Dataset: Adaptive Modelling for Security Vulnerability Propagation

This dataset was used to construct and simulate the security vulnerability propagation model in the study entitled: Adaptive Modelling for Security Vulnerability Propagation to Predict the Impact of Business Process Redesign. In this study, we used six business process redesign (BPR) case studies that occurred in Magento 2.1 to 2.2 and Magento 2.2 to 2.3. This dataset was used as input for the propagation modelling of information security vulnerabilities. We have 11 datasets representing the Magento business process models from Magento 2.1, 2.2, and 2.3, their vulnerability data, and their relation with application modules. In Magento 2.1 to 2.2, BPR occurred in the processes of managing consumer accounts, managing communication channels, and managing payments. The dataset on the first and second sheets relates to the process of managing consumer accounts in Magento 2.1 and 2.2. The dataset on the third and fourth sheets relates to the process of managing communication channels in Magento 2.1 and 2.2. Meanwhile, the dataset on the fifth and sixth sheets relates to the process of managing payments in Magento 2.1 and 2.2. In the upgrade from Magento 2.2 to 2.3, BPR appeared in managing payments, inventory, and shipping. The dataset on the sixth and seventh sheets relates to the process of managing payments in Magento 2.2 and 2.3. The eighth and ninth sheets dataset relates to the process of managing inventory in Magento 2.2 and 2.3. Meanwhile, the dataset on the tenth and eleventh sheets relates to the process of managing shipping in Magento 2.2 and 2.3. Each dataset contains a list of tasks (Task ID and Task Name column) that make up the Magento business process model. Tasks can be under a process (Process Name column) or a sub-process (Sub Process column). Data for each task is accompanied by the task type (Task Type column) and the task vulnerabilities. Task vulnerabilities are expressed by the CWE ID (Task Vuln column). The vulnerability scores consist of the score for each CWE (Task Vuln Score column) and the maximum score for each task (Max Task Score column). These vulnerability data were obtained from the results of the previous study entitled: Information Security Vulnerability Prediction Based On Business Process Model Using Machine Learning Approach. Each task is also accompanied by the next task (Next Task column) that follows so it can be used to form a series of business process models. Each task is also accompanied by a related module (Related Module ID and Related Module column) along with module vulnerability data. Module vulnerability data consists of two types, the predicted score (Max Predict column) and materialized score (Module Exploited Vuln Score) based on Magento CVE vulnerability data from the National Vulnerability Database (NVD).

本研究采用该数据集构建并模拟了名为《适应型建模以预测业务流程重构影响的安全漏洞传播模型》的研究中的安全漏洞传播模型。在该研究中，我们选取了发生在 Magento 2.1 至 2.2 以及 Magento 2.2 至 2.3 之间的六项业务流程重构（BPR）案例进行深入分析，并将该数据集作为信息安全漏洞传播建模的输入。本数据集包含11个数据集，分别代表 Magento 2.1、2.2 和 2.3 的业务流程模型、其漏洞数据及其与应用模块的关系。在 Magento 2.1 至 2.2 的升级过程中，BPR 发生在消费者账户管理、通信渠道管理以及支付管理等方面。位于首尾两页的数据集与 Magento 2.1 和 2.2 的消费者账户管理流程相关，位于第三至第四页的数据集与 Magento 2.1 和 2.2 的通信渠道管理流程相关，而位于第五至第六页的数据集则与 Magento 2.1 和 2.2 的支付管理流程相关。在从 Magento 2.2 升级至 2.3 的过程中，BPR 出现在支付管理、库存管理和物流管理等方面。位于第六至第七页的数据集与 Magento 2.2 和 2.3 的支付管理流程相关，第八至第九页的数据集与 Magento 2.2 和 2.3 的库存管理流程相关，而位于第十至第十一页的数据集则与 Magento 2.2 和 2.3 的物流管理流程相关。 每个数据集均包含一组任务（任务ID和任务名称列），这些任务构成了 Magento 业务流程模型。任务可归类于流程（流程名称列）或子流程（子流程列）。每个任务的相应数据包括任务类型（任务类型列）和任务漏洞。任务漏洞以 CWE ID（任务漏洞列）表示。漏洞评分包括每个 CWE 的评分（任务漏洞评分列）以及每个任务的最高评分（最大任务评分列）。这些漏洞数据来源于先前研究《基于业务流程模型和机器学习方法的网络安全漏洞预测》的结果。每个任务还附有后续任务（后续任务列），以便形成一系列业务流程模型。每个任务还附有相关模块（相关模块ID和相关模块列）及其模块漏洞数据。模块漏洞数据包括两种类型，基于 Magento CVE 漏洞数据的国家漏洞数据库（NVD）的预测评分（最大预测列）和实际评分（模块已利用漏洞评分）。 （原文：This dataset was used to construct and simulate the security vulnerability propagation model in the study entitled: Adaptive Modelling for Security Vulnerability Propagation to Predict the Impact of Business Process Redesign. In this study, we used six business process redesign (BPR) case studies that occurred in Magento 2.1 to 2.2 and Magento 2.2 to 2.3. This dataset was used as input for the propagation modelling of information security vulnerabilities. We have 11 datasets representing the Magento business process models from Magento 2.1, 2.2, and 2.3, their vulnerability data, and their relation with application modules. In Magento 2.1 to 2.2, BPR occurred in the processes of managing consumer accounts, managing communication channels, and managing payments. The dataset on the first and second sheets relates to the process of managing consumer accounts in Magento 2.1 and 2.2. The dataset on the third and fourth sheets relates to the process of managing communication channels in Magento 2.1 and 2.2. Meanwhile, the dataset on the fifth and sixth sheets relates to the process of managing payments in Magento 2.1 and 2.2. In the upgrade from Magento 2.2 to 2.3, BPR appeared in managing payments, inventory, and shipping. The dataset on the sixth and seventh sheets relates to the process of managing payments in Magento 2.2 and 2.3. The eighth and ninth sheets dataset relates to the process of managing inventory in Magento 2.2 and 2.3. Meanwhile, the dataset on the tenth and eleventh sheets relates to the process of managing shipping in Magento 2.2 and 2.3. Each dataset contains a list of tasks (Task ID and Task Name column) that make up the Magento business process model. Tasks can be under a process (Process Name column) or a sub-process (Sub Process column). Data for each task is accompanied by the task type (Task Type column) and the task vulnerabilities. Task vulnerabilities are expressed by the CWE ID (Task Vuln column). The vulnerability scores consist of the score for each CWE (Task Vuln Score column) and the maximum score for each task (Max Task Score column). These vulnerability data were obtained from the results of the previous study entitled: Information Security Vulnerability Prediction Based On Business Process Model Using Machine Learning Approach. Each task is also accompanied by the next task (Next Task column) that follows so it can be used to form a series of business process models. Each task is also accompanied by a related module (Related Module ID and Related Module column) along with module vulnerability data. Module vulnerability data consists of two types, the predicted score (Max Predict column) and materialized score (Module Exploited Vuln Score) based on Magento CVE vulnerability data from the National Vulnerability Database (NVD).）