软件漏洞预测模型有许多种,能预测软件中存在的漏洞总数以及发生的时间间隔,但不能预测软件漏洞的严重程度。然而在某些场合,如软件可信性,我们不仅要考虑软件漏洞发生的总数和时间间隔,而且也要考虑漏洞发生的严重程度对软件可信性的影响。既是在传统的软件安全性研究中,考虑漏洞发生的严重程度的影响,对软件的使用和风险控制也是很重要的。本文基于传统的马尔可夫模型,将软件漏洞按发生的严重程度进行分类,获得了一种新的软件漏洞预测数学模型。利用该模型不仅能够预测软件中存在的漏洞总数和时间间隔,而且同时也能预测每一类的漏洞总数和漏洞种类,试验表明有较好的准确度,这是其它漏洞预测模型所无法预测的。%There are many kinds of software vulnerability prediction models which are capable of predicting the total number and the time interval of occurrence of vulnerabilities in the software .But none of them can predict the severity of software vulnera-bilities .However ,in some cases ,such as software credibility ,we have to consider the total number of software vulnerabilities and time interval as well as the vulnerability severity affecting the trustworthiness of software .Considering the impact of the vulnerabili-ty severity ,the application and risk control of software is also very important in the traditional software security .Based on the tradi-tional Markov model ,we classified the severity of software vulnerabilities occurrence ,proposed a new software vulnerability predic-tion mathematical model .The model can not only predict the total number of software vulnerability and the time interval ,but also the total number vulnerabilities of each class as well as the type of the vulnerabilities .Our tests showed that it has better accuracy , and the type of information that other prediction models can not offer .
展开▼
