utilized the long short-term memory network in order to predict the crude oil price. ĭeep learning (DL) has emerged as a promising solution for time series forecasting, as well. conducted a comparative analysis evaluating different statistical models with various ML models such as Support Vector Machines and Bagging. Machine Learning (ML) models have been considered as well. Statistical models such as Autoregressive Integrated Moving Average (ARIMA), Croston’s method, logistic regression, and exponential smoothing models have attracted the interest of the researchers in the field. The majority of these algorithms are time series models that keep track of all the vulnerabilities in terms of calendar time and interpret that time as an independent variable. These studies utilize either statistical or machine learning algorithms in order to estimate the expected number of vulnerabilities based on the vulnerabilities that have been already reported (e.g., in the National Vulnerability Database ). Studies that propose mechanisms to model the evolution of the number of vulnerabilities in time aim not to detect vulnerabilities, but to forecast the number of vulnerabilities that are likely to be identified in the future. For this purpose, there is a need for forecasting models that can predict the trend and the number of vulnerabilities that are expected to be discovered in a specific time horizon for a given software project. In general, the two model categories produced similar forecasts for the number of vulnerabilities expected in the future, without significant diversities.Īn indication of the expected number of vulnerabilities and the trends of their occurrences can be a very useful tool for decision makers, enabling them to prioritize their valuable time and limited resources for testing an existing software project and patching its reported vulnerabilities. However, the difference in their performance was not found to be statistically significant. In some cases, statistical models provided better accuracy, whereas in other cases, Deep Learning models demonstrated better predictive power. In contrast to related literature, the results indicate that the capacity of Deep Learning and statistical models in forecasting the evolution of software vulnerabilities, as well as the selection of the best-performing model, depends on the respective software project. Both statistical and deep learning models are developed and compared based on security data coming from five popular software projects. In this paper, the evolution of vulnerabilities in a horizon of up to 24 months ahead is predicted using a univariate time series forecasting approach. Besides the studies that examine software attributes in order to predict the existence of vulnerabilities in software components, there are also studies that attempt to predict the future number of vulnerabilities based on the already reported vulnerabilities of a project. Therefore, the development of mechanisms capable of identifying and discovering software vulnerabilities has recently attracted the interest of the research community. The vulnerabilities that reside in their source code could become a major weakness for enterprises that build or utilize these products, as their exploitation could lead to devastating financial consequences. Software security is a critical aspect of modern software products.
0 Comments
Leave a Reply. |