# Vulnerability Prediction Based on Weighted Software Network for Secure   Software Building

**Authors:** Shengjun Wei, Hao Zhong, Chun Shan, Lin Ye, Xiaojiang Du, Mohsen, Guizani

arXiv: 1902.04844 · 2019-02-14

## TL;DR

This paper introduces a vulnerability prediction model using weighted software networks, leveraging security data from Mozilla Firefox to improve accuracy, precision, and recall in identifying vulnerable modules before testing.

## Contribution

It proposes a novel vulnerability prediction approach based on weighted software networks and implements a crawler for security data collection, enhancing prediction performance.

## Key findings

- High accuracy, precision, and recall in vulnerability prediction
- Improved prediction performance over existing methods
- Effective use of security vulnerability data from Mozilla Firefox

## Abstract

To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.

---
Source: https://tomesphere.com/paper/1902.04844