Visible to the public Vulnerability Discovery Modelling With Vulnerability Severity

TitleVulnerability Discovery Modelling With Vulnerability Severity
Publication TypeConference Paper
Year of Publication2019
AuthorsShukla, Ankur, Katt, Basel, Nweke, Livinus Obiora
Conference Name2019 IEEE Conference on Information and Communication Technology
KeywordsAnalytical models, browser security, Browsers, composability, compositionality, Data models, Human Behavior, Mathematical model, Metrics, online front-ends, predictive capability, Predictive models, pubcrawl, resilience, risk analysis, security, security of data, severity, Software, software fault tolerance, software vulnerabilities, vulnerabilities, vulnerability data, Vulnerability discovery model, vulnerability discovery modelling, vulnerability discovery models highlight, vulnerability discovery process, vulnerability discovery rate, vulnerability severity, Web browser
AbstractWeb browsers are primary targets of attacks because of their extensive uses and the fact that they interact with sensitive data. Vulnerabilities present in a web browser can pose serious risk to millions of users. Thus, it is pertinent to address these vulnerabilities to provide adequate protection for personally identifiable information. Research done in the past has showed that few vulnerability discovery models (VDMs) highlight the characterization of vulnerability discovery process. In these models, severity which is one of the most crucial properties has not been considered. Vulnerabilities can be categorized into different levels based on their severity. The discovery process of each kind of vulnerabilities is different from the other. Hence, it is essential to incorporate the severity of the vulnerabilities during the modelling of the vulnerability discovery process. This paper proposes a model to assess the vulnerabilities present in the software quantitatively with consideration for the severity of the vulnerabilities. It is possible to apply the proposed model to approximate the number of vulnerabilities along with vulnerability discovery rate, future occurrence of vulnerabilities, risk analysis, etc. Vulnerability data obtained from one of the major web browsers (Google Chrome) is deployed to examine goodness-of-fit and predictive capability of the proposed model. Experimental results justify the fact that the model proposed herein can estimate the required information better than the existing VDMs.
Citation Keyshukla_vulnerability_2019