基于多层次漏洞发现模型的软件安全评估

IF 1.3 4区 工程技术 Q4 ENGINEERING, INDUSTRIAL
Ruchi Sharma, A. Shrivastava, H. Pham
{"title":"基于多层次漏洞发现模型的软件安全评估","authors":"Ruchi Sharma, A. Shrivastava, H. Pham","doi":"10.1080/08982112.2022.2132404","DOIUrl":null,"url":null,"abstract":"Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.","PeriodicalId":20846,"journal":{"name":"Quality Engineering","volume":"35 1","pages":"341 - 352"},"PeriodicalIF":1.3000,"publicationDate":"2022-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Software security evaluation using multilevel vulnerability discovery modeling\",\"authors\":\"Ruchi Sharma, A. Shrivastava, H. Pham\",\"doi\":\"10.1080/08982112.2022.2132404\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.\",\"PeriodicalId\":20846,\"journal\":{\"name\":\"Quality Engineering\",\"volume\":\"35 1\",\"pages\":\"341 - 352\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2022-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Quality Engineering\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://doi.org/10.1080/08982112.2022.2132404\",\"RegionNum\":4,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ENGINEERING, INDUSTRIAL\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Quality Engineering","FirstCategoryId":"5","ListUrlMain":"https://doi.org/10.1080/08982112.2022.2132404","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}
引用次数: 0

摘要

摘要本文提出了一种新的漏洞发现模型,通过预测软件中不同严重级别漏洞的数量和发生概率。严重性预测假设漏洞评分是一个连续变量,按照广泛接受的通用漏洞评分系统分布在0-10的范围内。我们进一步发展了一个风险评估模型,可用于界定软件的安全级别,并有助于风险评估和补丁管理。在实际数据集上进行了数值说明,验证了所提出的模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Software security evaluation using multilevel vulnerability discovery modeling
Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Quality Engineering
Quality Engineering ENGINEERING, INDUSTRIAL-STATISTICS & PROBABILITY
CiteScore
3.90
自引率
10.00%
发文量
52
审稿时长
>12 weeks
期刊介绍: Quality Engineering aims to promote a rich exchange among the quality engineering community by publishing papers that describe new engineering methods ready for immediate industrial application or examples of techniques uniquely employed. You are invited to submit manuscripts and application experiences that explore: Experimental engineering design and analysis Measurement system analysis in engineering Engineering process modelling Product and process optimization in engineering Quality control and process monitoring in engineering Engineering regression Reliability in engineering Response surface methodology in engineering Robust engineering parameter design Six Sigma method enhancement in engineering Statistical engineering Engineering test and evaluation techniques.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信