Fig 3 - uploaded by Omar Alhazmi
Content may be subject to copyright.
Source publication
A number of security vulnerabilities have been reported in the Windows, and Linux operating systems. Both the developers, and users of operating systems have to utilize significant resources to evaluate, and mitigate the risk posed by these vulnerabilities. Vulnerabilities are discovered throughout the life of a software system by both the develope...
Context in source publication
Context 1
... cumulative vulnerability discovery model can be derived by integrating (5) to get (6) Here, the integration constant is taken to be zero to allow to be zero at . In this model, as t grows, grows quadratically, thus it is called the Rescorla Quadratic model. Fig. 3 shows a hypothetical plot of the RQ model for different values of , and ...
Citations
... In addition to functionality, security must be ensured for the underlying hardware and software. Lifespan of an operating system (OS) increases the likelihood to find existing vulnerabilities, as evidenced by numerous reported vulnerabilities that can potentially cause substantial risks [10,11]. On the other hand, there is more time to develop patches or better OS versions that are distributed without these vulnerabilities. ...
Despite the increase in scientific publications in the field of integrative medicine over the past decades, a valid overview of published evidence remains challenging to get. The online literature database CAMbase (available at https://cambase.de ) is one of the established databases designed to provide such an overview. In 2020, the database was migrated from a 32-bit to a 64-bit operating system, which resulted in unexpected, technical issues and forced the replacement of the semantic search algorithm with Solr , an open-source platform that uses a score ranking algorithm. Although semantic search was replaced, the goal was to create a literature database that is essentially no different from the legacy system. Therefore, a before-after analysis was conducted to compare first the number of retrieved documents and then their titles, while the titles were syntactically compared using two Sentence-Bidirectional Encoder Representations from Transformers (SBERT) models. Analysis with a paired t-test revealed no significant overall differences between the legacy system and the final system in the number of documents ( t =− 1.41 , d f = 35 , p = 0.17 ), but an increase in performance ( t = 4.13 , d f = 35 , p < 0.01 ). Analysis with a t-test for independent samples of the values from the models also revealed a high degree of consistency between the retrieved documents. The results show that an equivalent search can be provided by using Solr , while improving the performance, making this technical report a viable blueprint for projects with similar contexts.
... Despite being root, both Debian and Fedora are popular Linux distributions by themselves, according to the well-known distrowatch.com portal and considered amongst the most popular end-user Linux distributions, 3 and best multi-purpose Linux distributions. 4 Prior work leveraged Debian's and Fedora's data on studying security vulnerabilities, such as training vulnerability detection models Harer et al. 2018), building vulnerability discovery tools (Alhazmi and Malaiya 2008), security vulnerability assessment (Ristov et al. 2013) and studying the impact of vulnerabilities (Yilek et al. 2009). ...
Vulnerabilities in software systems not only lead to loss of revenue, but also to loss of reputation and trust. To avoid this, software providers strive to remedy vulnerabilities rapidly for their customers. However, in open-source development, the providers do not always control the distribution of their software themselves, but instead typically rely on Linux distributions to integrate and distribute upstream projects to millions of end users, which increases the difficulty of vulnerability management. In addition, an upstream project is usually packaged into several Linux distributions so that a vulnerability can propagate across multiple distributions via the upstream project. In this work, we empirically investigate a large number of vulnerabilities registered with the Common Vulnerabilities and Exposures (CVE) program in two popular Linux distributions, i.e., Debian (21,752 CVE-IDs) and Fedora (17,434 CVE-IDs), to study the practices of vulnerability management in such ecosystems. We investigate the lifecycle of fixing vulnerabilities, analyze how fast it takes for a vulnerability to go through each phase of its lifecycle, characterize the commonly occurring vulnerabilities that affect both distributions, and identify the practices that developers use to fix vulnerabilities. Our results suggest that the vulnerability testing period (i.e., the period from when the vulnerability fix is committed for testing to when the vulnerability fix is released) accounts for the largest number of days (median of 15 days) in Fedora. 74% (i.e., 16,070) and 92% (i.e., 16,070) of the vulnerabilities in Debian and Fedora, respectively, occur in both Linux distributions, which we refer to as common security vulnerabilities (CSVs). This result is impacted by the package selection and customization of the distributions. Finally, on a representative sample of 345 fixed CSVs, we find that upstream projects were responsible for fixing 303 (85%) and 267 (76%) out of the 345 CSVs in Debian and Fedora, respectively, with distribution maintainers integrating those fixes. Our work aims to gain a deeper understanding of the current practices in the vulnerability management of Linux distributions, and propose suggestions to distribution maintainers for better mitigation of the risks of vulnerabilities.
... However, this model was not sufficiently successful at detecting the weaknesses in various software. In later years, Alhazmi et al. conducted many studies on both times-and effort-based models Alhazmi and Malaiya, 2005a;2005b;Alhazmi et al., 2007;Alhazmi and Malaiya, 2008). A statistical density-based model was developed by Rescorla (Rescorla, 2005). ...
A software security vulnerability is a mistake or violation of the security policy that occurs during the creation or development of the software. A vulnerability discovery model is a structure enabling the prediction of software security vulnerabilities that might occur after the software is released. In a more general sense, modeling is the method that allows us to analyze a phenomenon in detail and make accurate predictions for the future. The model must be able to explain the target environment in the best way possible and make the best predictions possible. Recently, there have been many studies on the subject of modeling security vulnerabilities. Most of these studies are concerned with desktop operating systems and internet browsers. Although there are studies based on the most popular mobile operating system, Android, there has never been a study that investigates different statistical distributions to find the most suitable one. The most popular model for vulnerability prediction is the Alhazmi-Malaiya Logistic (AML) model. This model has been observed to achieve better performance than other models in modeling security vulnerabilities. The AML model is similar to a logistic distribution, which has a symmetrical structure. In this study, certain aspects of Android security vulnerabilities were investigated using some symmetric and asymmetric distributions that are close to the AML distribution. The data used in this study was obtained from the National Vulnerability Database (NVD) by filtering Android vulnerabilities from 2016 to 2018, a time interval in which monthly information was continuously available. Furthermore, with the 0 to 10 scoring data obtained from the Common Vulnerability Scoring System (CVSS), the average monthly impact values of vulnerabilities have also been modeled. Logistic, Weibull, Normal, Nakagami, Gamma, and Log-logistic distributions were used to model the average monthly impact values of vulnerabilities, and the Logistic, Weibull, Nakagami, Gamma, and Log-logistic distributions were used to model the monthly vulnerability count. From the goodness-of-fit tests, which are methods to establish how well sample data matches the expected distribution values, Kolmogorov-Smirnov, Anderson-Darling, and Cramer-von Mises tests were applied. Akaike and Bayesian Information Criteria and Log-likelihood were used to see how robust the models were. As a result, the average monthly impact value and the monthly vulnerability count were observed to be best modeled by the Logistic and Nakagami distributions, respectively. Vulnerability detection models help us forecast software vulnerabilities and enable the necessary precautions to be taken, such as planning the generation of a patch. With suitable distributions, it has been shown that Android vulnerabilities can be modeled and forecasts can be made.
... So far, several VDMs have been proposed. Alhazmi-Malaiya Logistic (AML) model [23], which was originally proposed and validated for operating systems, is one of the most well-known quantitative vulnerability discovery models. Joh and Malaiya [24] compares AML with other S-shaped VDMs based on the skewness for analyzed datasets. ...
... Among the time-based VDMs, Alhazmi-Malaiya Logistic (AML) model [23], which was initially intended and proven for computer operating systems, is one of the wellrecognized software vulnerability discovery models. Fig. 2 describes the S-shaped AML model representing the relationship between the software age (time) and the number of cumulative vulnerabilities found. ...
... Systems built on Docker container technology introduce the homogeneity brought by using the same base image, which leads to a large number of shared vulnerabilities being introduced into the system [6,13]. erefore, the system will be vulnerable to multi-step attacks [14,15] that exploit the same vulnerability in multiple microservices. Diversity is considered as the most effective means of mitigating the shared vulnerability problem. ...
... Diversity is reflected in two main aspects: the deployment node diversity and the version diversity. In order to measure the richness of diversity, this paper refers to the relevant work [6,14]. According to the measure of biodiversity, a measure of systematic diversity is proposed using the Shannon formula. ...
... Load balance degree E LB and diversity degree E D both play an important role in solving the problems discussed in this paper; i.e., load balancing and diversity can be considered as two important means of solving the problems raised and enhancing system resilience in this paper, so this paper combines these two factors into one resilience indicator E, as shown in formula (14). ...
The microservice architecture has many advantages, such as technology heterogeneity, isolation, scalability, simple deployment, and convenient optimization. These advantages are important as we can use diversity and redundancy to improve the resilience of software system. It is necessary to study the method of improving the resilience of software system by diversity implementation and redundant deployment of software core components based on microservice framework. How to optimize the diversity deployment of microservices is a key problem to maximize system resilience and make full use of resources. To solve this problem, an efficient microservice diversity deployment mechanism is proposed in this paper. Firstly, we creatively defined a load balancing indicator and a diversity indicator. Based on this, a diversified microservices deployment model is established to maximize the resilience and the resource utilization of the system. Secondly, combined with load balancing, a microservice deployment algorithm based on load balance and diversity is proposed, which reduces the service’s dependence on the underlying mirror by enriching diversity and avoids the overreliance of microservices on a single node through decentralized deployment, while taking into account load balancing. Finally, we conduct experiments to evaluate the performance of the proposed algorithm. The results demonstrate that the proposed algorithm outperforms other algorithms.
... Many vulnerability discovery models have been proposed by researchers which have contributed to vulnerability management literature. These models validated the vulnerability data based on their discovery timeline and then can be used to predict the future vulnerabilities to be discovered [9][10][11][12][13][14][15][16][17][18]. ...
... Moreover, most of the research related to the software vulnerabilities has been performed in a qualitative approach, and they have focused on detecting or preventing a specific vulnerability. Since entering the 2000s, security researchers started to examine major software products, such as operating systems, Web browsers and servers in a quantitative manner [5,6]. That is because, in the early days of the software era, there were not enough vulnerability datasets, so it is hard to study in a quantitative manner. ...
... In this section, the vulnerability datasets from the three design software systems are applied into the Alhazmi-Malaiya Logistic (AML) vulnerability discovery model [5] to observe the vulnerability discovery patterns in the systems. Although AML is originally proposed for the operating systems, the model performs very well with other types of software too [6]. ...
... There has always been a trend in various scientific sectors to use statistical forecasting [3,4] (in addition to other mathematical methods) to extract valuable information from the available underlying data samples [5,6]. The security domain seems to have adopted this trait of thought to a certain extent regarding vulnerability data analysis since this method can reveal many hidden patterns in the underlying data [7]. ...
... A significant body of scientific literature, both of qualitative [24] and of quantitative nature [5,13,[25][26][27][28], has been produced so far addressing issues of vulnerability forecasting for major operating systems. The aforementioned literature can be classified into two broad categories: (a) statistical-based approaches, in which future vulnerabilities may be found by analysing historically reported vulnerabilities of operating systems and (b) code-specific approaches, in which the predictive capacity of the proposed vulnerability forecasting models rely on the characteristics and attributes of the potentially vulnerable software, its development process, or its source code. ...
Cybersecurity is a never-ending battle against attackers, who try to identify and exploit misconfigurations and software vulnerabilities before being patched. In this ongoing conflict, it is important to analyse the properties of the vulnerability time series to understand when information systems are more vulnerable. We study computer systems’ software vulnerabilities and probe the relevant National Vulnerability Database (NVD) time-series properties. More specifically, we show through an extensive experimental study based on the National Institute of Standards and Technology (NIST) database that the relevant systems software time series present significant chaotic properties. Moreover, by defining some systems based on open and closed source software, we compare their chaotic properties resulting in statistical conclusions. The contribution of this novel study is focused on the prepossessing stage of vulnerabilities time series forecasting. The strong evidence of their chaotic properties as derived by this research effort could lead to a deeper analysis to provide additional tools to their forecasting process.
... Anderson proposed the Anderson Thermodynamic (AT) time-based vulnerability discovery which is considered as a pioneer in such research [16]. Alhazmi and Malaiya proposed a time-based application of software reliability growth modelling (SRGM) in predicting the number of vulnerabilities, and later have also proposed another logistic regression model for Windows 98 and NT 4.0 in predicting the number of undiscovered vulnerabilities [17]. Rescola proposed two time-based trend models, namely the linear model (RL) and the exponential model (RE) to estimate future vulnerabilities [18]. ...
Cyber-attacks are launched through the exploitation of some existing vulnerabilities in the software, hardware, system and/or network. Machine learning algorithms can be used to forecast the number of post release vulnerabilities. Traditional neural networks work like a black box approach; hence it is unclear how reasoning is used in utilizing past data points in inferring the subsequent data points. However, the long short-term memory network (LSTM), a variant of the recurrent neural network, is able to address this limitation by introducing a lot of loops in its network to retain and utilize past data points for future calculations. Moving on from the previous finding, we further enhance the results to predict the number of vulnerabilities by developing a time series-based sequential model using a long short-term memory neural network. Specifically, this study developed a supervised machine learning based on the non-linear sequential time series forecasting model with a long short-term memory neural network to predict the number of vulnerabilities for three vendors having the highest number of vulnerabilities published in the national vulnerability database (NVD), namely microsoft, IBM and oracle. Our proposed model outperforms the existing models with a prediction result root mean squared error (RMSE) of as low as 0.072.
... While some researchers have evaluated main vulnerability discovery models by using actual data for different operating systems [1], other researchers have assessed the major effects of the exploitation of those vulnerabilities and data security breaches. ...
The evaluation of data breaches and cybersecurity risks has not yet been formally addressed in modern business systems. There has been a tremendous increase in the generation, usage and consumption of industrial and business data as a result of smart and computational intensive software systems. This has resulted in an increase in the attack surface of these cyber systems. Consequently, there has been a consequent increase in the associated cybersecurity risks. However, no significant studies have been conducted that examine, compare, and evaluate the approaches used by the risk calculators to investigate the data breaches. The development of an efficient cybersecurity solution allows us to mitigate the data breaches threatened by the cybersecurity risks such as cyber-attacks against database storage, processing and management. In this paper, we develop a comprehensive, formal model that estimates the two components of security risks: breach cost and the likelihood of a data breach within 12 months. The data used in this model are taken from the industrial business report, which provides the necessary information collected and the calculators developed by the major organizations in the field. This model integrated with the cybersecurity solution uses consolidated factors that have a significant impact on the data breach risk. We propose mathematical models of how the factors impact the cost and the likelihood. These models allow us to conclude that results obtained through the models mitigate the data breaches in the potential and future business system dynamically.
