提出了一种多周期漏洞发布预测模型,描述了漏洞发现数量与时间的关系,预测漏洞发布过程.该模型引入周期概念,扩展了原单一增长过程的漏洞发布预测模型,增大了现有模型的适用范围.提出了相关参数的计算方法与初值选取方法,对8个版本的Windows操作系统进行实验分析.结果表明,该模型增加了预测过程的有效性,同时提高了预测结果的准确性.

This paper presents a multi-cycle vulnerability discovery model which shows the vulnerability discovery process and the relationship between the number of vulnerabilities and their release time. The model makes use of a cycle, which expands the scope of old models. A method is proposed to compute the parameters of this model to fit the discover process of the target software. Different rules are also given to find the initial values. Experiments are made on eight Windows operating systems. The results show that this model is more effective and more accurate than current models.

Supported by the National Natural Science Foundation of China under Grant Nos.60703076, 60970028 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant Nos.2006AA01Z412, 2007AA01Z451, 2007AA01Z475, 2007AA01Z465, 2007AA01A414