Title | System-wide vulnerability of multi-component software |
Publication Type | Journal Article |
Year of Publication | 2024 |
Authors | Gelenbe E, Nakip M, Siavvas M |
Journal | Computers & Industrial Engineering |
Volume | 196 |
Start Page | 110453 |
Date Published | 10/2024 |
Keywords | Associated Random Neural Network, Cybersecurity, Deep learning, Systems of interconnected software components, Vulnerability Prediction |
Abstract | In software systems comprised of many interconnected components, the vulnerability of each component will affect the vulnerability of other components and of the system as a whole. Existing techniques allow the quantification of the vulnerability of individual components taken singly, but the assessment of their vulnerability when they are interconnected or interdependent remains a challenge. The present work addresses this problem with a novel System-Wide Vulnerability Assessment (SWVA) framework for interconnected software components, based on an Associated Random Neural Network (ARNN) that estimates the system-wide vulnerability of all software components from known local vulnerabilities of individual components, and from their interconnections. The ARNN uses a problem-specific weight initialization, and learns from existing software system examples with a gradient-based deep learning algorithm. The ARNN is then used to assess the vulnerability of hitherto unseen software systems. The performance of the proposed ARNN-based SWVA framework is evaluated and compared against several well-known machine learning techniques on 13 different versions of a real-world software system with up to 11 components. The experimental results show the superior performance of the ARNN achieving above 85% median accuracy and good high scalability with respect to the number of connected software components. |
DOI | 10.1016/j.cie.2024.110453 |