The Effect of Weighted Moving Windows on Security Vulnerability Prediction

Abstract

Vulnerability prediction models strive to identify vulnerable modules in large software systems. Consequently, several vulnerability prediction approaches have been proposed to identify such susceptible units by using software metrics, historical data, and machine learning techniques. However, in spite of the key role seasonal trends of vulnerabilities play in estimating the resources needed for developing corrective measures, most of the proffered models fail to examine the trend, level, and seasonality of security vulnerability. To address this lacuna, this paper examines the statistical significance of the annual seasonal patterns and trends in vulnerability discovery using the weighted moving window. Our approach takes into account the chronological order within vulnerability data and assigns different weights of importance to projects in a window to effectively portray current security practices. Specifically, we used three regression-based models as vulnerability predictors for historical vulnerability data mined from five open-source applications offered by the Common Vulnerability Exposures and the National Vulnerability Database (CVE-NVD). In addition, we evaluate the performance and reliability of the models with symmetric mean absolute percent error (SMAPE). The preliminary results suggest that weighting the moving window based on Gaussian function yields improved accuracy and the recommended forecasting model is the robust regression.