TY - GEN
T1 - The effect of weighted moving windows on security vulnerability prediction
AU - Kudjo, Patrick Kwaku
AU - Chen, Jinfu
AU - Brown, Selasie Aformaley
AU - Mensah, Solomon
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - Vulnerability prediction models strive to identify vulnerable modules in large software systems. Consequently, several vulnerability prediction approaches have been proposed to identify such susceptible units by using software metrics, historical data, and machine learning techniques. However, in spite of the key role seasonal trends of vulnerabilities play in estimating the resources needed for developing corrective measures, most of the proffered models fail to examine the trend, level, and seasonality of security vulnerability. To address this lacuna, this paper examines the statistical significance of the annual seasonal patterns and trends in vulnerability discovery using the weighted moving window. Our approach takes into account the chronological order within vulnerability data and assigns different weights of importance to projects in a window to effectively portray current security practices. Specifically, we used three regression-based models as vulnerability predictors for historical vulnerability data mined from five open-source applications offered by the Common Vulnerability Exposures and the National Vulnerability Database (CVE-NVD). In addition, we evaluate the performance and reliability of the models with symmetric mean absolute percent error (SMAPE). The preliminary results suggest that weighting the moving window based on Gaussian function yields improved accuracy and the recommended forecasting model is the robust regression.
AB - Vulnerability prediction models strive to identify vulnerable modules in large software systems. Consequently, several vulnerability prediction approaches have been proposed to identify such susceptible units by using software metrics, historical data, and machine learning techniques. However, in spite of the key role seasonal trends of vulnerabilities play in estimating the resources needed for developing corrective measures, most of the proffered models fail to examine the trend, level, and seasonality of security vulnerability. To address this lacuna, this paper examines the statistical significance of the annual seasonal patterns and trends in vulnerability discovery using the weighted moving window. Our approach takes into account the chronological order within vulnerability data and assigns different weights of importance to projects in a window to effectively portray current security practices. Specifically, we used three regression-based models as vulnerability predictors for historical vulnerability data mined from five open-source applications offered by the Common Vulnerability Exposures and the National Vulnerability Database (CVE-NVD). In addition, we evaluate the performance and reliability of the models with symmetric mean absolute percent error (SMAPE). The preliminary results suggest that weighting the moving window based on Gaussian function yields improved accuracy and the recommended forecasting model is the robust regression.
KW - Forecasting
KW - Seasonality
KW - Software vulnerabilities
KW - Weighted moving window
UR - http://www.scopus.com/inward/record.url?scp=85079271451&partnerID=8YFLogxK
U2 - 10.1109/ASEW.2019.00031
DO - 10.1109/ASEW.2019.00031
M3 - Conference contribution
AN - SCOPUS:85079271451
T3 - Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019
SP - 65
EP - 68
BT - Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019
Y2 - 10 November 2019 through 15 November 2019
ER -