To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.
翻译:为了建立安全的通信软件,在软件安全测试之前,使用脆弱性预测模型(VPMs)来预测软件系统中的脆弱软件模块。目前,已提出许多软件安全计量标准来设计VPM。在本文中,我们通过建立系统的加权软件网络,预测软件系统中的脆弱类别。这些计量标准来自加权软件网络中的节点属性。我们设计并使用一个爬行工具来收集Mozilla Firefox的所有公共安全脆弱性。根据这些数据,对预测模型进行了培训和测试。结果显示,基于加权软件网络的VPM在准确、准确和回顾方面表现良好。与其他研究相比,它表明预测的绩效在普里和里里都得到了很大的改进。