摘要
分析了度量漏洞的各个指标,提出了强安全性的数学定义,并使用损失量度量和预测漏洞,解决了软件可信性统一量纲问题。同时,讨论了损失量出现规律和漏洞数量发现规律之间的相似性,确定使用预测软件缺陷的模型来预测损失量。通过借鉴经典的G-O模型,建立了软件损失量的预测模型,即提出了基于损失量的G-O漏洞预测模型,并通过使用实际漏洞库中的数据检验了模型的准确性和实用性。
Each index to measure the vulnerability was analyzed. A mathematical definition of strong security was proposed, and the loss measurement and forecasting of vulnerability were used to solve the problem of software dependability uniform dimension. At the same time, loss occurrence law and the number of vulnerabilities found similarities between the law were discussed, to determine whether the use of software defect prediction model to predict the amount of loss. By referring to the classical G-O model, the predictive model of software loss was established, namely model was developed to predict the loss of G-O based vulnerabilities, and the accuracy of the model and the practicability of the test by using the actual data in the vulnerability database.
出处
《电信科学》
北大核心
2015年第S1期99-105,共7页
Telecommunications Science
关键词
安全漏洞
损失量度量
G-O模型
预测模型
security vulnerability
loss measurement
G-O model
prediction model