Zero-day vulnerabilities continue to be a threat as they are unknown to vendors; when attacks occur, vendors have zero days to provide remedies. New techniques for the detection of zero-day vulnerabilities on software systems are being developed but they have their own limitations; e.g., anomaly detection techniques are prone to false alarms. To better protect software systems, it is also important to understand the relationship between vulnerabilities and their patterns over a period of time. The mining of trends and patterns of vulnerabilities is useful because it can help software vendors prepare solutions ahead of time for vulnerabilities that may occur in a software application. In this paper, we investigate the use of historical patterns of vulnerabilities in order to predict future vulnerabilities in software applications. In addition, we examine whether the trends of vulnerabilities in software applications have any significant meaning or not. We use the National Vulnerability Database (NVD) as the main resource of vulnerabilities in software applications. We mine vulnerabilities of the last six years from 2009 to 2014 from NVD. Our results show that sequences of the same vulnerabilities (e.g., buffer errors) may occur 150 times in a software product. Our results also depict that the number of SQL injection vulnerabilities have decreased in the last six years while cryptographic vulnerabilities have seen an important increase. However, we have not found any statistical significance in the trends of the occurrence of vulnerabilities over time. The most interesting finding is that the sequential patterns of vulnerability events follow a first order Markov property; that is, we can predict the next vulnerability by using only the previous vulnerability with a recall of approximately 80% and precision of around 90%.

• 出版日期2016-7