VULNERLIZER: Cross-analysis Between Vulnerabilities and Software Libraries
| dc.contributor.author | Pekaric, Irdin | |
| dc.contributor.author | Felderer, Michael | |
| dc.contributor.author | Steinmüller, Philipp | |
| dc.date.accessioned | 2020-12-24T20:27:47Z | |
| dc.date.available | 2020-12-24T20:27:47Z | |
| dc.date.issued | 2021-01-05 | |
| dc.description.abstract | The identification of vulnerabilities is a continuous challenge in software projects. This is due to the evolution of methods that attackers employ as well as the constant updates to the software, which reveal additional issues. As a result, new and innovative approaches for the identification of vulnerable software are needed. In this paper, we present VULNERLIZER, which is a novel framework for cross-analysis between vulnerabilities and software libraries. It uses CVE and software library data together with clustering algorithms to generate links between vulnerabilities and libraries. In addition, the training of the model is conducted in order to reevaluate the generated associations. This is achieved by updating the assigned weights. Finally, the approach is then evaluated by making the predictions using the CVE data from the test set. The results show that the VULNERLIZER has a great potential in being able to predict future vulnerable libraries based on an initial input CVE entry or a software library. The trained model reaches a prediction accuracy of 75% or higher. | |
| dc.format.extent | 10 pages | |
| dc.identifier.doi | 10.24251/HICSS.2021.843 | |
| dc.identifier.isbn | 978-0-9981331-4-0 | |
| dc.identifier.uri | http://hdl.handle.net/10125/71464 | |
| dc.language.iso | English | |
| dc.relation.ispartof | Proceedings of the 54th Hawaii International Conference on System Sciences | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | Cybersecurity and Software Assurance | |
| dc.subject | data mining | |
| dc.subject | software library analysis | |
| dc.subject | software security | |
| dc.subject | software vulnerability prediction | |
| dc.subject | vulnerability analysis | |
| dc.title | VULNERLIZER: Cross-analysis Between Vulnerabilities and Software Libraries | |
| prism.startingpage | 7015 |
Files
Original bundle
1 - 1 of 1