{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T12:05:59Z","timestamp":1743077159595,"version":"3.40.3"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319694702"},{"type":"electronic","value":"9783319694719"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-69471-9_21","type":"book-chapter","created":{"date-parts":[[2017,10,20]],"date-time":"2017-10-20T10:03:44Z","timestamp":1508493824000},"page":"280-290","source":"Crossref","is-referenced-by-count":2,"title":["Predicting Vulnerable Software Components Using Software Network Graph"],"prefix":"10.1007","author":[{"given":"Shengjun","family":"Wei","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaojiang","family":"Du","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Changzhen","family":"Hu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chun","family":"Shan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,10,21]]},"reference":[{"key":"21_CR1","doi-asserted-by":"crossref","unstructured":"Liang, S., Du, X.: Permission-combination-based scheme for android mobile malware detection. In: Proceedings of the IEEE ICC 2014, Sydney, Australia (2014)","DOI":"10.1109\/ICC.2014.6883666"},{"key":"21_CR2","doi-asserted-by":"crossref","unstructured":"Du, X., Rozenblit, M., Shayman, M.: Implementation and performance analysis of SNMP on a TLS\/TCP base. In: 7th IFIP\/IEEE International Symposium on Integrated Network Management, Seattle, WA, pp. 453\u2013466 (2001)","DOI":"10.1109\/INM.2001.918059"},{"issue":"2","key":"21_CR3","doi-asserted-by":"crossref","first-page":"662","DOI":"10.1109\/TWC.2009.071278","volume":"8","author":"Y Xiao","year":"2009","unstructured":"Xiao, Y., Chen, H., Du, X., Guizani, M.: Stream-based cipher feedback mode in wireless error channel. IEEE Trans. Wireless Commun. 8(2), 662\u2013666 (2009)","journal-title":"IEEE Trans. Wireless Commun."},{"issue":"10","key":"21_CR4","doi-asserted-by":"crossref","first-page":"3693","DOI":"10.1109\/JSEN.2013.2266116","volume":"13","author":"X Yao","year":"2013","unstructured":"Yao, X., Han, X., Du, X., Zhou, X.: A lightweight multicast authentication mechanism for small scale IoT applications. IEEE Sens. J. 13(10), 3693\u20133701 (2013)","journal-title":"IEEE Sens. J."},{"key":"21_CR5","doi-asserted-by":"crossref","unstructured":"Cheng, Y., Fu, X., Du, X., Luo, B., Guizani, M.: A lightweight live memory forensic approach based on hardware virtualization, vol. 379, pp. 23\u201341. Elsevier Information Sciences (2017)","DOI":"10.1016\/j.ins.2016.07.019"},{"key":"21_CR6","doi-asserted-by":"crossref","unstructured":"Fu, X., Graham, B., Bettati, R., Zhao, W.: On countermeasures to traffic analysis attacks. In: 4th IEEE SMC Information Assurance Workshop (2003)","DOI":"10.1109\/SMCSIA.2003.1232420"},{"issue":"4","key":"21_CR7","doi-asserted-by":"crossref","first-page":"1245","DOI":"10.1109\/TNET.2011.2178036","volume":"20","author":"Z Ling","year":"2012","unstructured":"Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell counting based attack against tor. IEEE\/ACM Trans. Network. (ToN) 20(4), 1245\u20131261 (2012)","journal-title":"IEEE\/ACM Trans. Network. (ToN)"},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., Zhao, W.: Blind recognition of touched keys on mobile devices. In: 21st ACM Conference on Computer and Communications Security, Scottsdale, Arizona, USA (2014)","DOI":"10.1145\/2660267.2660288"},{"key":"21_CR9","doi-asserted-by":"crossref","unstructured":"Qian, Y., Moayeri, N.: Design of secure and application-oriented VANETs. In: Proceedings of IEEE VTC2008-Spring, Singapore (2008)","DOI":"10.1109\/VETECS.2008.610"},{"issue":"9","key":"21_CR10","doi-asserted-by":"crossref","first-page":"1632","DOI":"10.1109\/TPDS.2012.53","volume":"23","author":"J Zhou","year":"2012","unstructured":"Zhou, J., Hu, R., Qian, Y.: Scalable distributed communication architectures to support advanced metering infrastructure in smart grid. IEEE Trans. Parallel Distrib. Syst. 23(9), 1632\u20131642 (2012)","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"issue":"6","key":"21_CR11","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1109\/MCOM.2014.6829950","volume":"52","author":"L Wei","year":"2014","unstructured":"Wei, L., Hu, R., Qian, Y., Wu, G.: Enabling device-to-device communications underlaying cellular networks: challenges and research aspects. IEEE Commun. 52(6), 90\u201396 (2014)","journal-title":"IEEE Commun."},{"key":"21_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1007\/978-3-642-22655-7_10","volume-title":"ECOOP 2011 \u2013 Object-Oriented Programming","author":"C Taube-Schock","year":"2011","unstructured":"Taube-Schock, C., Walker, R.J., Witten, I.H.: Can we avoid high coupling? In: Mezini, M. (ed.) ECOOP 2011. LNCS, vol. 6813, pp. 204\u2013228. Springer, Heidelberg (2011). doi: 10.1007\/978-3-642-22655-7_10"},{"key":"21_CR13","volume-title":"Building Secure Software","author":"J Viega","year":"2002","unstructured":"Viega, J., Mcgraw, G.: Building Secure Software. Addison-Wesley, Boston (2002)"},{"key":"21_CR14","doi-asserted-by":"crossref","unstructured":"Morrison, P., Herzig, K., Murphy, B., Williams, L.: Challenges with applying vulnerability prediction models. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security. ACM-Association for Computing Machinery (2015)","DOI":"10.1145\/2746194.2746198"},{"issue":"6","key":"21_CR15","doi-asserted-by":"crossref","first-page":"772","DOI":"10.1109\/TSE.2010.81","volume":"37","author":"Y Shin","year":"2011","unstructured":"Shin, Y., Meneely, A., Williams, L., Osborne, J.A.: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Softw. Eng. 37(6), 772\u2013787 (2011)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"3","key":"21_CR16","doi-asserted-by":"crossref","first-page":"294","DOI":"10.1016\/j.sysarc.2010.06.003","volume":"57","author":"I Chowdhury","year":"2011","unstructured":"Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Archit. 57(3), 294\u2013313 (2011)","journal-title":"J. Syst. Archit."},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Zimmermann, T., Nagappan, N., Williams, L.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: Software Testing, Verification and Validation (ICST), pp. 421\u2013428. IEEE (2010)","DOI":"10.1109\/ICST.2010.32"},{"key":"21_CR18","doi-asserted-by":"crossref","unstructured":"Shin, Y., Williams, L.: Is complexity really the enemy of software security? In: Proceedings of the ACM Workshop Quality Protection, pp. 47\u201350 (2008)","DOI":"10.1145\/1456362.1456372"},{"key":"21_CR19","first-page":"444","volume":"2143","author":"N Fenton","year":"2001","unstructured":"Fenton, N., Krause, P., Neil, M.: A probabilistic model for software defect prediction. IEEE Trans. Softw. Eng. 2143, 444\u2013453 (2001)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"21_CR20","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1016\/S0164-1212(00)00086-8","volume":"56","author":"K Emam","year":"2001","unstructured":"Emam, K., Melo, W., Machado, J.C.: The prediction of faulty classes using object-oriented design metrics. J. Syst. Softw. 56, 63\u201375 (2001)","journal-title":"J. Syst. Softw."},{"key":"21_CR21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/S0164-1212(02)00024-9","volume":"65","author":"G Succi","year":"2003","unstructured":"Succi, G., Pedrycz, W., Stefanovic, M., Miller, J.: Practical assessment of the models for identification of defect-prone classes in object-oriented commercial systems using design metrics. J. Syst. Softw. 65, 1\u201312 (2003)","journal-title":"J. Syst. Softw."},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Shin, Y., Williams, L.: An empirical model to predict security vulnerabilities using code complexity metrics. In: Proceedings of the International Symposium Empirical Software Engineering and Measurement, pp. 315\u2013317 (2008)","DOI":"10.1145\/1414004.1414065"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Shin, Y., Williams, L.: An initial study on the use of execution complexity metrics as indicators of software vulnerabilities. In: SESS 2011, Waikiki, Honolulu, HI, USA (2011)","DOI":"10.1145\/1988630.1988632"},{"key":"21_CR24","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/s10664-011-9190-8","volume":"18","author":"Y Shin","year":"2013","unstructured":"Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empir. Softw. Eng. 18, 25\u201359 (2013)","journal-title":"Empir. Softw. Eng."},{"key":"21_CR25","doi-asserted-by":"crossref","unstructured":"Zimmermann, T., Nagappan, N., Williams, L.: Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: Third International Conference on Software Testing, Verification and Validation (ICST), pp. 421\u2013428. IEEE (2010)","DOI":"10.1109\/ICST.2010.32"},{"key":"21_CR26","doi-asserted-by":"crossref","unstructured":"Nguyen, V.H., Tran, L.M.S.: Predicting vulnerable software components with dependency graphs. In: MetriSec2010, Bolzano-Bozen, Italy (2010)","DOI":"10.1145\/1853919.1853923"},{"key":"21_CR27","doi-asserted-by":"crossref","first-page":"294","DOI":"10.1016\/j.sysarc.2010.06.003","volume":"57","author":"I Chowdhury","year":"2011","unstructured":"Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Architect. 57, 294\u2013313 (2011)","journal-title":"J. Syst. Architect."},{"key":"21_CR28","doi-asserted-by":"crossref","unstructured":"Neuhaus S., Zimmermann T., Holler C., Zeller A.: Predicting vulnerable software components. In: CCS\u201907, pp. 529\u2013540 (2007)","DOI":"10.1145\/1315245.1315311"},{"issue":"10","key":"21_CR29","doi-asserted-by":"crossref","first-page":"993","DOI":"10.1109\/TSE.2014.2340398","volume":"40","author":"R Scandariato","year":"2014","unstructured":"Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Trans. Softw. Eng. 40(10), 993\u20131006 (2014)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Walden, J., Stuckman, J., Scandariato, R.: Predicting vulnerable components: software metrics vs text mining. In: IEEE 25th International Symposium on Software Reliability Engineering, pp. 23\u201333 (2014)","DOI":"10.1109\/ISSRE.2014.32"},{"key":"21_CR31","doi-asserted-by":"crossref","unstructured":"Jimenez, M., Papadakis, M., Traon, Y.L.: Vulnerability prediction models: a case study on the linux kernel. In: IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 1\u201310 (2016)","DOI":"10.1109\/SCAM.2016.15"},{"key":"21_CR32","unstructured":"Mozilla Foundation Security Advisories. https:\/\/www.mozilla.org\/en-US\/security\/known-vulnerabilities\/ . Accessed July 2017"},{"key":"21_CR33","unstructured":"Doxygen. http:\/\/www.doxygen.org . Accessed July 2017"},{"key":"21_CR34","unstructured":"WeKa. http:\/\/www.cs.waikato.ac.nz\/ml\/weka\/ . Accessed July 2017"}],"container-title":["Lecture Notes in Computer Science","Cyberspace Safety and Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-69471-9_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,4]],"date-time":"2019-10-04T19:36:51Z","timestamp":1570217811000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-69471-9_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319694702","9783319694719"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-69471-9_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}