Journal:
Computers and Industrial Engineering. 2024.
Authors:
Gelenbe E, Nakip M, Siavvas M.
Abstract:
In software systems comprised of many interconnected components, the vulnerability of each component will affect the vulnerability of other components and of the system as a whole. Existing techniques allow the quantification of the vulnerability of individual components taken singly, but the assessment of their vulnerability when they are interconnected or interdependent remains a challenge. The present work addresses this problem with a novel System-Wide Vulnerability Assessment (SWVA) framework for interconnected software components, based on an Associated Random Neural Network (ARNN) that estimates the system-wide vulnerability of all software components from known local vulnerabilities of individual components, and from their interconnections.
The ARNN uses a problem-specific weight initialization, and learns from existing software system examples with a gradient-based deep learning algorithm. The ARNN is then used to assess the vulnerability of hitherto unseen software systems. The performance of the proposed ARNNbased SWVA framework is evaluated and compared against several wellknown machine learning techniques on 13 different versions of a real-world software system with up to 11 components. The experimental results show the superior performance of the ARNN achieving above 85% median accuracy and good high scalability with respect to the number of connected software components.