Modeling and Characterizing Software Vulnerabilities

Kaur

Inoue

2020

IJQRM

Self Cite

PurposeThe purpose of the present work is to mathematically model the reliability growth of a multi-version software system that is affected by infected patches.Design/methodology/approachThe work presents a mathematical model that studies the reliability change due to the insertion of an infected patch in multi-version software. Various distribution functions have been considered to highlight the varied aspects of the model. Furthermore, weighted criteria approach has been discussed to facilitate the choice of the model.FindingsThe model presented here is able to quantify the effect of an infected patch on multi-version software. The model captures the hike in bug content due to an infected patch.Originality/valueMulti-version systems have been studied widely, but the role of an infected patch has not been yet explored. The effect of an infected patch has been quantified by modeling the extra bugs generated in the system. This bug count would prove helpful in further studies for optimal resource allocation and testing effort allocation.

Section: Introductionmentioning

confidence: 99%

Reliability modeling of multi-version software system incorporating the impact of infected patching

Kaur

Inoue

2020

IJQRM

Self Cite

“…The AML model fitted the data sets of different types of software effectively and closely. Of late, many researchers have deduced VDMs based on different discovery patterns [6][7][8][9][10][11][12][13].…”

Section: Literaturementioning

confidence: 99%

Time Lag-Based Modelling for Software Vulnerability Exploitation Process

Bhatt

Kaur

et al. 2021

JCSANDM

Self Cite

With the increase in the discovery of vulnerabilities, the expected exploits occurred in various software platform has shown an increased growth with respect to time. Only after being discovered, the potential vulnerabilities might be exploited. There exists a finite time lag in the exploitation process; from the moment the hackers get information about the discovery of a vulnerability and the time required in the final exploitation. By making use of the time lag approach, we have developed a framework for the vulnerability exploitation process that occurred in multiple stages. The time lag between the discovery and exploitation of a vulnerability has been bridged via the memory kernel function over a finite time interval. The applicability of the proposed model has been validated using various software exploit datasets.

“…Predicting cyber exploits has received an increasing attention in the domain of cybersecurity. However, there exists a little work in this line of research as related to the works proposed for predicting vulnerabilities in a software system 4–7 . Of late, this side of coin has been given importance in order to help the vendors to prioritize their vulnerability patching phenomenon based on the discovered vulnerability's likelihood of exploitation.…”

Section: Related Workmentioning

confidence: 99%

Exploitability prediction of software vulnerabilities

Bhatt

Quality & Reliability Eng

Yadavalli

2020

Self Cite

The number of security failure discovered and disclosed publicly are increasing at a pace like never before. Wherein, a small fraction of vulnerabilities encountered in the operational phase are exploited in the wild. It is difficult to find vulnerabilities during the early stages of software development cycle, as security aspects are often not known adequately. To counter these security implications, firms usually provide patches such that these security flaws are not exploited. It is a daunting task for a security manager to prioritize patches for vulnerabilities that are likely to be exploitable. This paper fills this gap by applying different machine learning techniques to classify the vulnerabilities based on previous exploit‐history. Our work indicates that various vulnerability characteristics such as severity, type of vulnerabilities, different software configurations, and vulnerability scoring parameters are important features to be considered in judging an exploit. Using such methods, it is possible to predict exploit‐prone vulnerabilities with an accuracy >85%. Finally, with this experiment, we conclude that supervised machine learning approach can be a useful technique in predicting exploit‐prone vulnerabilities.