Discovering Useful Patterns In Relationships Between Bugs and Vulnerabilities Using Mining Techniques

Abstract

With every passing day, the world is becoming more and more dependent on software for everyday tasks. Due to increase in usage, software quality and software security has always been a keen interest of researchers. Engineering a system which is secure, best in design and that fulfills the customer’s requirements completely has always been a dream of software engineers. To fulfill this dream, a lot of research is conducted and new techniques are introduced everyday. Despite the increased focus on making systems that have high quality, software is most likely to have some bugs in it. More people depending on systems for their every day tasks means more data being stored on software which is making software more vulnerable. Everyday millions of hackers try to breach security of software, putting data of millions of customers at stake which can cause loss of millions, can compromise company’s position in market and if real time systems are hacked, lives can also be put in danger. Researchers are studying every aspect to make software secure and also to increase software quality because once a software is dispatched, if any bug occurs or any flaw is found it puts the company name at stake. One recent interest of the researchers has been studying different attributes together to find correlation between them. The findings of the research can be used for beneficial purposes. Software bugs are error, fault or failures which can be caused by some misunderstood requirement, design issue or coding mistake that effects software quality whereas software vulnerabilities can be defined as some weakness or flaw left in the system that could be used to breach security of a system. Software bugs and software vulnerabilities are conceptually different but in history, some bugs were seen to be the cause of major vulnerabilities. In this dissertation,we have studied the relationship between software bugs and software Vulnerabilities. We used Association Rule Mining to find co-occurrences of bugs and vulnerabilities in the Google Chromium Project. We studied the two-sided relationship between bugs and vulnerabilities Bug-> Vulnerabilities and Vulnerability-> Bug. We also analyzed the co-occurrences for the patterns that could be used to improve software security. We analyzed the attributes of Bug and Vulnerabilities Bug and Vulnerability Types, Bug and Vulnerability Scores and Bug and Vulnerability Summaries to i find some patterns in the co-occurrences. We attained 35% of the bugs were found to be co-occurring with vulnerabilities whereas 46% of the vulnerabilities were found to be co-occurring with bugs. We also found some patterns that could be used by google chromium team to improve quality and security of the system.