Predicting Model of Vulnerabilities Based on Markov Chain

被引：0

作者：

Yao, Yao ^{[1
]}

JinYi ^{[2
]}

PingLuo ^{[1
]}

机构：

[1] Tsinghua Univ, Sch Software, Tsinghua Natl Lab Informat Sci & Technol, Beijing 100084, Peoples R China

[2] China Informat Technol Secur Evaluat Ctr, Beijing 100085, Peoples R China

来源：

2012 THIRD INTERNATIONAL CONFERENCE ON THEORETICAL AND MATHEMATICAL FOUNDATIONS OF COMPUTER SCIENCE (ICTMF 2012) | 2013年 / 38卷

基金：

中国国家自然科学基金;

关键词：

Predicting Model of Vlunerabilities; Markov Chain; Lost; Third Party Prediction of Vulnerabilities;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

This paper first inspect on the current situation in the domain of qualification, modeling and prediction of vulnerabilities, analyzing the difficulty and disadvantages in this domain, thus rasie the idea of studying the prediction of vulnerabilities in the perspective of third party evaluating organizations. Besides, the traditional predicting model of software vulnerabilities didn't take the influence of the harming degree to software into consideration. However, under many conditions such as studying the trustworthiness of software, we not only need to consider about the number of software vulnerabilities, but also have to think about the influence of the harming degree to software made by vulnerabilities. Thus we introduce the Markov chain to model the discovery of vulnerabilities with the idea of prediction considering harming degree, and give the specific calculating method. At last, we took an example in real world to testify the model.

引用

页码：631 / 638

页数：8

共 8 条

[1] Measuring, analyzing and predicting security vulnerabilities in software systems
Alhazmi, O. H.
Malaiya, Y. K.
Ray, I.
[J]. COMPUTERS & SECURITY, 2007, 26 (03) : 219 - 228
[2] Alhazmi O.H, 2006, ANN REL MAINT S RAMS
[3] Charles P.Pfleeger., 1997, Security in Computing
[4] Eugene Schultz E., 1990, Responding to Computer Security Incidents: Guidelines for Incident Handling
[5] Kim J, 2008 IEEE INT S SOFT, P299
[6] Shin Y., 2008, WORKSHOP QUALITY PRO, P47, DOI [10.1145/1456362.1456372, DOI 10.1145/1456362.1456372]
[7] Shin Y, 2008, ESEM'08: PROCEEDINGS OF THE 2008 ACM-IEEE INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT, P315
[8] Su Zhang, 2011, Database and Expert Systems Applications. Proceedings 22nd International Conference, DEXA 2011, P217, DOI 10.1007/978-3-642-23088-2_15

← 1 →