Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.3.557

Software Vulnerability Prediction System Using Neural Network  

Choi, Minjun (Sejong University)
Koo, Dongyoung (Hansung University)
Yun, Joobeom (Sejong University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.3, 2019 , pp. 557-564 More about this Journal
Abstract
As the number and type of software increases, those security vulnerabilities are also increasing. Various types of software may have multiple vulnerabilities and those vulnerabilities as they can cause irrecoverable significant damage must be detected and deleted quickly. Various studies have been carried out to detect the vulnerability of the current software, but it is slow, and prediction accuracy is low. Therefore, in this paper, we describe a method to efficiently predict software vulnerability by using neural network algorithm and compare prediction accuracy with conventional system using machine learning algorithm. As a result of the experiment, the prediction system proposed in this paper showed the highest prediction rate.
Keywords
Artificial Intelligence; Neural Network; Machine Learning; Fuzzing; Software Vulnerability;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Yonghee Shin, and Laurie Williams. "Is complexity really the enemy of software security?." Proceedings of the 4th ACM workshop on Quality of protection. ACM, pp. 47-50, Oct. 2008.
2 Young Jun Lee, Sang-Hoon Choi, Chulwoo Kim and Ki-Woong Park. "Learning Binary Code with Deep Learning to Detect Software Weakness." KSII The 9th International Conference on Internet (ICONI) 2017 Symposium, 2017.
3 Grieco, G., Grinblat, G. L., Uzal, L., Rawat, S., Feist, J., and Mounier, L. "Toward large-scale vulnerability discovery using Machine Learning." Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. ACM, pp. 85-96, Mar. 2016.
4 Minjun Choi, Juhwan Kim and Joobeom Yun, "Software Vulnerability Prediction System Using Machine Learning Algorithm." Journal of the Korea Institute of Information Security & Cryptology, 28(3), pp. 635-642, Jun, 2018.   DOI
5 Kang Yoon Lee and Junhewk Kim. "Artificial Intelligence Technology Trends and IBM Watson References in the Medical Field" Korean Medical Education Review, 18(2), pp. 51-57, 2016.   DOI
6 Seonhwa Choi. "Neural Network Model for Prediction of Damage Cost from Storm and Flood" Journal of KIISE, 38(3), pp. 115-123, Mar. 2011
7 Silver, David, et al. "Mastering the game of Go with deep neural networks and tree search", nature, vol. 529, no. 7587, pp. 484-489. 2016   DOI
8 Deawon Kim, et al. "How AlphaGo does Change People's Perception of Introduction of Artificial Intelligence into Intellectual Work?" Cybercommunication Academic Society, 33(4), pp. 107-158, Oct. 2016.
9 Iltaek Kwon and Eul Gyu Im. "Study on Application of Recurrent Neural Network to Extract Malware API Call Pattern", Communications of KIISE, pp. 1081-1083, Jun. 2017.
10 Jae-Hyun Seo, "A Comparative Study on the Classification of the Imbalanced Intrusion Detection Dataset Based on Deep Learning" Journal of KIIS, 28(2), pp. 152-159, Apr. 2018.
11 Euijoong Kim "Introduction to Artificial Intelligence, Machine Learning, Deep Learning with Algorithms." 2016.
12 python-ptrace, "python-ptrace" http://python-ptrace.readthedocs.org, Jul. 2018.
13 zzuf, "zzuf-multi-purpose fuzzer" http://caca.zoy.org/wiki/zzuf, Jul. 2018.
14 Witten, Ian H., et al. "Data Mining: Practical machine learning tools and techniques.", Morgan Kaufmann, 2016.
15 Szymanski, P., & Kajdanowicz, T. "Scikit-multilearn: a scikit-based Python environment for performing multi-label classification." The Journal of Machine Learning Research, 20(1), pp. 209-230, Feb. 2019.
16 Pedregosa, Fabian, et al. "Scikit-learn: Machine learning in Python." Journal of Machine Learning Research, pp. 2825-2830, Oct. 2011.
17 Domingos, Pedro. "A few useful things to know about machine learning." Communications of the ACM, vol. 55, no. 10, pp. 78-87, Oct. 2012.   DOI
18 Muller, Andreas C., and Sarah Guido. "Introduction to machine learning with Python: a guide for data scientists." 2016.
19 Hsu, Chih-Wei, Chih-Chung Chang, and Chih-Jen Lin. "A practical guide to support vector classification.", pp. 1-16, 2003.
20 Batista, Gustavo EAPA, Ronaldo C. Prati, and Maria Carolina Monard. "A study of the behavior of several methods for balancing machine learning training data." ACM Sigkdd Explorations Newsletter, vol. 6, no. 1, pp. 20-29, Jun. 2004.   DOI
21 NIST, "Juliet Test Sutie" https://samate.nist.gov/SRD/testsuite.php, Mar. 2019.
22 King, James C. "Symbolic execution and program testing." Communications of the ACM, vol. 19, no. 7, pp. 385-394, Jul. 1976.   DOI
23 SPRI, "Software Policy & Research Institute" https://www.spri.kr/download/21696, Sep. 2018.
24 AVECTO, "Microsoft Vulnerabilities Report 2017" https://www.avecto.com/resources/reports/microsoft-vulnerabilities-report-2017, Sep. 2018.
25 Miller, Barton P., Louis Fredriksen, and Bryan So. "An empirical study of the reliability of UNIX utilities." Communications of the ACM, vol. 33, no. 12, pp. 32-44, Dec. 1990.   DOI
26 S. Neuhaus, T. Zimmermann, C. Holler, and A. Zeller. "Predicting vulnerable software components." ACM, pp. 529-540, Oct. 2007.
27 Yonghee Shin, and Laurie Williams. "An empirical model to predict security vulnerabilities using code complexity metrics." Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement. ACM, pp. 315-317. Oct. 2008.
28 Nguyen, Viet Hung, and Le Minh Sang Tran. "Predicting vulnerable software components with dependency graphs." Proceedings of the 6th International Workshop on Security Measurements and Metrics. ACM, pp. 3:1-3:8. Sep. 2010.