Measuring and Enhancing Prediction Capabilities of Vulnerability Discovery Models for Apache and IIS HTTP Servers

I
ISSRE
2006
17th International Symposium on Software Reliability Engineering (ISSRE'06)
Abstract - Measuring and Enhancing Prediction Capabilities of Vulnerability Discovery Models for Apache and IIS HTTP Servers

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Omar H. Alhazmi Articles by Yashwant K. Malaiya

17th International Symposium on Software Reliability Engineering (ISSRE'06)

Raleigh, North Carolina

November 07-November 10

ISBN: 0-7695-2684-5

	ASCII Text	x
	Omar H. Alhazmi, Yashwant K. Malaiya, "Measuring and Enhancing Prediction Capabilities of Vulnerability Discovery Models for Apache and IIS HTTP Servers," Software Reliability Engineering, International Symposium on, pp. 343-352, 17th International Symposium on Software Reliability Engineering (ISSRE'06), 2006.

	BibTex	x
	@article{ 10.1109/ISSRE.2006.26, author = {Omar H. Alhazmi and Yashwant K. Malaiya}, title = {Measuring and Enhancing Prediction Capabilities of Vulnerability Discovery Models for Apache and IIS HTTP Servers}, journal ={Software Reliability Engineering, International Symposium on}, volume = {0}, year = {2006}, issn = {1071-9458}, pages = {343-352}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISSRE.2006.26}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Software Reliability Engineering, International Symposium on TI - Measuring and Enhancing Prediction Capabilities of Vulnerability Discovery Models for Apache and IIS HTTP Servers SN - 1071-9458 SP343 EP352 A1 - Omar H. Alhazmi, A1 - Yashwant K. Malaiya, PY - 2006 KW - null VL - 0 JA - Software Reliability Engineering, International Symposium on ER -

Omar H. Alhazmi, Colorado State University

Yashwant K. Malaiya, Colorado State University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISSRE.2006.26

The prediction of the number of vulnerabilities in an HTTP server can allow us to evaluate the security risk associated with its use. Vulnerability discovery models have recently been proposed which can be used to estimate the future number of vulnerabilities expected to be discovered. A detailed analysis of the prediction capabilities of two models termed AML and LVD for the vulnerabilities in the two major HTTP servers is presented. Four complete data sets for Apache and IIS are used, representing an open source and a commercial web server respectively. Both long term predictions involving several years and short term predictions for the following year are considered. Potential methods for enhancing the prediction accuracy are considered. The results show good predictive capabilities of the AML model when constraints are used for estimating the model parameters. The LVD model works well in some special cases when saturation has not yet set in. The results can be used by both developers to plan the test and maintenance effort needed and by users to assess the potential security risks associated with a specific server.

Citation:

Omar H. Alhazmi, Yashwant K. Malaiya, "Measuring and Enhancing Prediction Capabilities of Vulnerability Discovery Models for Apache and IIS HTTP Servers," issre, pp.343-352, 17th International Symposium on Software Reliability Engineering (ISSRE'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.