of-the-art and perspectives
    Wang, Puming
    Yang, Laurence T.
    Nie, Xin
    Ren, Zhian
    Li, Jintao
    Kuang, Liwei
    INFORMATION SCIENCES, 2020, 513 : 65 - 83
  • [45] A data-driven classification of feelings
    Thomson, David M. H.
    Crocker, Christopher
    FOOD QUALITY AND PREFERENCE, 2013, 27 (02) : 137 - 152
  • [46] Data Quality for Software Vulnerability Datasets
    Croft, Roland
    Babar, M. Ali
    Kholoosi, M. Mehdi
    2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, 2023, : 121 - 133
  • [47] Data-Driven Motion Planning: A Survey on Deep Neural Networks, Reinforcement Learning, and Large Language Model Approaches
    de Carvalho, Gabriel Peixoto
    Sawanobori, Tetsuya
    Horii, Takato
    IEEE ACCESS, 2025, 13 : 52195 - 52245
  • [48] Data-driven resolvent analysis
    Herrmann, Benjamin
    Baddoo, Peter J.
    Semaan, Richard
    Brunton, Steven L.
    McKeon, Beverley J.
    JOURNAL OF FLUID MECHANICS, 2021, 918
  • [49] Data-driven smart manufacturing
    Tao, Fei
    Qi, Qinglin
    Liu, Ang
    Kusiak, Andrew
    JOURNAL OF MANUFACTURING SYSTEMS, 2018, 48 : 157 - 169
  • [50] Data-driven Koopman operator approach for computational neuroscience
    Marrouch, Natasza
    Slawinska, Joanna
    Giannakis, Dimitrios
    Read, Heather L.
    ANNALS OF MATHEMATICS AND ARTIFICIAL INTELLIGENCE, 2020, 88 (11-12) : 1155 - 1173
12345