Title: Vulnerability severity prediction model for software based on Markov chain

Authors: Gul Jabeen; Xi Yang; Ping Luo

Addresses: The Key Laboratory for Information System Security, School of Software, Tsinghua University, Beijing, China; Department of Computer Science, Karakoram International University, Gilgit-Baltistan, Pakistan ' The Key Laboratory for Information System Security, School of Software, Tsinghua University, Beijing, China ' The Key Laboratory for Information System Security, School of Software, Tsinghua University, Beijing, China

Abstract: Software vulnerabilities primarily constitute security risks. Commonalities between faults and vulnerabilities prompt developers to utilise traditional fault prediction models and metrics for vulnerability prediction. Although traditional models can predict the number of vulnerabilities and their occurrence time, they fail to accurately determine the seriousness of vulnerabilities, impacts, and severity level. To address these deficits, we propose a method for predicting software vulnerabilities based on a Markov chain model, which offers a more comprehensive descriptive model with the potential to accurately predict vulnerability type, i.e., the seriousness of the vulnerabilities. The experiments are performed using real vulnerability data of three types of popular software: Windows 10, Adobe Flash Player and Firefox. Our model is shown to produce accurate predictive results.

Keywords: software vulnerability; VL; severity/seriousness; prediction model; software security; Markov chain.

DOI: 10.1504/IJICS.2021.116302

International Journal of Information and Computer Security, 2021 Vol.15 No.2/3, pp.109 - 140

Received: 07 Feb 2017
Accepted: 23 Feb 2018
Published online: 20 Jul 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article