• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Reliability Engineering & System Safety >Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery
【24h】

Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery

机译:使用MCMCBayes进行贝叶斯模型平均以发现Web浏览器漏洞

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Most software vulnerabilities are preventable, but they continue to be present in software releases. When Blackhats, or malicious researchers, discover vulnerabilities, they often release corresponding exploit software and malware. Therefore, customer confidence could be reduced if vulnerabilities-or discoveries of them-are not prevented, mitigated, or addressed. In addressing this, managers must choose which alternatives will provide maximal impact and could use vulnerability discovery modeling techniques to support their decision-making process. Applications of these techniques have used traditional approaches to analysis and, despite the dearth of data, have not included information from experts. This article takes an alternative approach, applying Bayesian methods to modeling the vulnerability-discovery phenomenon. Relevant data was obtained from security experts in structured workshops and from public databases. The open-source framework, MCMCBayes, was developed to automate performing Bayesian model averaging via power-posteriors. It combines predictions of interval-grouped discoveries by performance-weighting results from six variants of the non-homogeneous Poisson process (NHPP), two regression models, and two growth-curve models. The methodology is applicable to software-makers and persons interested in applications of expert-judgment elicitation or in using Bayesian analysis techniques with phenomena having non-decreasing counts over time.
机译:大多数软件漏洞是可以预防的,但它们仍继续存在于软件版本中。当Blackhats或恶意研究人员发现漏洞时,他们通常会发布相应的漏洞利用软件和恶意软件。因此,如果不防止,缓解或解决漏洞或发现漏洞,则可以降低客户的信心。为了解决这个问题,管理者必须选择将提供最大影响的替代方案,并可以使用漏洞发现建模技术来支持其决策过程。这些技术的应用已使用传统方法进行分析,尽管缺乏数据,但并未包括来自专家的信息。本文采用一种替代方法,将贝叶斯方法应用于对漏洞发现现象的建模。相关数据是从结构化研讨会的安全专家和公共数据库中获得的。开源框架MCMCBayes旨在通过后验功率自动执行贝叶斯模型平均。它通过非均质泊松过程(NHPP)的六个变体,两个回归模型和两个增长曲线模型的性能加权结果,结合了对间隔分组发现的预测。该方法适用于软件开发人员和对专家判断启发式应用感兴趣或使用贝叶斯分析技术(其现象随时间计数不变)的人员。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号