عنوان
پدید آورنده
موضوع
رده
کتابخانه
محل استقرار
شماره کتابشناسی ملی
شماره
TLpq2267899086
زبان اثر
زبان متن نوشتاري يا گفتاري و مانند آن
انگلیسی
عنوان و نام پديدآور
عنوان اصلي
Some Guidelines for Risk Assessment of Vulnerability Discovery Processes
نام عام مواد
[Thesis]
نام نخستين پديدآور
Movahedi, Yazdan
نام ساير پديدآوران
Cukier, Michel
وضعیت نشر و پخش و غیره
نام ناشر، پخش کننده و غيره
University of Maryland, College Park
تاریخ نشرو بخش و غیره
2019
مشخصات ظاهری
نام خاص و کميت اثر
159
یادداشتهای مربوط به پایان نامه ها
جزئيات پايان نامه و نوع درجه آن
Ph.D.
کسي که مدرک را اعطا کرده
University of Maryland, College Park
امتياز متن
2019
یادداشتهای مربوط به خلاصه یا چکیده
متن يادداشت
Software vulnerabilities can be defined as software faults, which can be exploited as results of security attacks. Security researchers have used data from vulnerability databases to study trends of discovery of new vulnerabilities or propose models for fitting the discovery times and for predicting when new vulnerabilities may be discovered. Estimating the discovery times for new vulnerabilities is useful both for vendors as well as the end-users as it can help with resource allocation strategies over time. Among the research conducted on vulnerability modeling, only a few studies have tried to provide a guideline about which model should be used in a given situation. In other words, assuming the vulnerability data for a software is given, the research questions are the following: Is there any feature in the vulnerability data that could be used for identifying the most appropriate models for that dataset? What models are more accurate for vulnerability discovery process modeling? Can the total number of publicly-known exploited vulnerabilities be predicted using all vulnerabilities reported for a given software? To answer these questions, we propose to characterize the vulnerability discovery process using several common software reliability/vulnerability discovery models, also known as Software Reliability Models (SRMs)/Vulnerability Discovery Models (VDMs). We plan to consider different aspects of vulnerability modeling including curve fitting and prediction. Some existing SRMs/VDMs lack accuracy in the prediction phase. To remedy the situation, three strategies are considered: (1) Finding a new approach for analyzing vulnerability data using common models. In other words, we examine the effect of data manipulation techniques (i.e. clustering, grouping) on vulnerability data, and investigate whether it leads to more accurate predictions. (2) Developing a new model that has better curve filling and prediction capabilities than current models. (3) Developing a new method to predict the total number of publicly-known exploited vulnerabilities using all vulnerabilities reported for a given software. The dissertation is intended to contribute to the science of software reliability analysis and presents some guidelines for vulnerability risk assessment that could be integrated as part of security tools, such as Security Information and Event Management (SIEM) systems.
موضوع (اسم عام یاعبارت اسمی عام)
موضوع مستند نشده
Computer engineering
موضوع مستند نشده
Computer science
نام شخص به منزله سر شناسه - (مسئولیت معنوی درجه اول )
مستند نام اشخاص تاييد نشده
Cukier, Michel
مستند نام اشخاص تاييد نشده
Movahedi, Yazdan
دسترسی و محل الکترونیکی
نام الکترونيکي
مطالعه متن کتاب وضعیت انتشار
فرمت انتشار
p
اطلاعات رکورد کتابشناسی
نوع ماده
[Thesis]
کد کاربرگه
276903
اطلاعات دسترسی رکورد
سطح دسترسي
a
تكميل شده
Y
