System-wide vulnerability of multi-component software

TitleSystem-wide vulnerability of multi-component software
Publication TypeJournal Article
Year of Publication2024
AuthorsGelenbe E, Nakip M, Siavvas M
JournalComputers & Industrial Engineering
Volume196
Start Page110453
Date Published10/2024
KeywordsAssociated Random Neural Network, Cybersecurity, Deep learning, Systems of interconnected software components, Vulnerability Prediction
Abstract

In software systems comprised of many interconnected components, the vulnerability of each component will affect the vulnerability of other components and of the system as a whole. Existing techniques allow the quantification of the vulnerability of individual components taken singly, but the assessment of their vulnerability when they are interconnected or interdependent remains a challenge. The present work addresses this problem with a novel System-Wide Vulnerability Assessment (SWVA) framework for interconnected software components, based on an Associated Random Neural Network (ARNN) that estimates the system-wide vulnerability of all software components from known local vulnerabilities of individual components, and from their interconnections. The ARNN uses a problem-specific weight initialization, and learns from existing software system examples with a gradient-based deep learning algorithm. The ARNN is then used to assess the vulnerability of hitherto unseen software systems. The performance of the proposed ARNN-based SWVA framework is evaluated and compared against several well-known machine learning techniques on 13 different versions of a real-world software system with up to 11 components. The experimental results show the superior performance of the ARNN achieving above 85% median accuracy and good high scalability with respect to the number of connected software components.

DOI10.1016/j.cie.2024.110453

Historia zmian

Data aktualizacji: 21/08/2024 - 12:13; autor zmian: Mert Nakip (mnakip@iitis.pl)