Advertisement

Analysis of Software Vulnerabilities Using Machine Learning Techniques

  • Doffou Jerome DiakoEmail author
  • Odilon Yapo M. Achiepo
  • Edoete Patrice Mensah
Conference paper
  • 8 Downloads
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 311)

Abstract

With the increasing development of software technologies, we see that software vulnerabilities are a very critical issue of IT security. Because of their serious impacts, many different approaches have been proposed in recent decades to mitigate the damage caused by software vulnerabilities. Machine learning is also part of an approach to solve this problem. The main objective of this document is to provide three supervised machine to predict software vulnerabilities from a dataset of 6670 observations from national vulnerabilities database (NVD). The effectiveness of the proposed models has been evaluated with several performance indicators including Accuracy.

Keywords

Machine learning Vulnerabilities Naive Bayes Support vectors machines CVSS 

References

  1. 1.
    Dowd, M.: The Art of Software Security Assessment: Identifying and Preventing (2007)Google Scholar
  2. 2.
    Zulkernine, M.: Mitigating program security vulnerabilities: approaches and challenges. ACM Comput. Surv. (CSUR), 44(3), 11 (2012)Google Scholar
  3. 3.
    Cheng, H., Yan, X., Han, J.: Mining graph patterns. In: Aggarwal, Charu C., Han, J. (eds.) Frequent Pattern Mining, pp. 307–338. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-07821-2_13CrossRefGoogle Scholar
  4. 4.
    Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. (CSUR) 50(4), 1–36 (2017)CrossRefGoogle Scholar
  5. 5.
    Zimmermann, T.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista (2010)Google Scholar
  6. 6.
    Meneely, A., Williams, L.: Strengthening the empirical analysis of the relationship between Linus’ Law. In: Proceedings of the ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2010). ACM (2010). Article no. 9 Google Scholar
  7. 7.
    Sami, A., Azimi, M., Moshtari, S.: Using complexity metrics to improve software security. Comput. Fraud Secur. 2013(5), 8–17 (2013)CrossRefGoogle Scholar
  8. 8.
    Herzig, K., Murphy, B., Williams, L., Morrison, P.: Challenges with applying vulnerability prediction models. In: Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS 2015). ACM (2015). Article no. 4Google Scholar
  9. 9.
    Malaiya, Y., Anderson, C., Ray, I., Younis, A.: To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In: Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY 2016), pp. 97–104. ACM (2016)Google Scholar
  10. 10.
    Ellis, S.R.: Ethical hacking, Chapitre 30. kCura Corporation, Chicago (2017).  https://doi.org/10.1016/b978-0-12-803843-7.00030-2
  11. 11.
    Caldwell, T.: Ethical hackers: putting on the white hat-‘WhiteHat Website Security Statistics Report’, June 2011Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020

Authors and Affiliations

  • Doffou Jerome Diako
    • 1
    Email author
  • Odilon Yapo M. Achiepo
    • 2
  • Edoete Patrice Mensah
    • 3
  1. 1.EDPINPHB YamoussoukroYamoussoukroCôte d’Ivoire
  2. 2.Peleforo Gon Coulibaly UniversityKorhogoCôte d’Ivoire
  3. 3.INPHB YamoussoukroYamoussoukroCôte d’Ivoire

Personalised recommendations