Document Type: Original Article
Computer Engineering Group, Engineering Campus, Yazd University, Yazd, Iran
Prediction of software vulnerabilities-severity is of particular importance. Its most important application is that managers can first deal with the most dangerous vulnerabilities when they have limited resources. This research shows how we can use the former patterns of software vulnerabilities-severity along with machine learning methods to predict the vulnerabilities severity of that software in the future. In this regard, we used the SVM, Decision Trees (DT), Random Forests (RF), K Nearest Neighbors (KNN), bagging and AdaBoost algorithms along with the already reported vulnerabilities of Google Android applications, Apple Safari and the Flash Player. The experimental results showed that the Bagging algorithm can predict Google Android vulnerability with accuracy of 78.21% and f1-measure equal to 77%, the vulnerability of the Flash Player software with accuracy of 82.37% and f1-measure equal to 87.73% and predict the vulnerability severity of the Apple Safari with accuracy of 70.58% and f1-measure equal to 70%. The novelty of this research is introduction of a new method for prediction of software vulnerabilities severity.