City Research Online - Cluster-based Vulnerability Assessment of Operating Systems and Web Browsers

Cluster-based Vulnerability Assessment of Operating Systems and Web Browsers

Movahedi, Y., Cukier, M., Andongabo, A. & Gashi, I. ORCID: 0000-0002-8017-3184 (2019). Cluster-based Vulnerability Assessment of Operating Systems and Web Browsers. Computing, 101(2), pp. 139-160. doi: 10.1007/s00607-018-0663-0

Abstract

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) and web browsers they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs (Windows, Mac, IOS, and Linux) and four web browsers (Internet Explorer, Safari, Firefox, and Chrome). Out of the total eight OSs and web browsers we analyzed using a power-law model issued from a family of SRMs, the model was statistically adequate for modeling in six cases. For these cases, in terms of estimation and forecasting capability, our results, compared to a power-law model without clustering, are more accurate in all cases but one.

Publication Type:	Article
Additional Information:	© The Author(s) 2019. This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
Publisher Keywords:	Vulnerability assessment, Nonhomogeneous Poisson process, Clustering, Software reliability models, Software reliability growth, Security growth models
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software
Departments:	School of Science & Technology > Computer Science
SWORD Depositor:	Symplectic Administrator

[thumbnail of VoR Cluster-based vulnerability assessment of operating systems and web browsers.pdf]

Preview

Text - Published Version
Available under License Creative Commons Attribution.
Download (1MB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Metadata

Altmetric

CORE (COnnecting REpositories)

Actions (login required)

Admin Login

Creators:	Movahedi, Y. Cukier, M. Andongabo, A. Gashi, I. ORCID: 0000-0002-8017-3184
Status:	Published
Refereed:	Yes
Journal or Publication Title:	Computing
Publisher:	Springer Science and Business Media LLC
ISSN:	0010-485X
e-ISSN:	1436-5057
URI:	https://openaccess.city.ac.uk/id/eprint/20519
Date available in CRO:	24 Sep 2018 08:13
Date deposited:	24 September 2018
Dates:	Date Event 15 September 2018 Accepted 25 September 2018 Published Online 12 February 2019 Published