基于损失量的G-O漏洞预测模型及其改进

彭轼; 郭昊; 王涛

doi:10.11959/j.issn.1000-0801.2015393

您当前的位置：

首页 >

文章列表页 >

基于损失量的G-O漏洞预测模型及其改进

网络与信息安全 | 更新时间：2024-06-05

- 基于损失量的G-O漏洞预测模型及其改进
- G-O vulnerability forecasting model and its improvement based on loss
- 电信科学 2015年31卷第Z1期页码：99-105
- 作者机构：
- 作者简介：
  
  [ "彭轼（1984-），男，全球能源互联网研究院信息安全工程师，主要研究方向为网络与信息安全、数据库安全。" ]
  [ "郭昊（1981-），男，全球能源互联网研究院信息安全工程师，主要研究方向为网络与信息安全、数据库安全。" ]
  [ "王涛（1977-），男，全球能源互联网研究院信息安全工程师，主要研究方向为网络与信息安全、密码算法实现及应用。" ]
- 基金信息：
- DOI：10.11959/j.issn.1000-0801.2015393
  中图分类号： TP311.5
- 网络出版日期：2015-12-20，
  
  纸质出版日期：2015-12-20
- 稿件说明：
移动端阅览
彭轼, 郭昊, 王涛. 基于损失量的G-O漏洞预测模型及其改进[J]. 电信科学, 2015,31(Z1):99-105.

Shi PENG, Hao GUO, Tao WANG. G-O vulnerability forecasting model and its improvement based on loss[J]. Telecommunications science, 2015, 31(Z1): 99-105.
彭轼, 郭昊, 王涛. 基于损失量的G-O漏洞预测模型及其改进[J]. 电信科学, 2015,31(Z1):99-105. DOI： 10.11959/j.issn.1000-0801.2015393.

Shi PENG, Hao GUO, Tao WANG. G-O vulnerability forecasting model and its improvement based on loss[J]. Telecommunications science, 2015, 31(Z1): 99-105. DOI： 10.11959/j.issn.1000-0801.2015393.

摘要

摘要：分析了度量漏洞的各个指标，提出了强安全性的数学定义，并使用损失量度量和预测漏洞，解决了软件可信性统一量纲问题。同时，讨论了损失量出现规律和漏洞数量发现规律之间的相似性，确定使用预测软件缺陷的模型来预测损失量。通过借鉴经典的G-O模型，建立了软件损失量的预测模型，即提出了基于损失量的G-O漏洞预测模型，并通过使用实际漏洞库中的数据检验了模型的准确性和实用性。

Abstract

Each index to measure the vulnerability was analyzed.A mathematical definition of strong security was proposed

and the loss measurement and forecasting of vulnerability were used to solve the problem of software dependability uniform dimension.At the same time

loss occurrence law and the number of vulnerabilities found similarities between the law were discussed

to determine whether the use of software defect prediction model to predict the amount of loss.By referring to the classical G-O model

the predictive model of software loss was established

namely model was developed to predict the loss of G-O based vulnerabilities

and the accuracy of the model and the practicability of the test by using the actual data in the vulnerability database.

关键词

Keywords

references

SCHULTZ J E , BROWN D S , LONGSTAFF T A . Responding to computer security incidents [EB/OL ] .( 1990 - 07 - 23 )[ 2015 - 09 - 20 ] . ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz. ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz. .

PFLEEGER C P . Security in computing [M ] . Upper Saddle River : Prentice-Hall , 1997 : 46 - 48 .

SHIN Y , WILLIAMS L . Is complexity really the enemy of software security [C ] // The 4th ACM Workshop on Quality of Protection October 27 - 31 , Alexandria,VA,USA. . New York : ACM Press , 2008 : 47 - 50 .

ANDERSON R . Security in open VeTSUS closed systems-the dance of boltzmann,coase and moore [C ] // The Conference on Open Source Software Economics Jul 9 , 2002 , London,UK . Cambridge : MIT Press , 2002 : 1 - 15 .

MUSA J D , IANNINO A , OKUMOTO K . Software reliability engineering [M ] . New York : McGraw-Hill , 1999 : 193 - 223 .

MUSA J D , OKUMOTO K . A logarithmic Poisson execution time model for software reliability measurement [C ] // The 7th Int'l Conference on Software Engineering Orlando : IEEE Press , 1984 : 230 - 238 .

RESCORLA E . Is fining security holes a good idea [J ] . IEEE Security&Privacy , 2005 , 3 ( 1 ): 14 - 19 .

BECKER S , HASSELBRING W , PAUL A , et al . Trustworthy software systems:a discussion of basic concept and terminology [J ] . ACM Sigsoft Software Engineering Notes , 2006 , 31 ( 6 ): 1 - 18 .

杨光宇，曾东方，罗平 . 考虑短板效应的一种度量模型及其在软件可信性中的应用 [J ] . 计算机应用研究， 2012 ( 1 )： 165 - 167 .

YANG G Y , ZENG D F , LUO P . Metric model considering effect of short board and its application in software trustworthiness [J ] . Application Research of Computers , 2012 ( 1 ): 165 - 167 .

王怀民，刘旭东，郎波，等 . 软件可信分级规范 v2.0 [R/OL ] .[ 2009 - 05 - 30 ] . http://www.doc88.com/p-3008711993507.html http://www.doc88.com/p-3008711993507.html .

WANG H M , LIU X D , LANG B , et al . Research on method of emergency aid decision-making based on CBR [J ] . Software trustworthiness classification specification v2.0 [R/OL ] .[ 2009 - 05 - 30 ] . http://www.doc88.com/p-3008711993507.html http://www.doc88.com/p-3008711993507.html .

王怀民，唐扬斌，尹刚，等 . 互联网软件的可信机理 [J ] . 中国科学E辑， 2006 , 36 ( 10 )： 1156 - 1169 .

WANG H M , TANG Y B , YIN G , et al . he trusted mechanism of Internet software [J ] . Science in China（E） , 2006 , 36 ( 10 ): 1156 - 1169 .

LIU Y Z , ZHANG L , LUO P , et al . Research of trustworthy software system in the network [C ] // The 5th International Symposium on Parallel Architectures,Algorithms and Programming , Dec 17 - 20 , 2012 , Taipei,China . New Jersey : IEEE Press , 2012 : 287 - 294 .

VOAS J . Why is it so hard to predict software system trustworthiness from software component trustworthiness [C ] // The 20th IEEE Symposium on Reliable Distributed Systems , October 28 - 31 , 2001 , New Orleans,Louisiana,USA . New Jersey : IEEE Press , 2001 : 179 - 179 .

MUSA J D . A theory of software reliability and its application [J ] . IEEE Transactions on Software Engineering,Los Alamitos , 1975 , 1 ( 3 ): 312 - 372 .

MUSA J D , OKUMOTO K . A logarithmic Possion excution time model for software reliability measurement [C ] // The 7th International Conference on Software Engineering . [S.l.]:Whippany Bell Laboratories , 1984 : 230 - 238 .

浏览量

315

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于细胞自动机模型电力网络攻击预测技术

IP骨干网流量的自动化预测