System-wide vulnerability of multi-component software
| Author | Gelenbe E.; Nakip M.; Siavvas M. |
|---|---|
| Title | System-wide vulnerability of multi-component software |
| Journal | Computers & Industrial Engineering |
| Year | 2024 |
| Status | Published |
| Volume | 196 |
| DOI | 10.1016/j.cie.2024.110453 |
| Abstract | <p>In software systems comprised of many interconnected components, the vulnerability of each component will affect the vulnerability of other components and of the system as a whole. Existing techniques allow the quantification of the vulnerability of individual components taken singly, but the assessment of their vulnerability when they are interconnected or interdependent remains a challenge. The present work addresses this problem with a novel System-Wide Vulnerability Assessment (SWVA) framework for interconnected software components, based on an Associated Random Neural Network (ARNN) that estimates the system-wide vulnerability of all software components from known local vulnerabilities of individual components, and from their interconnections. The ARNN uses a problem-specific weight initialization, and learns from existing software system examples with a gradient-based deep learning algorithm. The ARNN is then used to assess the vulnerability of hitherto unseen software systems. The performance of the proposed ARNN-based SWVA framework is evaluated and compared against several well-known machine learning techniques on 13 different versions of a real-world software system with up to 11 components. The experimental results show the superior performance of the ARNN achieving above 85% median accuracy and good high scalability with respect to the number of connected software components.</p> |