Jinkun Geng,Daren Ye,Ping Luo

DOI: https://doi.org/10.1007/978-3-319-27161-3_13

2015-01-01

Abstract:Vulnerabilities usually represents the risk level of software, therefore, it is of high value to predict vulnerabilities so as to evaluate the security level of software. Current researches mainly focus on predicting the number of vulnerabilities or the occurrence time of vulnerabilities, however, to our best knowledge, there are no other researches focusing on the prediction of vulnerabilities' severity, which we think is an important aspect reflecting vulnerabilities and software security. To compensate for this deficiency, we propose a novel method based on grey system theory to predict the severity of vulnerabilities. The experiment is carried on the real data collected from CVE and proves the feasibility of our predicting method.

Gul Jabeen,Xi Yang,Ping Luo

DOI: https://doi.org/10.1504/ijics.2021.116302

2021-01-01

Abstract:Software vulnerabilities primarily constitute security risks. Commonalities between faults and vulnerabilities prompt developers to utilise traditional fault prediction models and metrics for vulnerability prediction. Although traditional models can predict the number of vulnerabilities and their occurrence time, they fail to accurately determine the seriousness of vulnerabilities, impacts, and severity level. To address these deficits, we propose a method for predicting software vulnerabilities based on a Markov chain model, which offers a more comprehensive descriptive model with the potential to accurately predict vulnerability type, i.e., the seriousness of the vulnerabilities. The experiments are performed using real vulnerability data of three types of popular software: Windows 10, Adobe Flash Player and Firefox. Our model is shown to produce accurate predictive results.

Chong Li,Xiuping Xie

2020-01-01

Abstract:The time-lag period is usually assumed to be a fixed value in most multivariate grey prediction models. This assumption makes it hard to describe the real characteristics of the analyzed system. This paper proposes a new modeling method based on a generalized time-delay function, which considers both the dynamics and differences of time series. Then a new model DGM(1,N,tau(i)) is designed and compared with existing grey prediction models. The main advantage of the model DGM (1,N ,tau(i)) is that it describes the additive effect of time-delay variables and offers a new dynamic adjustment method to predict this effect. Another advantage is the generality of model DGM(1,N,tau(i)): it can be extended to several other widely used grey models, such as DGM(1,N), DDGM (1,N) and DDGMD(1,N). Some improvements of the classic grey incidence degree calculation and a new reverse flip sequence operator are provided to reduce the negative effect of subjective modeling factor selection. These optimization methods improve the stability of predictions. A case study of China 's agricultural output forecast is provided to test the new model. It considers several available sample scenarios and includes all situations that result from the subjective judgment of modeling factors. Results show that the new model can model the complex effect of time delays, and it also has higher prediction accuracy than the other three classic models.

Shuang Wu,Congyi Wang,Jianping Zeng,Chengrong Wu

DOI: https://doi.org/10.1109/asid50160.2020.9271730

2020-01-01

Abstract:Vulnerabilities have been widely exploited to launch various cyberattacks, and become one of the most popular network security problems. Several kinds of research on vulnerabilities have been carried out, such as, mining vulnerability, tracing vulnerability, forecasting vulnerability, and so on. Vulnerability forecasting models make the prediction of zero-day vulnerabilities possible, hence they can help us learn more about the number of vulnerabilities in future days and take defence measures in advance. However, most of these models stem from statistics, which cannot adapt to our application scenario very well. Unlike traditional statistical methods, we propose a vulnerability forecasting method based on multivariable LSTM and carry on experiments on the NVD data set. In comparison with ARIMA, our method perform better in number prediction of vulnerabilities.

Jinkun Geng,Ping Luo

DOI: https://doi.org/10.1007/s11859-016-1162-9

2016-01-01

Wuhan University Journal of Natural Sciences

Abstract:Software vulnerability is always an enormous threat to software security. Quantitative analysis of software vulnerabilities is necessary to the evaluation and improvement of software security. Current vulnerability prediction models mainly focus on predicting the number of vulnerabilities regardless of the seriousness of vulnerabilities, therefore these models are unable to reflect the security level of software accurately. Starting from this, we propose a vulnerability prediction model based on probit regression in this paper. Unlike traditional ones, we measure the seriousness of vulnerability by the loss it causes and aim at predicting the accumulative vulnerability loss rather than the number of vulnerabilities. To validate our model, experiment is carried out on two software — OpenSSL and Xpdf, and the experimental result shows a good performance of our model.

楼玉,张清,刘国华,范庆来

DOI: https://doi.org/10.3969/j.issn.1004-6933.2005.01.003

2005-01-01

Abstract:The general grey model GM (1,1) cannot take multi variables into account in forecast problems with several variables relating with each other and few observation data available. In this paper, a self-adapting MGM (1,n) model, which is a grey multi-variable forecasting model, is introduced to solve this problem. The MGM (1,n) model is an extension of GM (1,1) in the case of n variables. Through the application of the grey MGM (1,n) model to statistical data of water consumption in Hangzhou City, satisfying results are obtained. The results show that the proposed method is feasible and effective for application.

Yong Wang,Qinbao Song,Stephen MacDonell,Martin Shepperd,Junyi Shen

DOI: https://doi.org/10.1109/tsmcc.2009.2020690

2009-01-01

Abstract:Background: Software effort prediction clearly plays a crucial role in software project management. Problem: In keeping with more dynamic approaches to software development, it is not sufficient to only predict the whole-project effort at an early stage. Rather, the project manager must also dynamically predict the effort of different stages or activities during the software development process. This can assist the project manager to reestimate effort and adjust the project plan, thus avoiding effort or schedule overruns. Method: This paper presents a method for software physical time stage-effort prediction based on grey models GM(1,1) and Verhulst. This method establishes models dynamically according to particular types of stage-effort sequences, and can adapt to particular development methodologies automatically by using a novel grey feedback mechanism. Result: We evaluate the proposed method with a large-scale real-world software engineering dataset, and compare it with the linear regression method and the Kalman filter method, revealing that accuracy has been improved by at least 28% and 50%, respectively. Conclusion: The results indicate that the method can be effective and has considerable potential. We believe that stage predictions could be a useful complement to whole-project effort prediction methods.

Carlos E. Budde,Ranindya Paramitha,Fabio Massacci

2024-11-18

Abstract:Software security mainly studies vulnerability detection: is my code vulnerable today? This hinders risk estimation, so new approaches are emerging to forecast the occurrence of future vulnerabilities. While useful, these approaches are coarse-grained and hard to employ for project-specific technical decisions. We introduce a model capable of vulnerability forecasting at library level. Formalising source-code evolution in time together with library dependency, our model can estimate the probability that a software project faces a CVE disclosure in a future time window. Our approach is white-box and lightweight, which we demonstrate via experiments involving 1255 CVEs and 768 Java libraries, made public as an open-source artifact. Besides probabilities estimation, e.g. to plan software updates, this formal model can be used to detect security-sensitive points in a project, or measure the health of a development ecosystem.

Software Engineering,Cryptography and Security,Emerging Technologies

Xuesong Guo,Linyan Sun,Zhe Liu

2007-01-01

Abstract:In recent years, forecast of development of manufacturing industry has been receiving more and more attentions. Though many methods have been proposed to address this problem, many difficulties such as uncertainty of social system, changes of parameters of the model still exist to affect the performance of forecasting model. This paper proposes a hybrid methodology that exploits strengths of both grey system and support vector machine model in forecasting time series, and deals with the application of the proposed methodology in manufacturing time series forecasting. In this study, a grey support vector machines (GSVM) with differential evolution algorithms is proposed. In addition, GM (1, N) model of grey system is used to add a grey layer before neural input layer and white layer after support vector machine layer. Differential evolution (DE) algorithm is used to determine free parameters of support vector machines. Evaluation method has been used for comparing the performance of forecasting techniques. The experiments show that the proposed model in this paper outperforms either GM (1, N) model or support vector machine model with DE algorithms in the field of forecast.

江钒,雷凯

DOI: https://doi.org/10.3969/j.issn.1002-3100.2009.09.021

2009-01-01

Abstract:According to the situation of lack of statistical data, this paper makes use of the time sequence prediction theory of nonlinear grey GM(1,1,α) Model to predict the port throughput based on the data of LianYungang port throughput from 2003 to 2007, and expounds the application of nonlinear grey forecasting method. Results show that the nonlinear grey GM(1,1,α) model can prediction of adaptability, high precision, simple, and can effectively solve the port throughput prediction problem.

Kai Zhang,Kedong Yin,Wendong Yang

DOI: https://doi.org/10.1016/j.eswa.2023.119889

IF: 8.5

2023-03-19

Expert Systems with Applications

Abstract:In grey system theory, the performance of an established grey forecasting model largely depends on how efficiently the grey information can be measured from data. Most existing grey forecasting models use grey accumulating generators to obtain grey information. However, not all grey information helps improve the performance of grey forecasting models. Consequently, simple accumulation leads to the accumulation of error from invalid grey information, which deteriorates the model performance. To address this issue, valid and invalid grey information were defined in this study according their contributions to the model performance. Further, it was proposed to use a Bernoulli distribution to simulate the distribution of valid/invalid grey information . Based on that probability, a probabilistic accumulation operator was designed to compute grey information, and this grey information was utilized to establish a probabilistic accumulation operator-based grey forecasting model (PGM(1,1)). PGM(1,1) is advanced in terms of forecasting because it is not negatively affected by invalid grey information. PGM(1,1) was tested on five public datasets and compared to other grey models as well as a wide range of other forecasting models, achieving state-of-the-art performance. In addition, a comprehensive analysis was conducted to demonstrate how the forecasting performance benefits from identifying valid/invalid grey information in PGM(1,1).

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Ou Li,Bailin Liu,Chenhao Li,Dan Gao

DOI: https://doi.org/10.21307/ijanmc-2020-027

2020-01-01

Abstract:Abstract The demand for spare parts of weapons and equipment is time-varying and random. It is difficult to predict the demand for spare parts. Therefore, on the basis of gray GM(1,1), a state transition probability matrix based on improved state division is used to establish a demand forecast model for weapon equipment and spare parts. The model not only considers the characteristics of the GM(1,1) model’s strong handling of monotonic sequences, but also extracts the characteristics of random fluctuation response of data through the transformation of the state transition probability matrix, avoiding the phenomenon of the worst prediction results when the maximum probability state is not the actual state. It is proved through experiments that the prediction result based on the improved gray-Markov model is superior to the traditional model and the classic gray-Markov prediction model, and the accuracy of the improved model is about 1.46 times higher than that of the gray model.

Zhenxin Zhan,Maochao Xu,Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.1603.07432

2016-03-24

Abstract:It is important to understand to what extent, and in what perspectives, cyber attacks can be predicted. Despite its evident importance, this problem was not investigated until very recently, when we proposed using the innovative methodology of {\em gray-box prediction}. This methodology advocates the use of gray-box models, which accommodate the statistical properties/phenomena exhibited by the data. Specifically, we showed that gray-box models that accommodate the Long-Range Dependence (LRD) phenomenon can predict the attack rate (i.e., the number of attacks per unit time) 1-hour ahead-of-time with an accuracy of 70.2-82.1\%. To the best of our knowledge, this is the first result showing the feasibility of prediction in this domain. We observe that the prediction errors are partly caused by the models' incapability in predicting the large attack rates, which are called {\em extreme values} in statistics. This motivates us to analyze the {\em extreme-value phenomenon}, by using two complementary approaches: the Extreme Value Theory (EVT) and the Time Series Theory (TST). In this paper, we show that EVT can offer long-term predictions (e.g., 24-hour ahead-of-time), while gray-box TST models can predict attack rates 1-hour ahead-of-time with an accuracy of 86.0-87.9\%. We explore connections between the two approaches, and point out future research directions. Although our prediction study is based on specific cyber attack data, our methodology can be equally applied to analyze any cyber attack data of its kind.

Cryptography and Security,Applications

Xixia Gou,Jun Bi,Wei Guan,Guangyu Zhu

DOI: https://doi.org/10.1109/CCDC.2008.4598026

2008-01-01

Abstract:Prediction of the railway freight volume is the important basis of policy-making departments to make strategies. In practice, it's difficult to get all the information that affect freight transport volume, so using grey forecasting model will reach the target with only poor information. In this paper, the GM (1, 1) model, Dynamic GM(1, 1) model and modified residual error GM(1, 1) model are used to predict the rail freight volume and test the precision of the models. The experiment result shows that modified residual error GM(1,1)model has the highest accuracy and is suitable for short-time forecasting of freight volume. © 2008 IEEE.

Qifan Yin,Youbing Chu,Qinglian Zhang,Zhipeng Liu,Sheng Cheng,Zhongliang Jing

DOI: https://doi.org/10.1109/icrca60878.2024.10649313

2024-01-01

Abstract:On the basis of the gray GM (2,1) model and Markov model, this paper predicts the failure of the electronic and electrical measurement equipment. Once the electronic and electrical measurement equipment fails, it will seriously affect the measurement and test results, which causes the quality of the products out of control. In order to reduce risk of failure, the gray model is established with the raw data of the failure prediction history which predicted the future failure of the equipment. According to the gray model, the state interval of the Markov model is divided, the state transition probability matrix is constructed, the predicted value of the model is corrected, the prediction of the equipment failure is completed. The failure of electronic and electrical measurement equipment of a company for 7 years or more is analyzed. The example results show that the average relative error of the combined prediction model is 0.063. The average relative error of the combined prediction model is 0.093 smaller than that of the single GM (2,1) model. The accuracy of the combined prediction model is comparatively higher.

Xiaozhi Du,Shiming Zhang,Yanrong Zhou,Hongyuan Du

DOI: https://doi.org/10.1016/j.jss.2024.112039

IF: 3.5

2024-01-01

Journal of Systems and Software

Abstract:Facing the increasing number of software vulnerabilities, the automatic analysis of vulnerabilities has become an important task in the field of software security. However, the existing severity prediction methods are mainly based on vulnerability descriptions and ignore the relevant features of vulnerability code, which only includes unimodal information and result in low prediction accuracy. This paper proposes a vulnerability severity prediction method based on bimodal data and multi-task learning. First the bimodal data, which consists of the description and source code of each vulnerability, is preprocessed. Next the GraphCodeBert is used for the word embedding module to extract different vulnerability features from the bimodal data. Then the Bi-GRU with attention mechanism is adopted for further feature extraction of vulnerability severity. Considering the strong correlation between the two tasks of vulnerability severity prediction and exploitability prediction, this paper proposes a multi-task learning approach, which allows the model to learn the connection and shared information between different tasks through a hard parameter sharing strategy, so as to achieve more accurate and reliable prediction of vulnerability severity. Experimental results show that the severity prediction method proposed in this paper outperforms state-of-the-art methods, and can achieve an average F1 score of 93.83% on the public vulnerability dataset.

Min Jin,Xiang Zhou,Zhi M. Zhang,Manos M. Tentzeris

DOI: https://doi.org/10.1016/j.eswa.2011.07.072

IF: 8.5

2012-01-01

Expert Systems with Applications

Abstract:Power load has the characteristic of nonlinear fluctuation and random growth. Aiming at the drawback that the forecasting accuracy of general GM(1,1) model goes down when there is a greater load mutation, this paper proposes a new grey model with grey correlation contest for short-term power load forecasting. In order to cover the impact of various certain and uncertain factors in climate and society on the model as fully as possible, original series are selected from different viewpoints to construct different forecasting strategies. By making full use of the characteristic that GM(1,1) model can give a perfect forecasting result in the smooth rise and drop phase of power load, and the feature that there are several peaks and valleys within daily power load, the predicted day is divided into several smooth segments for separate forecasting. Finally, the different forecasting strategies are implemented respectively in the different segments through grey correlation contest, so as to avoid the error amplification resulted from the improper choice of initial condition. A practical application verifies that, compared with the existing grey forecasting models, the proposed model is a stable and feasible forecasting model with a higher forecasting accuracy.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Yaping Li,Zhen Chen,Liangyan Tao,Sifeng Liu,Xiaojun Guo

2017-01-01

Journal of grey system

Abstract:This paper presents a novel multi-variable grey prediction model GMI(1,N) based on grey incidence analysis. In the proposed forecasting model relationships between variables ignored in the current literature, is considered Grey incidence degree (GID) is used to express the relationships between variables, and for each relevant sequence, there is a GID sequence to describe its relationship with the feature sequence. The multi-variable grey prediction model GMI(1,N) is established by considering added GID sequences. To check the effectiveness and feasibility, the case of Sino-Russian Timber Trade Volume Forecasting is presented Several conclusions are shown in the case. First, AME decreases with the increasing size of relevant factors until AME=0 and for both GM(1,N) and GMI(1,N) models, AME=0 is a mutational point. Second, before AME=0, the accuracy of GMI(1,N) is higher than that of GM(1,N). Third, from the viewpoint of AME, the GMI(1,N) model converges better than the GM(1,N) model.

Gul Jabeen,Xi Yang,Ping Luo,Sabit Rahim

DOI: https://doi.org/10.3966/199115992019063003002

2019-01-01

Abstract:A variety of software reliability growth models have been proposed to analyze the reliability of software, such as stochastic process models, neural network models and grey theory models. When dealing with the limited amount of failure data, researchers tend to seek for non-stochastic approaches because stochastic models require large samples of data to determine underlying distributions. However non-stochastic approaches fail to deal with more fluctuating data sequences. In this paper, we have used Grey-Markov Chain Model (G-MCM) and show the effectiveness of model in handling dynamic software reliability data. G-MCM combines the advantages of both grey prediction model (GM(1,1) and Markov Chain Model. GM (1,1) can robustly deal with incomplete and imperfect information and gives excellent prediction outcomes. At the same time, it takes the advantage of predictive power of Markov chain which decreases the random variability of the data and zpositively effects the forecasting accuracy. Musa's failure datasets from various projects have been used to evaluate the prediction capability of G-MCM and compared with GM (1,1) and Modified Jelinski-Moranda reliability prediction model. The comparison shows that the G-MCM has better prediction results than other models and has adequate applicability in software reliability prediction.

Lianyi Liu,Sifeng Liu,Yingjie Yang,Xiaojun Guo,Jinghe Sun

DOI: https://doi.org/10.1016/j.engappai.2024.108986

IF: 8

2024-07-20

Engineering Applications of Artificial Intelligence

Abstract:As a sparse data analysis method, a grey model faces challenges in interpretability for its effective application in uncertain systems. This study proposes a generalized grey model (GGM) based on symbolic regression, designed to improve the intelligence and adaptability of grey models. The GGM serves as a unified framework, integrating various grey model families and addresses regression challenges to determine the model structure. Symbolic regression in the GGM identifies symbolic input-output relationships, offering an interpretable approach for structure determination. By leveraging the non-uniqueness principle in grey system theory and employing structural penalty parameters, the model balances complexity and interpretability. A comparative analysis between GGM and conventional grey function models is conducted focusing on the differences in modeling, structure identification, and parameter optimization. Validation on the M3 competition dataset demonstrated the GGM's superior performance, achieving a significant reduction in prediction error compared to other grey forecasting models. Additionally, a rigorous analysis of aircraft lifespan data underscored the robustness and accuracy of GGM in practical engineering applications.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary