An integrated software vulnerability discovery model based on artificial neural network

Abstract

Quantitative approaches for software security are needed for effective testing, maintenance and risk assessment of software systems. Vulnerabilities that are present in a software system after its release represent a great risk. Vulnerability discovery models (VDMs) have been proposed to model vulnerability discovery and have has been fined to vulnerability data against calendar time. Though, these models have various shortcomings include changes and development of VDMs for different dataset due to diverse approaches and assumptions in their analytical formulation. There is a clear need for an intensive investigation on these models to enhance predictive accuracy of existing VDMs and adopt the actual behavior of software vulnerabilities which were not modeled previously. This study proposed an integrated model to predict a number of software vulnerabilities by hybridizing the Multi-Layer Perceptron (MLP) artifical neural network and Vulnerability Discovery Models. The proposed model is also widely applicable across various vulnerability datasets and models due to its input diversity by providing improved fitting and predictive accuracy. Further, the experimental results show that this model not only retained the properties of traditional parametric VDM models as well as MLP's good nonlinear mapping ability and useful generalization.