The effect of weighted moving windows on security vulnerability prediction

Patrick Kwaku Kudjo, Jinfu Chen, Selasie Aformaley Brown, Solomon Mensah

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Citations (Scopus)

Abstract

Vulnerability prediction models strive to identify vulnerable modules in large software systems. Consequently, several vulnerability prediction approaches have been proposed to identify such susceptible units by using software metrics, historical data, and machine learning techniques. However, in spite of the key role seasonal trends of vulnerabilities play in estimating the resources needed for developing corrective measures, most of the proffered models fail to examine the trend, level, and seasonality of security vulnerability. To address this lacuna, this paper examines the statistical significance of the annual seasonal patterns and trends in vulnerability discovery using the weighted moving window. Our approach takes into account the chronological order within vulnerability data and assigns different weights of importance to projects in a window to effectively portray current security practices. Specifically, we used three regression-based models as vulnerability predictors for historical vulnerability data mined from five open-source applications offered by the Common Vulnerability Exposures and the National Vulnerability Database (CVE-NVD). In addition, we evaluate the performance and reliability of the models with symmetric mean absolute percent error (SMAPE). The preliminary results suggest that weighting the moving window based on Gaussian function yields improved accuracy and the recommended forecasting model is the robust regression.

Original languageEnglish
Title of host publicationProceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages65-68
Number of pages4
ISBN (Electronic)9781728141367
DOIs
Publication statusPublished - Nov 2019
Event34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019 - San Diego
Duration: 10 Nov 201915 Nov 2019

Publication series

NameProceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019

Conference

Conference34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019
Country/TerritoryUnited States
CitySan Diego
Period10/11/1915/11/19

Keywords

  • Forecasting
  • Seasonality
  • Software vulnerabilities
  • Weighted moving window

Fingerprint

Dive into the research topics of 'The effect of weighted moving windows on security vulnerability prediction'. Together they form a unique fingerprint.

Cite this