| The software system will always be accompanied by the emergence of vulnerabilities in its life cycle,and the annual losses caused by software system vulnerabilities are in the hundreds of billions of yuan.This kind of situation along with the software system consummation and the function complication is more and more severe.The traditional method of dealing with vulnerabilities after they appear is too passive,while some vulnerability detection and code testing methods divide the software system into modules.Although most of the vulnerabilities can be found,it usually takes a lot of manpower and material resources.In recent years,researchers have turned their attention to vulnerability prediction to guide vulnerability detection and software system testing.Therefore,this paper makes an in-depth analysis and comparison of the existing vulnerability prediction technology,and proposes an effective system vulnerability discovery prediction model.At the same time,some common vulnerability prediction models based on machine learning are studied and compared.Specifically,this paper mainly carried out the following research work:?1?Aiming at the problem of effective discovery and prediction of system vulnerability,a new model of system vulnerability discovery and prediction based on growth curve is proposed.Firstly,the law of vulnerability discovery is analyzed,and the concept of growth curve is introduced to determine the stage characteristics of vulnerability discovery growth;Secondly,on the basis of the expression of growth theory,the relationship between the process of system vulnerability discovery and time is described,and the prediction process of system vulnerability discovery is proposed,And the improved PMGTV model;Finally,the effectiveness of the model is compared with other models,PMGTV well fits the vulnerability growth process of winxp,winserver2003,macosserver and ubuntulinux.The model is superior to other models in terms of the square sum of SSE residuals and?2values,and is closest to the real value in prediction accuracy.The results show that this model is more accurate in predicting the discovery of system vulnerabilities and provides a reliable basis for adopting effective security strategy and improving software quality.?2?In order to predict the vulnerability tendency of software system modules,a vulnerability prediction method based on gaussian process machine learning is proposed..Firstly,feature selection and standardized processing were carried out on the data of NASA vulnerability samples,and then the gaussian process machine learning model was verified,and compared with the commonly used machine learning classification prediction models such as naive bayes,support vector machine and Logistic regression.Experimental results show that the model has obvious prediction effect and advantages.The vulnerability discovery model and vulnerability propensity prediction model proposed in this paper are of great significance for software system evaluation and software quality improvement.The vulnerability propensity prediction model is also of great help in guiding the work of test personnel,reducing test cost and rationally using test resources. |
PDF Full Text Request