Categorizing software vulnerabilities using overlapping self-organizing map
Abstract
Software has always been vulnerable to various vulnerably issues. Increasing the number of vulnerabilities and their complexity in the software area has made it more important to categorize them. In this research work, by selecting the MoSCoW prioritization method and by combining it with the SOM self-organizing mapping algorithm, we present a new categorization for the frequent software vulnerabilities. We implemented the proposed method in MATLAB using the relevant tool boxes. The experimental results were evaluated using in-class and out-of-class distance measurements. Classification of software vulnerabilities using OSOM algorithms gives us better results than conventional clustering methods. It can be inferred that the classification of software vulnerabilities is of particular importance in improving the security of a software application. The proposed algorithm can provide an appropriate categorization by taking advantage from the existing overlapping feature.
Keywords
Download Options
Introduction
In many cases, programmers’ faults during programming, which could easily be prevented, create vulnerabilities, providing an opportunity for hackers to misuse it. A proper classification for vulnerability could be sufficient to understand vulnerabilities and propose a solution to prevent them. By collected information from vulnerabilities, suitable classification is achievable, and new vulnerabilities could be easily classified into appropriate classes. Vulnerability classification is a substantial task due to weak software that could be easily manipulated. In the present study, a proper approach for vulnerabilities via MoSCoW method to select reliable database coupled with self-organizing map, is introduced, and the classification results are compared with the self-organizing map. The algorithm is generated from combination of SOM and K-means clustering, and by considering overlapping, a suitable classification is introduced. Overlapped self-organizing map is applied on different databases and is present in acceptable results compared to previous methods, and it is planned to examine the algorithm on software vulnerabilities, leading to appropriate standard classification. This paper is organized as follows: Section 2 describes the few works related to the study. Section 3 presents the applied approach, which in this section; database and extracting Eigen vectors are evaluated. Section 4 is dedicated to experiments and results, and Section 5 discusses the study conclusions.
Conclusion
This article deals with software vulnerability clustering as an important and time-consuming issue for researchers. After selecting a valid database and required fields such as CVE, CWE and vulnerability interpretation, relevant features were extracted. By using WVT tool, TF-IDF of each pattern was obtained and 2997 features were achieved. According to the experiment results, high amount of vulnerability could belong to different patterns. Therefore, it was required to database be evaluated and value of vulnerability database overlapping is obtained 1.01. The proposed OSOM method was introduced as an extension from SOM algorithm by means of overlapped K-means. Classification accuracy increased through a new algorithm via combination of centers and a new definition for winner neuron. The accuracy was obtained from variations in the ordinary self-organized map. After applying experiments on vulnerabilities and evaluation on favorite criterions, it is concluded that overlapped self-organized map could be a suitable approach for software vulnerability classification. Performed activities on the research were only a step to present a standard classification on software vulnerabilities. To have an accurate model, complete date is required. In this research, the overlapped self-organized method has been utilized for prediction, and it is planned to use other unemployed methods for software vulnerabilities classification. Moreover, in future studies. We can use the ideas proposed in OSOM model, for clustering models in which the overlapping issue is not considered.