A Survey on Data-driven Software Vulnerability Assessment and Prioritization

被引:14
|
作者
Le, Triet H. M. [1 ]
Chen, Huaming [1 ]
Babar, M. Ali [1 ,2 ]
机构
[1] Univ Adelaide, CREST Ctr Res Engn Software Technol, Adelaide, SA, Australia
[2] Cyber Secur Cooperat Res Ctr, Joondalup, Australia
来源
ACM COMPUTING SURVEYS | 2023年 / 55卷 / 05期
关键词
Software vulnerability; Vulnerability assessment and prioritization; NEURAL-NETWORKS; SEVERITY; CLASSIFICATION; FRAMEWORK; PATTERNS; TIME;
D O I
10.1145/3529757
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.
引用
下载
收藏
页数:39
相关论文
共 50 条
  • [31] Data-driven Communicative Behaviour Generation: A Survey
    Oralbayeva, Nurziya
    Aly, Amir
    Sandygulova, Anara
    Belpaeme, Tony
    ACM TRANSACTIONS ON HUMAN-ROBOT INTERACTION, 2024, 13 (01)
  • [32] A Survey on Data-Driven Approaches in Educational Games
    Hooshyar, Danial
    Lee, Chanhee
    Lim, Heuiseok
    PROCEEDINGS OF 2016 2ND INTERNATIONAL CONFERENCE ON SCIENCE IN INFORMATION TECHNOLOGY (ICSITECH) - INFORMATION SCIENCE FOR GREEN SOCIETY AND ENVIRONMENT, 2016, : 291 - 295
  • [33] Data-driven Crowd Modeling Techniques: A Survey
    Zhong, Jinghui
    Li, Dongrui
    Huang, Zhixing
    Lu, Chengyu
    Cai, Wentong
    ACM TRANSACTIONS ON MODELING AND COMPUTER SIMULATION, 2022, 32 (01):
  • [34] Data-Driven Computational Social Science: A Survey
    Zhang, Jun
    Wang, Wei
    Xia, Feng
    Lin, Yu-Ru
    Tong, Hanghang
    BIG DATA RESEARCH, 2020, 21
  • [35] Data-Driven Cybersecurity Incident Prediction: A Survey
    Sun, Nan
    Zhang, Jun
    Rimba, Paul
    Gao, Shang
    Zhang, Leo Yu
    Xiang, Yang
    IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2019, 21 (02): : 1744 - 1772
  • [36] Data-driven simulation in fluids animation: A survey
    Qian CHEN
    Yue WANG
    Hui WANG
    Xubo YANG
    虚拟现实与智能硬件(中英文), 2021, 3 (02) : 87 - 104
  • [37] Data-driven personalisation of television content: a survey
    Lyndon Nixon
    Jeremy Foss
    Konstantinos Apostolidis
    Vasileios Mezaris
    Multimedia Systems, 2022, 28 : 2193 - 2225
  • [38] Bayesian Network analysis of software logs for data-driven software maintenance
    del Rey, Santiago
    Martinez-Fernandez, Silverio
    Salmeron, Antonio
    IET SOFTWARE, 2023, 17 (03) : 268 - 286
  • [39] Extending data-driven model of software with software change request service
    Stojanov, Zeljko
    Dobrilovic, Dalibor
    Stojanov, Jelena
    ENTERPRISE INFORMATION SYSTEMS, 2018, 12 (8-9) : 982 - 1006
  • [40] A novel approach to evaluate software vulnerability prioritization
    Huang, Chien-Cheng
    Lin, Feng-Yu
    Lin, Frank Yeong-Sung
    Sun, Yeali S.
    JOURNAL OF SYSTEMS AND SOFTWARE, 2013, 86 (11) : 2822 - 2840
12345