CN101436240A - Method and system for forecasting software loophole publish quantities - Google Patents

Abstract

The invention relates to the field of computer network security, in particular to a method and a system for predicting the number of software vulnerability exposures. A model for predicting the software vulnerability exposures has multiple periods for depicting multiple increasing phase processes in the process of the software vulnerability exposures, and simultaneously a computation method for optimal values of all parameters is provided, and according to obtained data, a method for estimating the future vulnerability exposure process and the total number of software vulnerabilities is provided. The invention can depict the break-out process of multi-stage vulnerabilities, thereby expanding the prior model for predicting the vulnerability exposures with single increasing process, enhancing the effectiveness and application range of the prior model and improving the accuracy of prediction results.

Description

A kind of method and system of forecasting software loophole publish quantities

Technical field

The present invention relates to computer network security field, be specifically related to a kind of method of forecasting software loophole publish quantities and the system of forecasting software loophole publish quantities.

Background technology

Software security flaw is the defective of software itself, and it may cause, and code is unusual, systemic breakdown, even is invaded by hacker's utilization, causes bigger loss.Therefore, software vulnerability quantity is one of important indicator of software security assessment, also is one of key factor of considering of information system security test and appraisal.The leak prediction is different with leak analysis: leak analysis focuses on accurately detecting the position of software vulnerability and being repaired, and the leak prediction focuses on the leak quantity from the macroscopic perspective analysis software.Along with software vulnerability is found one by one, the remaining unknown leak of software is detected the input that is spent be exponential growth, therefore the quantity of can not the method by leak analysis accurately determining software vulnerability produced and carried out the leak forecast method from macroscopic perspective.The feasibility of software security risk quantification has been established in the work of leak prediction.

In order to carry out modeling to the leak issue, Rescorla has proposed linear model and exponential model, but these two kinds of models all do not have conspicuousness.Anderson analogy thermodynamics has proposed leak and has found model, but effectively do not tested.Gophalakrishna and Spafford have studied the discovery trend of leak in its technical report, but do not propose any model.Arbach and Browne have used the report of CERT, and have proposed leak sum and square viewpoint that is directly proportional of time.Browne has proposed leak and has utilized model VEM.Alhazmi has summed up the AML model on forefathers' basis.Afterwards, Alhazmi carries out sort research to multiple leak type, finds that leak quantity and time relationship are also followed the AML model substantially for different leak types.Kim carries out the analysis of leak issue rule to a plurality of versions of software on the AML model based, proposed many versions of software model.Life cycle after the AML model is issued software is divided into three phases: during the initial stage, the leak issuing process is comparatively mild; Enter subordinate phase afterwards, fast stage rise period, the quantity of leak issue increases sharply in time; In the phase III, issue speed enters the mild phase once more.The model progress relatively before of AML model is many, have applicability widely, but still there is its limitation in it.The leak issuing process that it can not fine match Windows NT for example.

Summary of the invention

At the problems referred to above, the object of the present invention is to provide a kind of method of forecasting software loophole publish quantities and the system of forecasting software loophole publish quantities.The present invention introduces the multicycle notion, utilizes multicycle leak issue forecast model, describes in the life cycle after software is issued a plurality of quick epacmastic situations to occur, has increased the validity and the scope of application of existing model, has improved the accuracy that predicts the outcome.

The present invention is based on following design and derives vulnerability model:

Different software has different burst processes, and the different cycles is promptly arranged, and in order to describe different cycles, the present invention introduces periodic function f (t), and leak issues when initial, and rate of growth differs and is decided to be 0.Simultaneously, the leak sum of leak issuing process can not reduce, and promptly publish quantities is an increasing function, and the whole leak issue sum of software is fixed, and introduces increasing function g (t), derives vulnerability model $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\αf}\left(n\right)}{g\left(n\right)}.$

Suppose that V represents the leak number of a software outwardness, the leak number that a software of Ω (t) expression is disclosed by time t.Leak issue rate of growth is carried out modeling, obtains following expression:

$\frac{\mathrm{d\Ω}\left(t\right)}{\mathrm{dt}}=\frac{\mathrm{\αf}\left(t\right)}{g\left(t\right)},$ F (t) is the periodic function greater than 0, and g (t) is the increasing function greater than 0;

Loophole publish quantities is represented to the rate of growth of time in the following formula left side, and both sides integration simultaneously obtain: ${\∫}_0^u\mathrm{d\Ω}\left(t\right)=\mathrm{\Ω}\left(u\right)-\mathrm{\Ω}\left(0\right)={\∫}_0^u\frac{\mathrm{\αf}\left(t\right)}{g\left(t\right)}\mathrm{dt}$

When therefore initial, loophole publish quantities is 0, i.e. Ω (0)=0 is so obtain $\mathrm{\Ω}\left(u\right)={\∫}_0^u\frac{\mathrm{\αf}\left(t\right)}{g\left(t\right)}\mathrm{dt}$

Wherein u represents the moment that certain is predetermined.

Consider the discreteness of leak issuing process, the present invention uses discrete function to carry out modeling, obtains following leak issue forecast model:

$\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\αf}\left(n\right)}{g\left(n\right)}$ (α>0，δ>0)

Concrete, can make f (n)=sin ²(β n+ φ), g (n)=n ^m+ δ, i.e. the vulnerability model that leak information analysis module extracts is $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\α}{\sin }^2(\mathrm{\β}\·n+\mathrm{\φ})}{n^m+\mathrm{\δ}}$ , β is a software attention rate coefficient, and φ is an initial compromise publish quantities parameter, and δ is the software development process coefficient, and m is the even number greater than 1.

The present invention proposes a kind of method of forecasting software loophole publish quantities, and its step is as follows:

1) extract software leak information in the past by the software vulnerability information extraction modules, described leak information comprises the loophole publish quantities of described software in continuous unit interval.

2) leak information analysis module adopts following software vulnerability model integrating step 1) software that obtains in the past leak information draw model parameter: $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\αf}\left(n\right)}{g\left(n\right)}$ , the loophole publish quantities of Ω (t) in the expression t time; Model parameter α is the software size coefficient, and f (n) is the periodic function greater than 0, and g (n) is the increasing function greater than 0.

3) the leak prediction module receives the input of predicted time section, draws leak quantity in this predicted time section according to above-mentioned model and model parameter.

Further, in the method for above-mentioned forecasting software loophole publish quantities, described f (n)=sin ²(β n+ φ), g (n)=n ^m+ δ, wherein β is a software attention rate coefficient, and φ is an initial compromise publish quantities parameter, and δ is the software development process coefficient, and m is the even number greater than 1, thereby vulnerability model is $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\α}{\sin }^2(\mathrm{\β}\·n+\mathrm{\φ})}{n^m+\mathrm{\δ}}.$

The present invention proposes a kind of system of forecasting software loophole publish quantities simultaneously, and system comprises software vulnerability information extraction modules, leak information analysis module and leak prediction module; Described software vulnerability information extraction modules is used to extract the leak information of software in the continuous time interval issue; Described leak information analysis module is according to software vulnerability model $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\αf}\left(n\right)}{g\left(n\right)}$ Draw model parameter value in conjunction with above-mentioned leak information; Described leak prediction module receives the input of predicted time section, and draws leak quantity in this predicted time section according to above-mentioned vulnerability model and parameter, wherein, and the loophole publish quantities of Ω (t) in the expression t time; α is the software size coefficient, and f (n) is the periodic function greater than 0, and g (n) is the increasing function greater than 0.

Further, above-mentioned vulnerability model is $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\α}{\sin }^2(\mathrm{\β}\·n+\mathrm{\φ})}{n^m+\mathrm{\δ}}$ , β is a software attention rate coefficient, and φ is an initial compromise publish quantities parameter, and δ is the software development process coefficient, and m is the even number greater than 1.

Advantage of the present invention and good effect are as follows:

1. the present invention proposes multicycle leak issue model, can carry out cyclic forecast to leak at the multicycle characteristics that occur in the leak issuing process.

2. the present invention provides the evaluation method of each parameter initial value in the described model, the present invention success match AML etc. at present common model can not match the software vulnerability issuing process, through experiment, the issue rule that more meets leak, increase the validity and the scope of application of leak prediction, improved the accuracy that predicts the outcome.

Description of drawings

The method flow diagram of Fig. 1 forecasting software loophole publish quantities of the present invention;

The synoptic diagram of Fig. 2 forecasting software loophole publish quantities of the present invention system;

The fitting result of true issuing process of Fig. 3 Windows Vista leak and embodiment of the invention model;

Fig. 4 embodiment of the invention model, AML model are for the Vista fitting result chart;

Fig. 5 embodiment of the invention model, AML model are for the Win98 fitting result chart;

Fig. 6 embodiment of the invention model is for the fitting result chart of WinXp.

Embodiment

In order to be more readily understood the present invention, at first introduce forecasting software loophole publish quantities of the present invention system, as shown in Figure 2, this system comprises:

The software vulnerability information extraction modules is used to extract the leak information of software in the continuous time interval issue.

Leak information analysis module analysis according to software vulnerability model, utilizes above-mentioned leak information analysis to draw model parameter value.

The leak prediction module is used to receive the input of predicted time section, and draws leak quantity in this predicted time section according to above-mentioned vulnerability model and parameter.

Introduce the simplest periodic function sin (x) in the present embodiment, introduce other function, for example cos (x) etc. has identical meaning, because sin (x+ pi/2)=cos (x).Therefore the cycle difference of different software adds factor beta before the cycle.This moment, model became F (x)=sin (β x).And rate of growth differs and is decided to be 0 in the time of initial, so will add the side-play amount of a constant when the derivation model, uses increasing function F (x)=α sin ²(β x+ φ).Simultaneously, because of the leak sum has the limit, promptly $\underset{t\→\∞}{\lim }\mathrm{d\Ω}/\mathrm{dt}=0,$ Make leak issue that the limit always be arranged, introduce a subtraction function in the present embodiment, the vulnerability model that present embodiment is derived is $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\mathrm{\α}{\sin }^2(\mathrm{\β}\·n+\mathrm{\φ})/(n^2+\mathrm{\δ})$ (α〉0, δ〉0), and with the loophole publish quantities of a software of described model prediction.φ is the side-play amount of a constant; α represents the size of leak quantity growth in the rise period; β represents the cycle difference of different software; δ is the software development process coefficient.

With reference to Fig. 1, provide the detailed process of forecasting software loophole publish quantities of the present invention below.

1, extracts leak issue historical data

With the certain hour unit of being spaced apart, write down loophole publish quantities in the corresponding time interval, can be unit with day, week, a month constant duration in the reality.The present invention is from the quantity (also can directly obtain data the leak database) of certain software vulnerability issue of internet search, the quantity of statistics certain software vulnerability issue in continuous some time interval, and, be recorded in sequence Y=＜Y according to the issuing time series arrangement ₁, Y ₂..., Y _nIn, write down sequence of natural numbers X=＜X simultaneously ₁, X ₂..., X _n.

In the leaching process of information, often find just leaky announcement before the software issue, this may belong to the leak data of software test version, therefore is not counted in the leak information category.If loophole publish quantities seldom in first time interval after the software issue, and keep the some time interval and all do not have new leak issue, until t cycle the issue of new leak is arranged, directly carry out modeling from t cycle this moment when extracting the leak distributing data.For example in the 1st time interval, leak has been issued 1, and next continuous 5 time interval leak quantity do not change, and up to the 6th time interval, loophole publish quantities just begins to increase gradually.At this moment, when extracting the leak distributing data, with removing the leak in preceding 5 cycles, directly since the 6th cycle modeling.It should be noted that only has initial period just to carry out such processing.In the ending phase of leak issue,, be about to the last tailend of issuing the time phase of new leak as the leak information data if there is not new leak issue.

2, the parameter in the calculating vulnerability model

For obtaining model $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\mathrm{\α}{\sin }^2(\mathrm{\β}\·n+\mathrm{\φ})/(n^2+\mathrm{\δ})$ (α〉0, δ〉0) in optimized parameter, at first need to know the evaluation criterion of model quality.The present invention uses the standard of comparison of the method for Chi-square Test commonly used in the world as the model quality.

The computing method of the side's of card coefficient are as follows:

${\mathrm{\χ}}^2=\underset{i=1}{\overset{n}{\mathrm{\Σ}}}\frac{{(o_i-e_i)}^2}{e_i}$

Here O _iThe expression observed reading, e _iThe expectation value of representation model.Theoretical value and observed reading are approaching more, and the side's of card coefficient is just more little, and fitting effect is also good more.Whether match is successful for a model, needs checking under specific degree of freedom, and whether the side's of card coefficient is less than a special value.

Present embodiment uses least square method to calculate the value of each parameter, makes card side's coefficient minimum, in practice also can be with other method calculating parameter value.

Order $S\left(x\right)=\frac{\mathrm{\α}{\sin }^2(\mathrm{\β}\·x+\mathrm{\φ})}{x^2+\mathrm{\δ}}$ , target is asked $\underset{S\∈\mathrm{\Φ}}{\min }\left(\underset{i}{\mathrm{\Σ}}\frac{{(S\left(x_i\right)-Y_i)}^2}{S\left(x_i\right)}\right)$ , Y wherein _iBe the observed reading of loophole publish quantities in the time interval, x _iIt is corresponding issuing time.

Order again $P=\underset{i}{\mathrm{\Σ}}\frac{{(S\left(x_i\right)-Y_i)}^2}{S\left(x_i\right)}=\underset{i}{\mathrm{\Σ}}(S\left(x_i\right)+\frac{Y_i^2}{S\left(x_i\right)}-2Y_i)$

Need P partial derivative minimum to each parameter for asking the minimal value of P this moment.

$\frac{\∂P}{\∂\mathrm{\α}}=\underset{i}{\mathrm{\Σ}}\frac{\∂S}{\∂\mathrm{\α}}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=\underset{i}{\mathrm{\Σ}}\frac{{\sin }^2(\mathrm{\β}\·x_i+\mathrm{\φ})}{{x_i}^2+\mathrm{\δ}}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=0$

$\frac{\∂P}{\∂\mathrm{\β}}=\underset{i}{\mathrm{\Σ}}\frac{\∂S}{\∂\mathrm{\β}}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=\underset{i}{\mathrm{\Σ}}\frac{\mathrm{\α}2\sin (\mathrm{\β}{x}_i+\mathrm{\φ})\cos ({\mathrm{\βx}}_i+\mathrm{\φ})x_i}{{x_i}^2+\mathrm{\δ}}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=0$

$\frac{\∂P}{\∂\mathrm{\φ}}=\underset{i}{\mathrm{\Σ}}\frac{\∂S}{\∂\mathrm{\φ}}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=\underset{i}{\mathrm{\Σ}}\frac{\mathrm{\α}\sin (\mathrm{\β}{\·x}_i+\mathrm{\φ})\cos ({\mathrm{\β}\·x}_i+\mathrm{\φ})x_i}{{x_i}^2+\mathrm{\δ}}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=0$

$\frac{\∂P}{\∂\mathrm{\δ}}=\underset{i}{\mathrm{\Σ}}\frac{\∂S}{\∂\mathrm{\δ}}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=\underset{i}{\mathrm{\Σ}}\frac{\mathrm{\α}\·{\sin }^2(\mathrm{\β}\·x_i+\mathrm{\φ})}{{({x_i}^2+\mathrm{\δ})}^2}(1-\frac{Y_i^2}{S{\left(x_i\right)}^2})=0$

Following formula is carried out abbreviation:

$\left\{\begin{array}{c}{\mathrm{\α}}^2\underset{i}{\mathrm{\Σ}}\frac{{\sin }^2(\mathrm{\β}\·x_i+\mathrm{\φ})}{({x_i}^2+\mathrm{\δ})}=\underset{i}{\mathrm{\Σ}}\frac{Y_i^2({x_i}^2+\mathrm{\δ})}{{\sin }^2(\mathrm{\β}\·x_i+\mathrm{\φ})}\\ {\mathrm{\α}}^2\underset{i}{\mathrm{\Σ}}{x}_i\frac{\sin \left(2(\mathrm{\β}{x}_i+\mathrm{\φ})\right)}{({x_i}^2+\mathrm{\δ})}=\underset{i}{\mathrm{\Σ}}{x}_i\frac{Y_i^2({x_i}^2+\mathrm{\δ})\sin \left(2({\mathrm{\βx}}_i+\mathrm{\φ})\right)}{{\sin }^4(\mathrm{\β}\·x_i+\mathrm{\φ})}\\ {\mathrm{\α}}^2\underset{i}{\mathrm{\Σ}}\frac{\sin \left(2(\mathrm{\β}{x}_i+\mathrm{\φ})\right)}{({x_i}^2+\mathrm{\δ})}=\underset{i}{\mathrm{\Σ}}\frac{Y_i^2({x_i}^2+\mathrm{\δ})\sin \left(2({\mathrm{\βx}}_i+\mathrm{\φ})\right)}{{\sin }^4(\mathrm{\β}\·x_i+\mathrm{\φ})}\\ {\mathrm{\α}}^2\underset{i}{\mathrm{\Σ}}\frac{{\sin }^2(\mathrm{\β}\·x_i+\mathrm{\φ})}{{({x_i}^2+\mathrm{\δ})}^2}=\underset{i}{\mathrm{\Σ}}\frac{Y_i^2}{{\sin }^2(\mathrm{\β}\·x_i+\mathrm{\φ})}\end{array}\right.$

By the MATLAB program, can solve the numerical solution of above-mentioned system of equations.For the validity of verification model, the side's of card coefficient hour calculates each parameter value, uses the MATLAB program to carry out equally, the calculating that following program can the side's of card coefficient:

fun1＝zeros(length(x)，1)；

g＝zeros(2，1)；

tmp＝zeros(4，1)；

a＝p(1)；

b＝p(2)；

ph＝p(3)；

d＝p(4)；

save＝zeros(length(x)，1)；％save for the sum of computed value

test＝zeros(length(x)，2)；

for i＝1:length(x)

tmp(1)＝sin(b*x(i)+ph)；

tmp(2)＝x(i)^2+d；

tmp(3)＝tmp(1)/tmp(2)；

funl(i，2)＝tmp(1)^2*a/tmp(2)；

if(i＝＝1)

save(i)＝fun1(i，2)；

else

save(i)＝save(i-1)+fun1(i，2)；

end

fun1(i，1)＝save(i)；

g(2)＝g(2)+(save(i)-zz(i))^2/save(i)；

fun1(i，3)＝zz(i)；

fun1(i，4)＝g(2)；

end

test(:，1)＝fun1(:，3)；

test(:，2)＝fun1(:，1)；

fun(1，:)＝fun1(1ength(x)，:)；

The occurrence of the α that calculates, β, Φ, δ parameter obtains concrete vulnerability model.At different software, the α that calculates, β, Φ, δ parameter value difference, the concrete model that obtains is also different, but all is the multicycle model.

3, the following publish quantities of forecasting software leak

Utilize above-mentioned vulnerability model, insert the concrete numerical value of t, can solve this software on following certain specific time point, the leak quantity of issue.When getting specific time t infinity, be exactly the leak sum of software.

Under the identical situation of α, β, Φ, δ parameter value, above-mentioned multicycle leak issue forecast model, described leak issue forecast model is $\mathrm{\Ω}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\Σ}}}\frac{\mathrm{\α}-\mathrm{\α}{\cos }^2(\mathrm{\β}\·n+\mathrm{\φ})}{n^2+\mathrm{\δ}}$ (α〉0, δ〉0), also can be expressed as the cosine relation formula, have too periodically.

Providing the concrete vulnerability model of the present invention that utilizes below predicts with the following process of issuing of a software vulnerability:

Need to suppose prediction t ₁The quantity U of leak issue in the individual time interval, use following expression to calculate:

$U\left(t_1\right)=\frac{{\mathrm{\α}\sin }^2(\mathrm{\β}\·t_1+\mathrm{\φ})}{{t_1}^2+\mathrm{\δ}}$

By t ₁Announced leak adds up to:

$\mathrm{\Ω}\left(t_1\right)=\underset{n=1}{\overset{t_1}{\mathrm{\Σ}}}\frac{\mathrm{\α}{\sin }^2(\mathrm{\β}\·n+\mathrm{\φ})}{n^2+\mathrm{\δ}}$

The total number of the leak of this software can make estimation with the following method:

Because $\mathrm{\&Omega;}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\&Sigma;}}}\frac{\mathrm{\&alpha;}{\sin }^2(\mathrm{\&beta;}\&CenterDot;n+\mathrm{\&phi;})}{n^2+\mathrm{\&delta;}}<\underset{n=1}{\overset{t}{\mathrm{\&Sigma;}}}\frac{\mathrm{\&alpha;}}{n^2+\mathrm{\&delta;}}$

So $\underset{t\&RightArrow;\&infin;}{\lim }\mathrm{\&Omega;}\left(t\right)<\underset{t\&RightArrow;\&infin;}{\lim }\underset{n=1}{\overset{t}{\mathrm{\&Sigma;}}}\frac{\mathrm{\&alpha;}}{n^2+\mathrm{\&delta;}}=\frac{1}{2}\mathrm{\&alpha;}\frac{-1+{\mathrm{\&delta;}}^{1/2}\mathrm{\&pi;}\&CenterDot;\coth \left({\mathrm{\&delta;}}^{1/2}\mathrm{\&pi;}\right)}{\mathrm{\&delta;}}$

Promptly get $\frac{1}{2}\mathrm{\&alpha;}\frac{-1+{\mathrm{\&delta;}}^{1/2}\mathrm{\&pi;}\&CenterDot;\coth \left({\mathrm{\&delta;}}^{1/2}\mathrm{\&pi;}\right)}{\mathrm{\&delta;}}$ Estimation as the leak sum.

More than be specific embodiment provided by the invention, those skilled in the art can easily realize this model from the description of this instructions and embodiment.

Fig. 3 is the true issuing process of Windows Vista leak and adopts embodiment of the invention model fitting comparison diagram as a result.

Provide below adopt embodiment of the invention model with adopt other models the prediction effect fitted figure:

Fig. 4 and Fig. 5 select for use respectively has three epacmastic Windows Vista and Windows 98, does the match contrast of AML model and embodiment of the invention model.Fig. 4 is model of the present invention and the AML model fitting figure of Windows Vista, though both fitting results are all effective, but find out obviously that from figure the AML model only simulates the curve of a growth, periodically match is not come out, and embodiment of the invention model successfully simulates a plurality of rise periods in the leak issuing process.

Fig. 5 is embodiment of the invention model and the AML model fitting figure of Windows 98, the same AML model of finding only simulates the propagation process of one of Win98 among the figure, and embodiment of the invention Model Identification goes out a plurality of propagation processs of Win98 leak issue, possesses periodically.

Fig. 6 is to use the fitting result chart of embodiment of the invention model to Windows Xp.As can be seen, embodiment of the invention model also can fine match to the data of monocycle leak issue characteristics among the figure.Therefore, vulnerability model of the present invention all can fine match for the data of multicycle and monocyclic leak issue characteristics.

Be vulnerability model of the present invention below $\mathrm{\&Omega;}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\&Sigma;}}}\frac{\mathrm{\&alpha;}{\sin }^2(\mathrm{\&beta;}\&CenterDot;n+\mathrm{\&phi;})}{n^2+\mathrm{\&delta;}}$ (α〉0, δ〉0) some experimental datas.

Vulnerability model of the present invention is as shown in table 1 for the fitting effect of different software, and each software of testing is represented on Far Left one hurdle, and α, β, Φ, δ represent the value of each parameter, and DF is a degree of freedom, x ²Expression card side coefficient, P-Value represents the ideality of fitting effect, P-Value is more near 1, represents that fitting effect is unreasonable to think that effective value is generally between [0.05,1]; Fit Result represents whether possess validity, and E represents that effectively NE represents invalid; Increase issue greater than 1, represent that then software has the multicycle form to distribute.

System	α	β	φ	δ	DF	x 2	P-value	Fit Result	Increase issue
										Win 95	29330	0.228	1.83	6626	24	3.8852	1	E *	2
Win 98	14246	0.308	6.18	2522	31	12.6077	0.9986	E	3
										Win 2000	26203	0.044	0.004	1148	44	29.9531	0.9476	E	1
Win Me	26420	0.422	1.977	4090	17	8.1979	0.9621	E	2
										Win XP	25973	0.077	0.004	1140	25	31.3901	0.1764	E	1
Win 2003	47300	0.107	0.009	2990	22	12.5105	0.9459	E	1
										Win Vista	3283	0.57	11.28	585	16	9.1044	0.9091	E	3
Win NT4	23325	0.05	0.11	2467	52	57.4922	0.2791	E	1

Table 1: model fitting effect table of the present invention

As seen from Table 1, model of the present invention is for the equal tool validity of each software.Observe half software simultaneously and have multicycle form distribution, fully proved the practicality of the present invention the multicycle notion.

Table 2 is fitting effect contrast tables of model of the present invention and other leak forecast models, the leak data are taken from NVD (the National Vulnerability Database) vulnerability database that NIST (National Insititute of Sandards and Technology, American National Standard and Technical Board) commonly used in the world provides.Wherein: PV represents P-Value; FR represents Fit Result.

Table 2: the present invention, AML, linear model contrast table

As seen from Table 2, the AT model is match Vista system reluctantly only, and is powerless for other system; LM, LP, RE, RQ model only can match be no more than the system of half, and the AML model of main flow still can not match for Win NT4 operating system at present, and the model that the present invention proposes can be tackled all systems, and versatility is stronger.

From the accuracy angle, 75% P-Value value is greater than 0.9 in the model that the present invention proposes, and the AML model only has 25%, illustrates that the fitting effect of model of the present invention is even more ideal, and is more accurate.As seen, for the leak issuing process that possesses the multicycle feature, other model description abilities can descend, and even do not possess descriptive power, and model of the present invention have very strong adaptability.

More than although specific embodiments of the invention and accompanying drawing are disclosed for the purpose of illustration, its purpose is to help to understand content of the present invention and implement according to this, but it will be appreciated by those skilled in the art that: without departing from the spirit and scope of the invention and the appended claims, various replacements, variation and modification all are possible.Therefore, the present invention should not be limited to most preferred embodiment and the disclosed content of accompanying drawing, and the scope of protection of present invention is as the criterion with the scope that claims define.

Claims (14)

1. the method for a forecasting software loophole publish quantities, its step is as follows:

1) extract software leak information in the past by the software vulnerability information extraction modules, described leak information comprises the loophole publish quantities of described software in continuous unit interval;

2) leak information analysis module adopts following software vulnerability model integrating step 1) software that obtains in the past leak information draw model parameter: $\mathrm{\&Omega;}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\&Sigma;}}}\frac{\mathrm{\&alpha;f}\left(n\right)}{g\left(n\right)},$ The loophole publish quantities of Ω (t) in the expression t time; Model parameter α is the software size coefficient, and f (n) is the periodic function greater than 0, and g (n) is the increasing function greater than 0;

3) the leak prediction module receives the input of predicted time section, draws leak quantity in this predicted time section according to above-mentioned model and model parameter.

2. a kind of method as claimed in claim 1 is characterized in that, described f (n)=sin ²(β n+ φ), g (n)=n ^m+ δ, wherein β is a software attention rate coefficient, and φ is an initial compromise publish quantities parameter, and δ is the software development process coefficient, and m is the even number greater than 1.

3. a kind of method as claimed in claim 1 or 2 is characterized in that, described software vulnerability information extraction modules is extracted the leak information of described software by internet or leak database.

4. a kind of method as claimed in claim 1 or 2 is characterized in that described information is with day, week, month unit of being spaced apart.

5. a kind of method as claimed in claim 1 or 2 is characterized in that, t is infinitely great, and gained leak quantity is the leak sum of software issue, and is a fixed value.

6. a kind of method as claimed in claim 1 or 2 is characterized in that, utilizes the optimized parameter of the method acquisition vulnerability model of Chi-square Test.

7. a kind of method as claimed in claim 6 is characterized in that, with least square method computer card side coefficient vulnerability model parameter value hour.

8. the system of a forecasting software loophole publish quantities is characterized in that, described system comprises software vulnerability information extraction modules, leak information analysis module and leak prediction module; Described software vulnerability information extraction modules is used to extract the leak information of software in the continuous time interval issue; Described leak information analysis module is according to software vulnerability model $\mathrm{\&Omega;}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\&Sigma;}}}\frac{\mathrm{\&alpha;f}\left(n\right)}{g\left(n\right)}$ Draw model parameter value in conjunction with above-mentioned leak information; Described leak prediction module receives the input of predicted time section, and draws leak quantity in this predicted time section according to above-mentioned vulnerability model and parameter, wherein, and the loophole publish quantities of Ω (t) in the expression t time; α is the software size coefficient, and f (n) is the periodic function greater than 0, and g (n) is the increasing function greater than 0.

9. a kind of system as claimed in claim 8 is characterized in that described software vulnerability model is $\mathrm{\&Omega;}\left(t\right)=\underset{n=1}{\overset{t}{\mathrm{\&Sigma;}}}\frac{\mathrm{\&alpha;}{\sin }^2(\mathrm{\&beta;}\&CenterDot;n+\mathrm{\&phi;})}{n^m+\mathrm{\&delta;}},$ β is a software attention rate coefficient, and φ is an initial compromise publish quantities parameter, and δ is the software development process coefficient, and m is the even number greater than 1.

10. a kind of as claimed in claim 8 or 9 system is characterized in that, described leak information analysis module comprises a Chi-square Test module, is used to obtain the optimized parameter of vulnerability model.

11. a kind of system as claimed in claim 10 is characterized in that, utilizes parameter value in the least square method computer card side coefficient vulnerability model hour in the described Chi-square Test module.

12. a kind of system as claimed in claim 10 is characterized in that, the software issue leak sum that described system prediction goes out is a fixed value.

13. a kind of system as claimed in claim 10 is characterized in that, described software vulnerability information extraction modules is extracted the leak information of described software by internet or leak database.

14. a kind of system as claimed in claim 10 is characterized in that, the leak information that described software vulnerability information extraction modules is extracted is with day, week, month unit of being spaced apart.

Images