Vulnerability Prediction Based on Weighted Software Network for Secure Software Building
Shengjun Wei, Hao Zhong, Chun Shan, Lin Ye, Xiaojiang Du, Mohsen, Guizani

TL;DR
This paper introduces a vulnerability prediction model using weighted software networks, leveraging security data from Mozilla Firefox to improve accuracy, precision, and recall in identifying vulnerable modules before testing.
Contribution
It proposes a novel vulnerability prediction approach based on weighted software networks and implements a crawler for security data collection, enhancing prediction performance.
Findings
High accuracy, precision, and recall in vulnerability prediction
Improved prediction performance over existing methods
Effective use of security vulnerability data from Mozilla Firefox
Abstract
To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Engineering Research · Advanced Malware Detection Techniques · Software Reliability and Analysis Research
