Language:
English
繁體中文
Help
Login
Back
Switch To:
Labeled
|
MARC Mode
|
ISBD
Some Guidelines for Risk Assessment ...
~
University of Maryland, College Park.
Some Guidelines for Risk Assessment of Vulnerability Discovery Processes.
Record Type:
Language materials, printed : Monograph/item
Title/Author:
Some Guidelines for Risk Assessment of Vulnerability Discovery Processes./
Author:
Movahedi, Yazdan.
Published:
Ann Arbor : ProQuest Dissertations & Theses, : 2019,
Description:
159 p.
Notes:
Source: Dissertations Abstracts International, Volume: 81-02, Section: B.
Contained By:
Dissertations Abstracts International81-02B.
Subject:
Computer science. -
Online resource:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=13858970
ISBN:
9781085558631
Some Guidelines for Risk Assessment of Vulnerability Discovery Processes.
Movahedi, Yazdan.
Some Guidelines for Risk Assessment of Vulnerability Discovery Processes.
- Ann Arbor : ProQuest Dissertations & Theses, 2019 - 159 p.
Source: Dissertations Abstracts International, Volume: 81-02, Section: B.
Thesis (Ph.D.)--University of Maryland, College Park, 2019.
This item must not be sold to any third party vendors.
Software vulnerabilities can be defined as software faults, which can be exploited as results of security attacks. Security researchers have used data from vulnerability databases to study trends of discovery of new vulnerabilities or propose models for fitting the discovery times and for predicting when new vulnerabilities may be discovered. Estimating the discovery times for new vulnerabilities is useful both for vendors as well as the end-users as it can help with resource allocation strategies over time. Among the research conducted on vulnerability modeling, only a few studies have tried to provide a guideline about which model should be used in a given situation. In other words, assuming the vulnerability data for a software is given, the research questions are the following: Is there any feature in the vulnerability data that could be used for identifying the most appropriate models for that dataset? What models are more accurate for vulnerability discovery process modeling? Can the total number of publicly-known exploited vulnerabilities be predicted using all vulnerabilities reported for a given software?To answer these questions, we propose to characterize the vulnerability discovery process using several common software reliability/vulnerability discovery models, also known as Software Reliability Models (SRMs)/Vulnerability Discovery Models (VDMs). We plan to consider different aspects of vulnerability modeling including curve fitting and prediction.Some existing SRMs/VDMs lack accuracy in the prediction phase. To remedy the situation, three strategies are considered: (1) Finding a new approach for analyzing vulnerability data using common models. In other words, we examine the effect of data manipulation techniques (i.e. clustering, grouping) on vulnerability data, and investigate whether it leads to more accurate predictions. (2) Developing a new model that has better curve filling and prediction capabilities than current models. (3) Developing a new method to predict the total number of publicly-known exploited vulnerabilities using all vulnerabilities reported for a given software.The dissertation is intended to contribute to the science of software reliability analysis and presents some guidelines for vulnerability risk assessment that could be integrated as part of security tools, such as Security Information and Event Management (SIEM) systems.
ISBN: 9781085558631Subjects--Topical Terms:
573171
Computer science.
Subjects--Index Terms:
Exploited Vulnerabilities
Some Guidelines for Risk Assessment of Vulnerability Discovery Processes.
LDR
:03619nam a2200373 4500
001
951834
005
20200821052205.5
008
200914s2019 ||||||||||||||||| ||eng d
020
$a
9781085558631
035
$a
(MiAaPQ)AAI13858970
035
$a
AAI13858970
040
$a
MiAaPQ
$c
MiAaPQ
100
1
$a
Movahedi, Yazdan.
$3
1241321
245
1 0
$a
Some Guidelines for Risk Assessment of Vulnerability Discovery Processes.
260
1
$a
Ann Arbor :
$b
ProQuest Dissertations & Theses,
$c
2019
300
$a
159 p.
500
$a
Source: Dissertations Abstracts International, Volume: 81-02, Section: B.
500
$a
Advisor: Cukier, Michel.
502
$a
Thesis (Ph.D.)--University of Maryland, College Park, 2019.
506
$a
This item must not be sold to any third party vendors.
520
$a
Software vulnerabilities can be defined as software faults, which can be exploited as results of security attacks. Security researchers have used data from vulnerability databases to study trends of discovery of new vulnerabilities or propose models for fitting the discovery times and for predicting when new vulnerabilities may be discovered. Estimating the discovery times for new vulnerabilities is useful both for vendors as well as the end-users as it can help with resource allocation strategies over time. Among the research conducted on vulnerability modeling, only a few studies have tried to provide a guideline about which model should be used in a given situation. In other words, assuming the vulnerability data for a software is given, the research questions are the following: Is there any feature in the vulnerability data that could be used for identifying the most appropriate models for that dataset? What models are more accurate for vulnerability discovery process modeling? Can the total number of publicly-known exploited vulnerabilities be predicted using all vulnerabilities reported for a given software?To answer these questions, we propose to characterize the vulnerability discovery process using several common software reliability/vulnerability discovery models, also known as Software Reliability Models (SRMs)/Vulnerability Discovery Models (VDMs). We plan to consider different aspects of vulnerability modeling including curve fitting and prediction.Some existing SRMs/VDMs lack accuracy in the prediction phase. To remedy the situation, three strategies are considered: (1) Finding a new approach for analyzing vulnerability data using common models. In other words, we examine the effect of data manipulation techniques (i.e. clustering, grouping) on vulnerability data, and investigate whether it leads to more accurate predictions. (2) Developing a new model that has better curve filling and prediction capabilities than current models. (3) Developing a new method to predict the total number of publicly-known exploited vulnerabilities using all vulnerabilities reported for a given software.The dissertation is intended to contribute to the science of software reliability analysis and presents some guidelines for vulnerability risk assessment that could be integrated as part of security tools, such as Security Information and Event Management (SIEM) systems.
590
$a
School code: 0117.
650
4
$a
Computer science.
$3
573171
650
4
$a
Computer engineering.
$3
569006
653
$a
Exploited Vulnerabilities
653
$a
Guideline
653
$a
Risk Assessment
653
$a
Software Vulnerabilities
653
$a
Vulnerability Analysis
653
$a
Vulnerability Discovery Models
690
$a
0984
690
$a
0464
710
2
$a
University of Maryland, College Park.
$b
Reliability Engineering.
$3
1241322
773
0
$t
Dissertations Abstracts International
$g
81-02B.
790
$a
0117
791
$a
Ph.D.
792
$a
2019
793
$a
English
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=13858970
based on 0 review(s)
Multimedia
Reviews
Add a review
and share your thoughts with other readers
Export
pickup library
Processing
...
Change password
Login