Cluster-Based Vulnerability Assessment Applied to Operating Systems

Movahedi, Yazdan; Cukier, Michel; Andongabo, Ambrose; Gashi, Ilir

doi:10.1109/edcc.2017.27

Cited by 5 publications

(3 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Movahedi et al [29] developed nine common vulnerability discovery models (VDMs) which were compared with a nonlinear neural network model (NNM) over a prediction period of three years. The common VDMs are the NHPP power-law gamma-based VDM, Weibull-based VDM, AML VDM, normalbased VDM, rescorla exponential (RE), rescorla quadratic (RQ), younis folded (YF) and linear model (LM).…”

Section: Related Researchmentioning

confidence: 99%

Forecasting number of vulnerabilities using long short-term neural memory network

Hoque

Jamil

Amin

et al. 2021

IJECE

View full text Add to dashboard Cite

Cyber-attacks are launched through the exploitation of some existing vulnerabilities in the software, hardware, system and/or network. Machine learning algorithms can be used to forecast the number of post release vulnerabilities. Traditional neural networks work like a black box approach; hence it is unclear how reasoning is used in utilizing past data points in inferring the subsequent data points. However, the long short-term memory network (LSTM), a variant of the recurrent neural network, is able to address this limitation by introducing a lot of loops in its network to retain and utilize past data points for future calculations. Moving on from the previous finding, we further enhance the results to predict the number of vulnerabilities by developing a time series-based sequential model using a long short-term memory neural network. Specifically, this study developed a supervised machine learning based on the non-linear sequential time series forecasting model with a long short-term memory neural network to predict the number of vulnerabilities for three vendors having the highest number of vulnerabilities published in the national vulnerability database (NVD), namely microsoft, IBM and oracle. Our proposed model outperforms the existing models with a prediction result root mean squared error (RMSE) of as low as 0.072.

show abstract

Section: Related Researchmentioning

confidence: 99%

Forecasting number of vulnerabilities using long short-term neural memory network

Hoque

Jamil

Amin

et al. 2021

IJECE

View full text Add to dashboard Cite

show abstract

“…The dataset used in this paper was collected from the National Vulnerability Database (NVD) maintained by NIST, and collected using the same approach followed by [24]. We leveraged the vulnerability CVE IDs to compare the reporting date of each vulnerability in NVD with the dates in other public repositories on vulnerabilities 1 .…”

Section: Datasetmentioning

confidence: 99%

“…Allodi [27] showed that the discovered vulnerabilities may follow a Power-law distribution. The model used in this paper was applied on vulnerability data as a VDM in [24] [18]. The main assumption of this model [28].…”

Section: Gamma-based Vdm [8]mentioning

confidence: 99%

Vulnerability prediction capability: A comparison between vulnerability discovery models and neural network models

Movahedi

Cukier

Gashi

2019

Computers & Security

Self Cite

View full text Add to dashboard Cite

In this paper, we introduce an approach for predicting the cumulative number of software vulnerabilities that is in most cases more accurate than vulnerability discovery models (VDMs). Our approach uses a neural network model (NNM) to model the nonlinearities associated with vulnerability disclosure. Nine common VDMs were used to compare their prediction capability with our approach. The different models were applied to vulnerabilities associated with eight well-known software (four operating systems and four web browsers). The models were assessed in terms of prediction accuracy and prediction bias. Out of eight software we analyzed, the NNM outperformed the VDMs in all the cases in terms of prediction accuracy, and provided smaller values of absolute average bias in seven cases. This study shows that NNMs are promising for accurate predictions of software vulnerabilities disclosures.

show abstract