Please use this identifier to cite or link to this item:
Title: Time Series Forecasting of Software Vulnerabilities Using Statistical and Deep Learning Models
Authors: Kalouptsoglou, Ilias
Tsoukalas, Dimitrios
Siavvas, Miltiadis
Kehagias, Dionysios
Chatzigeorgiou, Alexander
Ampatzoglou, Apostolos
Type: Article
Subjects: FRASCATI::Natural sciences::Computer and information sciences
Keywords: software vulnerabilities
time series
deep learning
Issue Date: 2022
Source: Electronics
Volume: 11
Issue: 18
First Page: 2820
Abstract: Software security is a critical aspect of modern software products. The vulnerabilities that reside in their source code could become a major weakness for enterprises that build or utilize these products, as their exploitation could lead to devastating financial consequences. Therefore, the development of mechanisms capable of identifying and discovering software vulnerabilities has recently attracted the interest of the research community. Besides the studies that examine software attributes in order to predict the existence of vulnerabilities in software components, there are also studies that attempt to predict the future number of vulnerabilities based on the already reported vulnerabilities of a project. In this paper, the evolution of vulnerabilities in a horizon of up to 24 months ahead is predicted using a univariate time series forecasting approach. Both statistical and deep learning models are developed and compared based on security data coming from five popular software projects. In contrast to related literature, the results indicate that the capacity of Deep Learning and statistical models in forecasting the evolution of software vulnerabilities, as well as the selection of the best-performing model, depends on the respective software project. In some cases, statistical models provided better accuracy, whereas in other cases, Deep Learning models demonstrated better predictive power. However, the difference in their performance was not found to be statistically significant. In general, the two model categories produced similar forecasts for the number of vulnerabilities expected in the future, without significant diversities.
ISSN: 2079-9292
Other Identifiers: 10.3390/electronics11182820
Appears in Collections:Department of Applied Informatics

Files in This Item:
File Description SizeFormat 
kalouptsoglou2022ele.pdf993,04 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.