Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Vulnerability Prediction Models: A case study on the Linux Kernel
Jimenez, Matthieu; Papadakis, Mike; Le Traon, Yves
2016In 16th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2016, Raleigh, US, October 2-3, 2016
Peer reviewed
 

Files


Full Text
Jimenez_VPMLinuxKernel.pdf
Author preprint (448.8 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Vulnerability Prediction Model; Replication; Linux Kernel
Abstract :
[en] To assist the vulnerability identification process, researchers proposed prediction models that highlight (for inspection) the most likely to be vulnerable parts of a system. In this paper we aim at making a reliable replication and comparison of the main vulnerability prediction models. Thus, we seek for determining their effectiveness, i.e., their ability to distinguish between vulnerable and non-vulnerable components, in the context of the Linux Kernel, under different scenarios. To achieve the above-mentioned aims, we mined vulnerabilities reported in the National Vulnerability Database and created a large dataset with all vulnerable components of Linux from 2005 to 2016. Based on this, we then built and evaluated the prediction models. We observe that an approach based on the header files included and on function calls performs best when aiming at future vulnerabilities, while text mining is the best technique when aiming at random instances. We also found that models based on code metrics perform poorly. We show that in the context of the Linux kernel, vulnerability prediction models can be superior to random selection and relatively precise. Thus, we conclude that practitioners have a valuable tool for prioritizing their security inspection efforts.
Research center :
ULHPC - University of Luxembourg: High Performance Computing
Disciplines :
Computer science
Author, co-author :
Jimenez, Matthieu  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Papadakis, Mike ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Le Traon, Yves ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
no
Language :
English
Title :
Vulnerability Prediction Models: A case study on the Linux Kernel
Publication date :
October 2016
Event name :
16th IEEE International Working Conference on Source Code Analysis and Manipulation
Event date :
from 02-10-2016 to 03-10-2016
Audience :
International
Main work title :
16th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2016, Raleigh, US, October 2-3, 2016
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 26 August 2016

Statistics


Number of views
381 (29 by Unilu)
Number of downloads
1462 (20 by Unilu)

Scopus citations®
 
31
Scopus citations®
without self-citations
28

Bibliography


Similar publications



Contact ORBilu