Prediction of Future Vulnerability Discovery in Software Applications using Vulnerability Syntax Tre

Prediction of Future Vulnerability Discovery in

Software Applications using Vulnerability Syntax

Tree (PFVD-VST)

Kola Periyasamy1 and Saranya Arirangan2

1Department of Information Technology, Madras Institute of Technology, India

2Department of Information Technology, SRM Institute of Engineering and Technology, India

Abstract: Software applications are the origin to spread vulnerabilities in systems, networks and other software applications. Vulnerability Discovery Model (VDM) helps to encounter the susceptibilities in the problem domain. But preventing the software applications from known and unknown vulnerabilities is quite difficult and also need large database to store the history of attack information. We proposed a vulnerability prediction scheme named as Prediction of Future Vulnerability Discovery in Software Applications using Vulnerability Syntax Tree (PFVD-VST) which consists of five steps to address the problem of new vulnerability discovery and prediction. First, Classification and Clustering are performed based on the software application name, status, phase, category and attack types. Second, Code Quality is analyzed with the help of code quality measures such as, Cyclomatic Complexity, Functional Point Analysis, Coupling, Cloning between the objects, etc,. Third, Genetic based Binary Code Analyzer (GABCA) is used to convert the source code to binary code and evaluates each bit of the binary code. Fourth, Vulnerability Syntax Tree (VST) is trained with the help of vulnerabilities collected from National Vulnerability Database (NVD). Finally, a combined Naive Bayesian and Decision Tree based prediction algorithm is implemented to predict future vulnerabilities in new software applications. The experimental results of this system depicts that the prediction rate, recall, precision has improved significantly.

Keywords: Vulnerability discovery, prediction, classification and clustering, binary code analyzer, code quality metrics, vulnerability syntax tree.

Received October 30, 2014; accepted April 21, 2016
Read 1540 times Last modified on Sunday, 24 February 2019 06:49
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…