A Novel Vulnerability Prediction Model to Predict Vulnerability Loss Based on Probit Regression

作     者：GENG Jinkun LUO Ping 

作者机构：Institute of Computer Networks Tsinghua University School of Software Tsinghua University 

出 版 物：《Wuhan University Journal of Natural Sciences》 (武汉大学学报（自然科学英文版）)

年 卷 期：2016年第21卷第3期

页      面：214-220页

核心收录：

学科分类：08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Supported by the Nuclear High Base Major Special(2012zx01039-004-46) the National Development and Reform Commission Information Security Special(2012-1424) 

主　　题：software vulnerability prediction software security vulnerability loss probit regression 

摘      要：Software vulnerability is always an enormous threat to software security. Quantitative analysis of software vulnerabilities is necessary to the evaluation and improvement of software security. Current vulnerability prediction models mainly focus on predicting the number of vulnerabilities regardless of the seriousness of vulnerabilities, therefore these models are unable to reflect the security level of software accurately. Starting from this, we propose a vulnerability prediction model based on probit regression in this paper. Unlike traditional ones, we measure the seriousness of vulnerability by the loss it causes and aim at predicting the accumulative vulnerability loss rather than the number of vulnerabilities. To validate our model, experiment is carried out on two soft- ware -- OpenSSL and Xpdf, and the experimental result shows a good performance of our model.