Predicting Model of Vulnerabilities Based on the Type of Vulnerability Severity

GAO Zhi-wei; YAO Yao; RAO Fei; LIU Yan-zhao; LUO Ping

doi:10.3969/j.issn.0372-2112.2013.09.018

您当前的位置：

首页 >

文章列表页 >

Predicting Model of Vulnerabilities Based on the Type of Vulnerability Severity

更新时间：2025-07-16

- Predicting Model of Vulnerabilities Based on the Type of Vulnerability Severity
- Acta Electronica Sinica Vol. 41, Issue 9, Pages: 1784-1787(2013)
- 作者机构：
  
  1. 石家庄铁道大学信息科学与技术学院,河北,石家庄,050043
  2. 清华大学软件学院,北京,100084
  3. 中国信息安全测评中心,北京,100085
  4. 石家庄铁道大学信息科学与技术学院,河北,石家庄,050043
  5. 清华大学软件学院,北京,100084
  6. 中国信息安全测评中心,北京,100085
- 作者简介：
- 基金信息：
  
  Key Fund of National Natural Science Foundation of China (No.90818021, No.9071803)
- DOI：10.3969/j.issn.0372-2112.2013.09.018
  CLC： TN911.23
- Published：2013
- 稿件说明：
移动端阅览
GAO Zhi-wei, YAO Yao, RAO Fei, et al. Predicting Model of Vulnerabilities Based on the Type of Vulnerability Severity[J]. Acta Electronica Sinica, 2013, 41(9): 1784-1787.
DOI：

GAO Zhi-wei, YAO Yao, RAO Fei, et al. Predicting Model of Vulnerabilities Based on the Type of Vulnerability Severity[J]. Acta Electronica Sinica, 2013, 41(9): 1784-1787. DOI： 10.3969/j.issn.0372-2112.2013.09.018.

摘要

软件漏洞预测模型有许多种

能预测软件中存在的漏洞总数以及发生的时间间隔

但不能预测软件漏洞的严重程度.然而在某些场合

如软件可信性

我们不仅要考虑软件漏洞发生的总数和时间间隔

而且也要考虑漏洞发生的严重程度对软件可信性的影响.既是在传统的软件安全性研究中

考虑漏洞发生的严重程度的影响

对软件的使用和风险控制也是很重要的.本文基于传统的马尔可夫模型

将软件漏洞按发生的严重程度进行分类

获得了一种新的软件漏洞预测数学模型.利用该模型不仅能够预测软件中存在的漏洞总数和时间间隔

而且同时也能预测每一类的漏洞总数和漏洞种类

试验表明有较好的准确度

这是其它漏洞预测模型所无法预测的.

Abstract

There are many kinds of software vulnerability prediction models which are capable of predicting the total number and the time interval of occurrence of vulnerabilities in the software. But none of them can predict the severity of software vulnerabilities. However

in some cases

such as software credibility

we have to consider the total number of software vulnerabilities and time interval as well as the vulnerability severity affecting the trustworthiness of software. Considering the impact of the vulnerability severity

the application and risk control of software is also very important in the traditional software security. Based on the traditional Markov model

we classified the severity of software vulnerabilities occurrence

proposed a new software vulnerability prediction mathematical model. The model can not only predict the total number of software vulnerability and the time interval

but also the total number vulnerabilities of each class as well as the type of the vulnerabilities. Our tests showed that it has better accuracy

and the type of information that other prediction models can not offer.

关键词

Keywords

references

Views

1934

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Novel Optimal Dynamic Channel Assignment Scheme and Its Performance Evaluation

Modeling and Analysis for Network Survivability of APT Latent Attack

DATC-MC: Distributed Approximate Triangle Counting Based on Markov Chain in Graph Streaming

State-Difference Counting and Its Confidence Estimate

Related Author

CAO Yong

LI Jan-dong

LI Hong-yan

TANG Jun-xiong

ZHU Shi-hua

ZHANG Min

DANG An-hong

ZHANG Hong-ke

Related Institution

State Key Laboratory of ISN,Xidian University,Xian

Dept.of Information and Communications EngineeringXi'an Jiaotong Univ.Xi'anShaanxi China

Comp.Dept.Institute of Xi'an TechnologyXi'anShaanxi 710032China

Electronics DeptPeking Univ.Beijing 100871China

Dept.of Information and Communications Engineering,Xi'an Jiaotong Univ.

⁰