基于降維技術(shù)的軟件脆弱性預(yù)測方法改進的研究
發(fā)布時間:2021-08-21 16:46
軟件脆弱性對現(xiàn)實世界的醫(yī)療保健、能源、國防、金融和其他關(guān)鍵基礎(chǔ)設(shè)施軟件系統(tǒng)構(gòu)成了重大且日益嚴重的威脅。有證據(jù)表明,由軟件脆弱性引起的系統(tǒng)停機時間顯著增加,因此潛在脆弱性威脅中那些敏感脆弱信息對安全檢測專家尤為重要。此外,每年都有數(shù)十億美元用來為因軟件脆弱性引發(fā)的系統(tǒng)故障和非法利用買單。鑒于此類攻擊主要是由軟件脆弱性引起,因此檢測和解決這些脆弱性就變得非常重要。早期的檢測方法之一是在發(fā)現(xiàn)脆弱性后開發(fā)應(yīng)用程序補丁升級軟件系統(tǒng)。同樣,用構(gòu)建預(yù)測分類模型來確定軟件是否有易受攻擊的脆弱點對于軟件工程領(lǐng)域的研究人員和從業(yè)人員來說至關(guān)重要。作為脆弱性評估中的經(jīng)典問題之一,脆弱性的嚴重性預(yù)測是一項重要的活動,受到了研究者和從業(yè)者的廣泛關(guān)注。先前的大多數(shù)工作都依賴于歷史脆弱性數(shù)據(jù)和通用脆弱性評分系統(tǒng)(CVSS系統(tǒng))來評估和度量軟件脆弱性的影響。此外,機器學(xué)習(xí)技術(shù)(如隨機森林,k-最近鄰分類算法和決策樹)也已被成功應(yīng)用于預(yù)測軟件脆弱性。然而,脆弱性預(yù)測的一個主要挑戰(zhàn)是缺陷報告中模糊、稀少且復(fù)雜的語義內(nèi)容,從而導(dǎo)致在脆弱性數(shù)據(jù)中生成了高維特征數(shù)據(jù)集。也就是說,脆弱性數(shù)據(jù)集中有一些不相關(guān)和冗余的特性會影響預(yù)測...
【文章來源】:江蘇大學(xué)江蘇省
【文章頁數(shù)】:212 頁
【學(xué)位級別】:博士
【文章目錄】:
DEDICATION
ABSTRACT
摘要
Chapter 1 Introduction
1.1.Background and Motivation
1.2.Problem Statement
1.3.Scope of the Study
1.4.Research Objectives
1.4.1.Global Objective
1.4.2.Specific Objectives
1.5.Significance of the Study
1.6.Contributions to Knowledge
1.7.Organization of the Dissertation
Chapter 2 Review of Software Vulnerability Severity Prediction Techniques
2.1.Preliminaries
2.1.1.Terminologies and Notations
2.2.Vulnerability Repositories
2.2.1.Common Vulnerability Exposures
2.2.2.National Vulnerability Database
2.2.3.Common Weakness Enumeration
2.2.4.Other Vulnerability Repositories
2.3.Common Vulnerability Scoring Systems
2.3.1.Overview of CVSS
2.3.2.Quantitative Security Risk Evaluation
2.3.3.Empirical Analysis of CVSS Metrics
2.4.Modified Vulnerability Scoring Metrics
2.4.1.Weighted Impact Vulnerability Scoring System
2.4.2.VUPEN Security
2.4.3.Vulnerability Rating and Scoring System
2.4.4.Vulnerability Rating System of X-Force
Chapter 3 Dimensionality Reduction Techniques
3.1.Dimensionality Reduction
3.2.Components of Dimensionality Reduction
3.2.1.Feature Subset Selection
3.2.2.Filter Methods
3.2.3.Wrapper Methods
3.2.4.Embedded Methods
3.2.5.Feature Extraction
3.3.Dimensionality Reduction Techniques
3.3.1.Principal Component Analysis(PCA)
3.3.2.Missing Values
3.3.3.Low Variance in the Column Values
3.3.4.High Correlation Between Two Columns
3.3.5.Decision Trees Ensembles
3.3.6.Backward Feature Elimination
3.3.7.Forward Feature Construction
3.3.8.Factor Analysis
3.4.Manifold-Based Learning
3.4.1.Locally Linear Embedding
3.4.2.Multidimensional Scaling
3.4.3.Isomap
3.4.4.Laplacian Eigenmaps
Chapter 4 A Cost Effective-Strategy for Software Vulnerability Prediction Based on Bellwether Analysis
4.1 Introduction
4.2.Preliminaries
4.2.1.Software Vulnerability Severity Prediction
4.2.2.Software Vulnerability Prediction
4.2.3.Procedure for Constructing Vulnerability Prediction Models
4.3.Concept of Bellwether
4.4.Concept of Growing Portfolio
4.5.Problem Definition and Feasible Solution
4.5.1.Problem Formulation
4.5.2.Feasible Solution
4.6.Proposed Framework
4.7.Methodology
4.7.1.Studied Datasets
4.7.2.Data Preprocessing
4.7.3.Feature Extraction
4.7.4.Data Normalization
4.7.5.Sampling Bellwether Instances
4.7.6.Dependent and Independent Variables
4.7.7.Machine Learning Algorithms
4.7.8.Evaluation Metrics
4.8.Results and Discussions
4.8.1.Results of Bellwether Approach for Vulnerability Severity Prediction
4.8.2.Use Cases
4.8.3.Results and Discussions for Software Vulnerability Prediction
4.9.Summary of the Bellwether Approach
Chapter 5 An Automatic Software Vulnerability Classification Framework Using Term Frequency-Inverse Gravity Moment and Feature Selection
5.1.Introduction
5.2.Preliminaries
5.2.1.Research Questions and Outcome of the Study
5.2.2.Originality and Extension
5.2.3.Original Study
5.2.4.Current Study
5.2.5.The Classical Term-Weighting Method
5.2.6.The Concept of TF-IGM
5.3.Proposed Framework
5.3.1.Datasets Description
5.3.2.Data Preprocessing
5.3.3.Term-Weight Computation
5.3.4.Feature Selection
5.4.Experimental Design
5.4.1.Dependent and Independent Variables
5.4.2.Machine Learning Algorithms
5.4.3.Evaluation Metrics
5.5.Results and Discussions
5.5.1.Experimental Results of TF-IGM and TF-IDF Approach
5.5.2.Results of TF-IGM and IG:An Empirical Study
5.5.3.Implication of Results
5.6.Threats to Validity
5.7.Summary of TF-IGM and Feature Selection Approach
Chapter 6 Reducing Features to Improve Software Vulnerability Severity Classification
6.1.Introduction
6.2.The Concept of Normalized Difference Measure
6.3.The Concept of Firefly Algorithm Based-Feature Selection
6.3.1.Problem Formulation for FA-Based Feature Selection
6.3.2.Feasible Solution
6.4.Research Design
6.4.1.Datasets Collection
6.4.2.Data Preprocessing
6.4.3.Feature Extraction
6.4.4.Feature Selection
6.5.Experimental Design
6.5.1.Machine Learning Techniques
6.5.2.Evaluation Metrics
6.6.Results and Discussions
6.6.1.Results of Normalized Difference Measure
6.6.2.Results of the Firefly Algorithm Based Feature Selection
6.7.Threats to Validity
6.8.Summary of the Feature Reduction Approach
Chapter 7 Performance Tuning for Software Vulnerability Severity Classification
7.1.Introduction
7.2.Significance of Parameter Optimization
7.3.Ground Truth Construction
7.4.Parameter Tuning
7.5.Implementation
7.5.1.Machine Learning Algorithms
7.5.2.Evaluation Metrics
7.6.Results and Discussions
7.7.Parameter Optimization Implication
7.7.1.Computational Cost
7.8.Threats to Validity
7.9.Summary
Chapter 8 General Conclusions and Future Work
8.1.General Conclusion
8.2.Contributions
8.3.Future Work
REFERENCES
ACKNOWLEDGEMENTS
PUBLICATIONS
【參考文獻】:
期刊論文
[1]A Novel Vulnerability Prediction Model to Predict Vulnerability Loss Based on Probit Regression[J]. GENG Jinkun,LUO Ping. Wuhan University Journal of Natural Sciences. 2016(03)
[2]基于分解協(xié)調(diào)的人工魚群優(yōu)化算法研究[J]. 李曉磊,錢積新. 電路與系統(tǒng)學(xué)報. 2003(01)
本文編號:3355974
【文章來源】:江蘇大學(xué)江蘇省
【文章頁數(shù)】:212 頁
【學(xué)位級別】:博士
【文章目錄】:
DEDICATION
ABSTRACT
摘要
Chapter 1 Introduction
1.1.Background and Motivation
1.2.Problem Statement
1.3.Scope of the Study
1.4.Research Objectives
1.4.1.Global Objective
1.4.2.Specific Objectives
1.5.Significance of the Study
1.6.Contributions to Knowledge
1.7.Organization of the Dissertation
Chapter 2 Review of Software Vulnerability Severity Prediction Techniques
2.1.Preliminaries
2.1.1.Terminologies and Notations
2.2.Vulnerability Repositories
2.2.1.Common Vulnerability Exposures
2.2.2.National Vulnerability Database
2.2.3.Common Weakness Enumeration
2.2.4.Other Vulnerability Repositories
2.3.Common Vulnerability Scoring Systems
2.3.1.Overview of CVSS
2.3.2.Quantitative Security Risk Evaluation
2.3.3.Empirical Analysis of CVSS Metrics
2.4.Modified Vulnerability Scoring Metrics
2.4.1.Weighted Impact Vulnerability Scoring System
2.4.2.VUPEN Security
2.4.3.Vulnerability Rating and Scoring System
2.4.4.Vulnerability Rating System of X-Force
Chapter 3 Dimensionality Reduction Techniques
3.1.Dimensionality Reduction
3.2.Components of Dimensionality Reduction
3.2.1.Feature Subset Selection
3.2.2.Filter Methods
3.2.3.Wrapper Methods
3.2.4.Embedded Methods
3.2.5.Feature Extraction
3.3.Dimensionality Reduction Techniques
3.3.1.Principal Component Analysis(PCA)
3.3.2.Missing Values
3.3.3.Low Variance in the Column Values
3.3.4.High Correlation Between Two Columns
3.3.5.Decision Trees Ensembles
3.3.6.Backward Feature Elimination
3.3.7.Forward Feature Construction
3.3.8.Factor Analysis
3.4.Manifold-Based Learning
3.4.1.Locally Linear Embedding
3.4.2.Multidimensional Scaling
3.4.3.Isomap
3.4.4.Laplacian Eigenmaps
Chapter 4 A Cost Effective-Strategy for Software Vulnerability Prediction Based on Bellwether Analysis
4.1 Introduction
4.2.Preliminaries
4.2.1.Software Vulnerability Severity Prediction
4.2.2.Software Vulnerability Prediction
4.2.3.Procedure for Constructing Vulnerability Prediction Models
4.3.Concept of Bellwether
4.4.Concept of Growing Portfolio
4.5.Problem Definition and Feasible Solution
4.5.1.Problem Formulation
4.5.2.Feasible Solution
4.6.Proposed Framework
4.7.Methodology
4.7.1.Studied Datasets
4.7.2.Data Preprocessing
4.7.3.Feature Extraction
4.7.4.Data Normalization
4.7.5.Sampling Bellwether Instances
4.7.6.Dependent and Independent Variables
4.7.7.Machine Learning Algorithms
4.7.8.Evaluation Metrics
4.8.Results and Discussions
4.8.1.Results of Bellwether Approach for Vulnerability Severity Prediction
4.8.2.Use Cases
4.8.3.Results and Discussions for Software Vulnerability Prediction
4.9.Summary of the Bellwether Approach
Chapter 5 An Automatic Software Vulnerability Classification Framework Using Term Frequency-Inverse Gravity Moment and Feature Selection
5.1.Introduction
5.2.Preliminaries
5.2.1.Research Questions and Outcome of the Study
5.2.2.Originality and Extension
5.2.3.Original Study
5.2.4.Current Study
5.2.5.The Classical Term-Weighting Method
5.2.6.The Concept of TF-IGM
5.3.Proposed Framework
5.3.1.Datasets Description
5.3.2.Data Preprocessing
5.3.3.Term-Weight Computation
5.3.4.Feature Selection
5.4.Experimental Design
5.4.1.Dependent and Independent Variables
5.4.2.Machine Learning Algorithms
5.4.3.Evaluation Metrics
5.5.Results and Discussions
5.5.1.Experimental Results of TF-IGM and TF-IDF Approach
5.5.2.Results of TF-IGM and IG:An Empirical Study
5.5.3.Implication of Results
5.6.Threats to Validity
5.7.Summary of TF-IGM and Feature Selection Approach
Chapter 6 Reducing Features to Improve Software Vulnerability Severity Classification
6.1.Introduction
6.2.The Concept of Normalized Difference Measure
6.3.The Concept of Firefly Algorithm Based-Feature Selection
6.3.1.Problem Formulation for FA-Based Feature Selection
6.3.2.Feasible Solution
6.4.Research Design
6.4.1.Datasets Collection
6.4.2.Data Preprocessing
6.4.3.Feature Extraction
6.4.4.Feature Selection
6.5.Experimental Design
6.5.1.Machine Learning Techniques
6.5.2.Evaluation Metrics
6.6.Results and Discussions
6.6.1.Results of Normalized Difference Measure
6.6.2.Results of the Firefly Algorithm Based Feature Selection
6.7.Threats to Validity
6.8.Summary of the Feature Reduction Approach
Chapter 7 Performance Tuning for Software Vulnerability Severity Classification
7.1.Introduction
7.2.Significance of Parameter Optimization
7.3.Ground Truth Construction
7.4.Parameter Tuning
7.5.Implementation
7.5.1.Machine Learning Algorithms
7.5.2.Evaluation Metrics
7.6.Results and Discussions
7.7.Parameter Optimization Implication
7.7.1.Computational Cost
7.8.Threats to Validity
7.9.Summary
Chapter 8 General Conclusions and Future Work
8.1.General Conclusion
8.2.Contributions
8.3.Future Work
REFERENCES
ACKNOWLEDGEMENTS
PUBLICATIONS
【參考文獻】:
期刊論文
[1]A Novel Vulnerability Prediction Model to Predict Vulnerability Loss Based on Probit Regression[J]. GENG Jinkun,LUO Ping. Wuhan University Journal of Natural Sciences. 2016(03)
[2]基于分解協(xié)調(diào)的人工魚群優(yōu)化算法研究[J]. 李曉磊,錢積新. 電路與系統(tǒng)學(xué)報. 2003(01)
本文編號:3355974
本文鏈接:http://sikaile.net/kejilunwen/ruanjiangongchenglunwen/3355974.html
最近更新
教材專著
