Secure Environment via Prediction of Software Vulnerabilities-Severity
- سال انتشار: 1398
- محل انتشار: فصلنامه انرژی و محیط زیست ایران (ایرانیکا)، دوره: 10، شماره: 2
- کد COI اختصاصی: JR_IJEE-10-2_014
- زبان مقاله: انگلیسی
- تعداد مشاهده: 338
نویسندگان
Computer Engineering Group, Engineering Campus, Yazd University, Yazd, Iran
Computer Engineering Group, Engineering Campus, Yazd University, Yazd, Iran
چکیده
Prediction of software vulnerabilities-severity is of particular importance. Its most important application is that managers can first deal with the most dangerous vulnerabilities when they have limited resources. This research shows how we can use the former patterns of software vulnerabilities-severity along with machine learning methods to predict the vulnerabilities severity of that software in the future. In this regard, we used the SVM, Decision Trees (DT), Random Forests (RF), K Nearest Neighbors (KNN), bagging and AdaBoost algorithms along with the already reported vulnerabilities of Google Android applications, Apple Safari and the Flash Player. The experimental results showed that the Bagging algorithm can predict Google Android vulnerability with accuracy of 78.21% and f1-measure equal to 77%, the vulnerability of the Flash Player software with accuracy of 82.37% and f1-measure equal to 87.73% and predict the vulnerability severity of the Apple Safari with accuracy of 70.58% and f1-measure equal to 70%. The novelty of this research is introduction of a new method for prediction of software vulnerabilities severity.کلیدواژه ها
Machine Learning, Pattern Recognition, prediction, Vulnerability Severityاطلاعات بیشتر در مورد COI
COI مخفف عبارت CIVILICA Object Identifier به معنی شناسه سیویلیکا برای اسناد است. COI کدی است که مطابق محل انتشار، به مقالات کنفرانسها و ژورنالهای داخل کشور به هنگام نمایه سازی بر روی پایگاه استنادی سیویلیکا اختصاص می یابد.
کد COI به مفهوم کد ملی اسناد نمایه شده در سیویلیکا است و کدی یکتا و ثابت است و به همین دلیل همواره قابلیت استناد و پیگیری دارد.