Title: Vulnerability discovery modelling: a general framework

Authors: Adarsh Anand; Navneet Bhatt; Omar H. Alhazmi

Addresses: Department of Operational Research, Faculty of Mathematical Sciences, University of Delhi, Room No. 208, 2nd floor, Delhi, 110007, India ' Department of Operational Research, Faculty of Mathematical Sciences, University of Delhi, Room No. 208, 2nd floor, Delhi, 110007, India ' Department of Computer Science, Taibah University, Medina, Saudi Arabia

Abstract: Due to the rising popularity of software-based systems, software engineers are required to continuously monitor the software to have deep insights about the loopholes and keep a close check on the vulnerability discovery process. Over time of each module of the software is tested and identified for loopholes using various vulnerability discovery models (VDMs) that exist. In this paper, based on hazard rate function approach, we have developed a unified framework to capture the behaviour of various vulnerability trends during the discovery process. The utility of the proposed approach helps in identifying and studying different discovery scenarios (various distribution functions) under one canopy. Furthermore, we also discuss a method called normalised criteria distance, which compares different sets of VDMs using a set of comparison criteria in order to rank and select the best model from among VDMs. The proposal has been supplemented with validation done on real life vulnerability discovery data sets.

Keywords: vulnerability; vulnerability discovery models; VDMs; hazard rate; unification approach; security; breaches; ranking method.

DOI: 10.1504/IJICS.2021.117402

International Journal of Information and Computer Security, 2021 Vol.16 No.1/2, pp.192 - 206

Accepted: 30 Dec 2018
Published online: 27 Aug 2021 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article