基于降维技术的软件脆弱性预测方法改进的研究
发布时间:2021-08-21 16:46
软件脆弱性对现实世界的医疗保健、能源、国防、金融和其他关键基础设施软件系统构成了重大且日益严重的威胁。有证据表明,由软件脆弱性引起的系统停机时间显著增加,因此潜在脆弱性威胁中那些敏感脆弱信息对安全检测专家尤为重要。此外,每年都有数十亿美元用来为因软件脆弱性引发的系统故障和非法利用买单。鉴于此类攻击主要是由软件脆弱性引起,因此检测和解决这些脆弱性就变得非常重要。早期的检测方法之一是在发现脆弱性后开发应用程序补丁升级软件系统。同样,用构建预测分类模型来确定软件是否有易受攻击的脆弱点对于软件工程领域的研究人员和从业人员来说至关重要。作为脆弱性评估中的经典问题之一,脆弱性的严重性预测是一项重要的活动,受到了研究者和从业者的广泛关注。先前的大多数工作都依赖于历史脆弱性数据和通用脆弱性评分系统(CVSS系统)来评估和度量软件脆弱性的影响。此外,机器学习技术(如随机森林,k-最近邻分类算法和决策树)也已被成功应用于预测软件脆弱性。然而,脆弱性预测的一个主要挑战是缺陷报告中模糊、稀少且复杂的语义内容,从而导致在脆弱性数据中生成了高维特征数据集。也就是说,脆弱性数据集中有一些不相关和冗余的特性会影响预测...
【文章来源】:江苏大学江苏省
【文章页数】:212 页
【学位级别】:博士
【文章目录】:
DEDICATION
ABSTRACT
摘要
Chapter 1 Introduction
1.1.Background and Motivation
1.2.Problem Statement
1.3.Scope of the Study
1.4.Research Objectives
1.4.1.Global Objective
1.4.2.Specific Objectives
1.5.Significance of the Study
1.6.Contributions to Knowledge
1.7.Organization of the Dissertation
Chapter 2 Review of Software Vulnerability Severity Prediction Techniques
2.1.Preliminaries
2.1.1.Terminologies and Notations
2.2.Vulnerability Repositories
2.2.1.Common Vulnerability Exposures
2.2.2.National Vulnerability Database
2.2.3.Common Weakness Enumeration
2.2.4.Other Vulnerability Repositories
2.3.Common Vulnerability Scoring Systems
2.3.1.Overview of CVSS
2.3.2.Quantitative Security Risk Evaluation
2.3.3.Empirical Analysis of CVSS Metrics
2.4.Modified Vulnerability Scoring Metrics
2.4.1.Weighted Impact Vulnerability Scoring System
2.4.2.VUPEN Security
2.4.3.Vulnerability Rating and Scoring System
2.4.4.Vulnerability Rating System of X-Force
Chapter 3 Dimensionality Reduction Techniques
3.1.Dimensionality Reduction
3.2.Components of Dimensionality Reduction
3.2.1.Feature Subset Selection
3.2.2.Filter Methods
3.2.3.Wrapper Methods
3.2.4.Embedded Methods
3.2.5.Feature Extraction
3.3.Dimensionality Reduction Techniques
3.3.1.Principal Component Analysis(PCA)
3.3.2.Missing Values
3.3.3.Low Variance in the Column Values
3.3.4.High Correlation Between Two Columns
3.3.5.Decision Trees Ensembles
3.3.6.Backward Feature Elimination
3.3.7.Forward Feature Construction
3.3.8.Factor Analysis
3.4.Manifold-Based Learning
3.4.1.Locally Linear Embedding
3.4.2.Multidimensional Scaling
3.4.3.Isomap
3.4.4.Laplacian Eigenmaps
Chapter 4 A Cost Effective-Strategy for Software Vulnerability Prediction Based on Bellwether Analysis
4.1 Introduction
4.2.Preliminaries
4.2.1.Software Vulnerability Severity Prediction
4.2.2.Software Vulnerability Prediction
4.2.3.Procedure for Constructing Vulnerability Prediction Models
4.3.Concept of Bellwether
4.4.Concept of Growing Portfolio
4.5.Problem Definition and Feasible Solution
4.5.1.Problem Formulation
4.5.2.Feasible Solution
4.6.Proposed Framework
4.7.Methodology
4.7.1.Studied Datasets
4.7.2.Data Preprocessing
4.7.3.Feature Extraction
4.7.4.Data Normalization
4.7.5.Sampling Bellwether Instances
4.7.6.Dependent and Independent Variables
4.7.7.Machine Learning Algorithms
4.7.8.Evaluation Metrics
4.8.Results and Discussions
4.8.1.Results of Bellwether Approach for Vulnerability Severity Prediction
4.8.2.Use Cases
4.8.3.Results and Discussions for Software Vulnerability Prediction
4.9.Summary of the Bellwether Approach
Chapter 5 An Automatic Software Vulnerability Classification Framework Using Term Frequency-Inverse Gravity Moment and Feature Selection
5.1.Introduction
5.2.Preliminaries
5.2.1.Research Questions and Outcome of the Study
5.2.2.Originality and Extension
5.2.3.Original Study
5.2.4.Current Study
5.2.5.The Classical Term-Weighting Method
5.2.6.The Concept of TF-IGM
5.3.Proposed Framework
5.3.1.Datasets Description
5.3.2.Data Preprocessing
5.3.3.Term-Weight Computation
5.3.4.Feature Selection
5.4.Experimental Design
5.4.1.Dependent and Independent Variables
5.4.2.Machine Learning Algorithms
5.4.3.Evaluation Metrics
5.5.Results and Discussions
5.5.1.Experimental Results of TF-IGM and TF-IDF Approach
5.5.2.Results of TF-IGM and IG:An Empirical Study
5.5.3.Implication of Results
5.6.Threats to Validity
5.7.Summary of TF-IGM and Feature Selection Approach
Chapter 6 Reducing Features to Improve Software Vulnerability Severity Classification
6.1.Introduction
6.2.The Concept of Normalized Difference Measure
6.3.The Concept of Firefly Algorithm Based-Feature Selection
6.3.1.Problem Formulation for FA-Based Feature Selection
6.3.2.Feasible Solution
6.4.Research Design
6.4.1.Datasets Collection
6.4.2.Data Preprocessing
6.4.3.Feature Extraction
6.4.4.Feature Selection
6.5.Experimental Design
6.5.1.Machine Learning Techniques
6.5.2.Evaluation Metrics
6.6.Results and Discussions
6.6.1.Results of Normalized Difference Measure
6.6.2.Results of the Firefly Algorithm Based Feature Selection
6.7.Threats to Validity
6.8.Summary of the Feature Reduction Approach
Chapter 7 Performance Tuning for Software Vulnerability Severity Classification
7.1.Introduction
7.2.Significance of Parameter Optimization
7.3.Ground Truth Construction
7.4.Parameter Tuning
7.5.Implementation
7.5.1.Machine Learning Algorithms
7.5.2.Evaluation Metrics
7.6.Results and Discussions
7.7.Parameter Optimization Implication
7.7.1.Computational Cost
7.8.Threats to Validity
7.9.Summary
Chapter 8 General Conclusions and Future Work
8.1.General Conclusion
8.2.Contributions
8.3.Future Work
REFERENCES
ACKNOWLEDGEMENTS
PUBLICATIONS
【参考文献】:
期刊论文
[1]A Novel Vulnerability Prediction Model to Predict Vulnerability Loss Based on Probit Regression[J]. GENG Jinkun,LUO Ping. Wuhan University Journal of Natural Sciences. 2016(03)
[2]基于分解协调的人工鱼群优化算法研究[J]. 李晓磊,钱积新. 电路与系统学报. 2003(01)
本文编号:3355974
【文章来源】:江苏大学江苏省
【文章页数】:212 页
【学位级别】:博士
【文章目录】:
DEDICATION
ABSTRACT
摘要
Chapter 1 Introduction
1.1.Background and Motivation
1.2.Problem Statement
1.3.Scope of the Study
1.4.Research Objectives
1.4.1.Global Objective
1.4.2.Specific Objectives
1.5.Significance of the Study
1.6.Contributions to Knowledge
1.7.Organization of the Dissertation
Chapter 2 Review of Software Vulnerability Severity Prediction Techniques
2.1.Preliminaries
2.1.1.Terminologies and Notations
2.2.Vulnerability Repositories
2.2.1.Common Vulnerability Exposures
2.2.2.National Vulnerability Database
2.2.3.Common Weakness Enumeration
2.2.4.Other Vulnerability Repositories
2.3.Common Vulnerability Scoring Systems
2.3.1.Overview of CVSS
2.3.2.Quantitative Security Risk Evaluation
2.3.3.Empirical Analysis of CVSS Metrics
2.4.Modified Vulnerability Scoring Metrics
2.4.1.Weighted Impact Vulnerability Scoring System
2.4.2.VUPEN Security
2.4.3.Vulnerability Rating and Scoring System
2.4.4.Vulnerability Rating System of X-Force
Chapter 3 Dimensionality Reduction Techniques
3.1.Dimensionality Reduction
3.2.Components of Dimensionality Reduction
3.2.1.Feature Subset Selection
3.2.2.Filter Methods
3.2.3.Wrapper Methods
3.2.4.Embedded Methods
3.2.5.Feature Extraction
3.3.Dimensionality Reduction Techniques
3.3.1.Principal Component Analysis(PCA)
3.3.2.Missing Values
3.3.3.Low Variance in the Column Values
3.3.4.High Correlation Between Two Columns
3.3.5.Decision Trees Ensembles
3.3.6.Backward Feature Elimination
3.3.7.Forward Feature Construction
3.3.8.Factor Analysis
3.4.Manifold-Based Learning
3.4.1.Locally Linear Embedding
3.4.2.Multidimensional Scaling
3.4.3.Isomap
3.4.4.Laplacian Eigenmaps
Chapter 4 A Cost Effective-Strategy for Software Vulnerability Prediction Based on Bellwether Analysis
4.1 Introduction
4.2.Preliminaries
4.2.1.Software Vulnerability Severity Prediction
4.2.2.Software Vulnerability Prediction
4.2.3.Procedure for Constructing Vulnerability Prediction Models
4.3.Concept of Bellwether
4.4.Concept of Growing Portfolio
4.5.Problem Definition and Feasible Solution
4.5.1.Problem Formulation
4.5.2.Feasible Solution
4.6.Proposed Framework
4.7.Methodology
4.7.1.Studied Datasets
4.7.2.Data Preprocessing
4.7.3.Feature Extraction
4.7.4.Data Normalization
4.7.5.Sampling Bellwether Instances
4.7.6.Dependent and Independent Variables
4.7.7.Machine Learning Algorithms
4.7.8.Evaluation Metrics
4.8.Results and Discussions
4.8.1.Results of Bellwether Approach for Vulnerability Severity Prediction
4.8.2.Use Cases
4.8.3.Results and Discussions for Software Vulnerability Prediction
4.9.Summary of the Bellwether Approach
Chapter 5 An Automatic Software Vulnerability Classification Framework Using Term Frequency-Inverse Gravity Moment and Feature Selection
5.1.Introduction
5.2.Preliminaries
5.2.1.Research Questions and Outcome of the Study
5.2.2.Originality and Extension
5.2.3.Original Study
5.2.4.Current Study
5.2.5.The Classical Term-Weighting Method
5.2.6.The Concept of TF-IGM
5.3.Proposed Framework
5.3.1.Datasets Description
5.3.2.Data Preprocessing
5.3.3.Term-Weight Computation
5.3.4.Feature Selection
5.4.Experimental Design
5.4.1.Dependent and Independent Variables
5.4.2.Machine Learning Algorithms
5.4.3.Evaluation Metrics
5.5.Results and Discussions
5.5.1.Experimental Results of TF-IGM and TF-IDF Approach
5.5.2.Results of TF-IGM and IG:An Empirical Study
5.5.3.Implication of Results
5.6.Threats to Validity
5.7.Summary of TF-IGM and Feature Selection Approach
Chapter 6 Reducing Features to Improve Software Vulnerability Severity Classification
6.1.Introduction
6.2.The Concept of Normalized Difference Measure
6.3.The Concept of Firefly Algorithm Based-Feature Selection
6.3.1.Problem Formulation for FA-Based Feature Selection
6.3.2.Feasible Solution
6.4.Research Design
6.4.1.Datasets Collection
6.4.2.Data Preprocessing
6.4.3.Feature Extraction
6.4.4.Feature Selection
6.5.Experimental Design
6.5.1.Machine Learning Techniques
6.5.2.Evaluation Metrics
6.6.Results and Discussions
6.6.1.Results of Normalized Difference Measure
6.6.2.Results of the Firefly Algorithm Based Feature Selection
6.7.Threats to Validity
6.8.Summary of the Feature Reduction Approach
Chapter 7 Performance Tuning for Software Vulnerability Severity Classification
7.1.Introduction
7.2.Significance of Parameter Optimization
7.3.Ground Truth Construction
7.4.Parameter Tuning
7.5.Implementation
7.5.1.Machine Learning Algorithms
7.5.2.Evaluation Metrics
7.6.Results and Discussions
7.7.Parameter Optimization Implication
7.7.1.Computational Cost
7.8.Threats to Validity
7.9.Summary
Chapter 8 General Conclusions and Future Work
8.1.General Conclusion
8.2.Contributions
8.3.Future Work
REFERENCES
ACKNOWLEDGEMENTS
PUBLICATIONS
【参考文献】:
期刊论文
[1]A Novel Vulnerability Prediction Model to Predict Vulnerability Loss Based on Probit Regression[J]. GENG Jinkun,LUO Ping. Wuhan University Journal of Natural Sciences. 2016(03)
[2]基于分解协调的人工鱼群优化算法研究[J]. 李晓磊,钱积新. 电路与系统学报. 2003(01)
本文编号:3355974
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/3355974.html
