Software structure characteristic measurement method based on weighted network

Computer Networks 152 (2019) 178–185

Contents lists available at ScienceDirect

Computer Networks journal homepage: www.elsevier.com/locate/comnet

Software structure characteristic measurement method based on weighted network Chun Shan a,∗, Shanshan Mei a, Changzhen Hu a, Liyuan Liu a, Limin Mao b a

Beijing Key Laboratory of Software Security Engineering Technology, School of Computer Science & Technology, Beijing Institute of Technology, Beijing 100081, China b Academy of Intelligent Collaborative Cloud System, China Aerospace Science and Industry Corporation Limited, Beijing 100048, China

a r t i c l e

i n f o

Article history: Received 6 August 2018 Revised 22 December 2018 Accepted 28 January 2019 Available online 13 February 2019 Keywords: Software quality Reliability Security Software measurement Weighted network Structural complexity

a b s t r a c t The function and quality of software is closely linked to its structure. One of the ways to study the structural features of software is the idea of applying complex networks. Software is abstracted into various network models for the purpose of study. Eigenvalues and additional parameters are then extracted from the model. Analyzing the characteristics and performance of the software by measuring the structural characteristics of the software and implementing a basic evaluation of the reliability and security of software. Due to the limitations of traditional measurement methods and most of the current measurement methods are software-based unprivileged networks, the unprivileged networks neglect the differences in the connection relationships in the software and their important attributes (coupling, aggregation). This paper will construct a directed weighted network model of software, and use this network model as a basis to redefine the calculation method of node connectivity, improve the calculation method of the node’s degree of ripple, and then obtain the system’s average degree of ripple as a measurement index. After experimental verification, the proposed method can more effectively quantify the structure of the software orderly and complex and make the evaluation of software features more accurate. © 2019 Elsevier B.V. All rights reserved.

1. Introduction With the development of this era, software has gradually evolved into a network-based architecture. The scale and complexity of software systems are increasing every day and the application environment is becoming increasingly complex. As a result, the risk of software development is also increasing. The quality of software products cannot be effectively controlled and managed. Traditional software engineering approaches the limits of its complexity [1]. In long-term engineering practice, software developers have gradually realized that for large-scale complex software systems, there is a very close relationship between the quality and security of software, and its structure. Therefore, how to build a good structure in the design of a software system and how to measure the structure in the software system maintenance are important factors. These issues have always been a focus of research in the field of software engineering. The current measurement methods are mostly based on directed unprivileged networks or undirected

and privileged networks [2]. On the basis of unprivileged networks, parameters such as degree of nodes, distance between nodes, aggregation coefficient and correlation coefficient are used as metrics to measure complexity of the software system. Based on the idea of a complex network, this paper carries out weighting operation based on the directed network model of software, obtains a directed weighted network to describe the software system, provides basis for algebraic representation of software, and utilizes software’s directed weighted network as a basis. Improvement of the structural ordering of software and measuring of the complexity of the structure is the expected outcome. It is expected that through a more comprehensive description of the software system, the structural characteristics of the software system can be more accurately measured, thus achieving reliability for the software [3] and the basic assessment of security [4]; according to the measurement results that guide the process of structural optimization and flaw detection of software. 2. Related work

∗

Corresponding author. E-mail addresses: [email protected] (C. Shan), [email protected] (S. Mei), [email protected] (C. Hu), [email protected] (L. Liu), [email protected] (L. Mao). https://doi.org/10.1016/j.comnet.2019.01.037 1389-1286/© 2019 Elsevier B.V. All rights reserved.

The premise of software structure measurement and evaluation is that the software structure information needs to be reasonably described and effectively quantified [5,6]. The traditional software measurement method focuses on starting from a single module,

C. Shan, S. Mei and C. Hu et al. / Computer Networks 152 (2019) 178–185

ignoring the integrity of the software system structure and instead focusing on the microscopic statistics, lacking a global and overall measurement of the software structure. However, computer software, as a class of complex systems, the system (topology) structure will inevitably affect its performance, quality, and functionality. In recent years, considerable progress has been made into the study of complex networks [7–10]. Their theories, techniques, methods, and results provide new tools for studying the structure and behavioral complexity of software systems from an overall and global perspective. The traditional software structure measurement methods include McCabe’s circular complexity measure method based on control flow [11], Halstead’s text complexity measure method [12] and so on. After the 1990s, object-oriented technology developed rapidly, and measurement methods for object-oriented software systems have gradually been proposed. The classical measurement methods include Chidamber and Kemerer’s C&K measurement method based on inheritance trees [13]. The proposed MOOD measurement method [14] and so on. However, with the increasing scale of software, the function of software is more and more complicated and cumbersome. The traditional measurement method of software structure characteristics has shown certain limitations. For example, Halstead measurement method is mainly for text complexity; McCabe measurement method mainly for the structural complexity of structured programs; C&K metrics and MOOD metrics are mainly for the complexity of abstract data type units for object-oriented programming. They take more consideration of the measurement of the software’s internal structural properties, ignoring the external features of the software structure. In this paper, based on the study of the macro topological features of software, the internal structure of the software and from the external attributes of the software, a software measurement system is established. 3. Software structure characteristic measurement method 3.1. Method overview This paper mainly studies the orderliness and complexity of software. The research process is divided into two steps. The first step is to abstract and describe the software. This paper focuses on the object-oriented software system, and the selected network model is a directed weighted network. Object-oriented software system are abstractly described at the class level, that is, classes are abstracted as nodes, and relationships between different classes are abstracted as edges between different nodes, according to the degree of coupling, different relationships are represented in software networks [15], the directional edges are given different weights to get the software’s directed weighted network. The second step is to measure the structural characteristics of the software system according to the network model, and to realize the evaluation of the reliability and security of the software. For a given software system, the directed weighted network of the software system is obtained, and then its structural characteristics are measured. The operation flow of the specific operation is as shown in Fig. 1.

179

3.2. Order measurement method based on structural entropy Claude Elwood Shannon, the father of information theory, draws on the concept of thermodynamics, defines information entropy as the probability of occurrence of discrete random events, and proposes mathematical expressions for calculating information entropy, i.e. H (x ) = E[1(xi )] = E[log(2, 1/p(xi ))] =  − p(xi ) log(2, p(xi ))(i = 1, 2, · · · , n ), p(x) representing the output probability function. It can be concluded from the calculation formula that the greater the uncertainty of a variable, the larger its entropy value will be, which means that more information is needed to determine it, and the more chaotic the system is, vice versa. Therefore, information entropy can also be seen as a measure of system ordering. At present, many scholars have defined the structural entropy of the system according to Shannon’s information which is used to evaluate the order degree and complexity of the system organization structure, and provide a basis for structural optimization and improvement. In order to eliminate the influence of the number of nodes on the standard entropy, Tan et al. proposed the standard structure entropy [16]. In the field of software engineering, Li et al. [17] analyzed the orderliness of the relative scale of software static networks based on the standard structural entropy bias rate. Zhang et al. [18] used metrics based on information entropy and attacks to measure software security. Through using information entropy calculation methods, the threat assessments were performed on various resources of the software attack surface to obtain targeted quantified weights of threat indicators. Based on the directional weighted network model of software, this paper redefines the calculation method of the node’s connection degree, proposes the node’s degree of inheritance as the measurement index, and calculates the structural entropy of the software network to quantify and analyze the structure of the software system. The order degree forms a measure of the orderliness of the software structure. As shown in Fig. 2. According to the content above, the software metric values are obtained by abstracting and describing the software. The specific steps are as follows: In order to eliminate the effect of system size (number of classes) on structural order, a new parameter definition is introduced as R = 1 − E/Emax (0 ≤ R < 0.5 ). (1) Calculate the total value of the degree of connectivity and the degree of inheritance respectively:

P=

n i=1

pi , A =

n i=1

ai

(a) The degree of node connection The degree of node connection is an important parameter in the study of complex networks, as it can portray the importance of a node in the network and reflect the structural characteristics of whether the network is evenly distributed. Through a lot of research and expert scoring and experience, the weighting rules for the specific weights given to each relationship are shown in Table 1 below. In this paper, the degree of connection of the nodes is defined according to the weights of the edges of the directed weighted network of the software.

Fig. 1. Operation flow chart.

180

C. Shan, S. Mei and C. Hu et al. / Computer Networks 152 (2019) 178–185

Fig. 2. The metrics process of software structure order.

Table 1 Empowerment rules. Relationship name

Weights

Remarks

Dependency Connection relation Aggregation relationship Combination relationship Inheritance relationship Realize relationship

A B C− C+ D E

Strong aggregation Extends Implements

The degree of connection of a node is the sum of the weights of all directed edges directly connected to the node. Here, the degree of connection of node i is represented by pi . (b) The degree of node inheritance The degree of node connection of is mainly used to measure the horizontal relationship between the classes in an object-oriented software system and its associated classes, while the degree of inheritance reflects the orderliness of classes in the vertical level, that is, in the inheritance relationship. The degree of succession of the node is the depth value of the node in the inheritance tree. The degree of inheritance of node i is represented by ai . (2) Calculate the maximum entropy separately:

Emax 1 = ln P, Emax 2 = ln A (a) The general definition of the structural entropy of a software system assumes that in the subsystem of a given system (including n constituent elements) is topological form, boundary condition, and applied load. The ith element has the adaptability qi , then the total strain capacity of the system structure is  Q = ni=1 qi , then the distribution rate of structural strain enn ergy of the system is λi = qi /Q, where i=1 λi = 1 and λi ≥ 0 (complete and non-negative). Therefore, the probability of random events in the information entropy formula is replaced by the distribution rate of structural strain energy, and the formula  for the entropy of the software system is E = − ni=1 λi ln λi . Based on the entropy of the software network derived from the expansion of information entropy, the measurement method proposed in this paper is to substitute the metrics extracted in the directed weighted network into the formulas, that is, using the node’s connection degree pi and the node’s inheritance degree ai instead of qi calculates the entropy of the software network. (3) Calculate individual realization probability values separately: λi1 = pi /P, λi2 = ai /A.

(4) Calculate individual entropy separately: Ei1 = −λi1 ln λi1 , Ei2 = −λi2 ln λi2   (5) Calculate total entropy separately: E1 = ni=1 Ei1 , E2 = ni=1 Ei2 (n is the number of nodes). (6) Calculate the evaluation coefficient values corresponding to the degree of connection and the degree of inheritance respectively: R1 = 1 − E1 /Emax 1 , R2 = 1 − E2 /Emax 2 . (7) Calculation system structure order degree evaluation coefficient: Rs = 0.5R1 + 0.5R2 . The final calculated evaluation coefficient Rs should be a number greater than or equal to 0 and less than 0.5. If the structure of the system is homogeneous, that is, it is uniformly distributed, it means that all nodes have the same degree of connectivity and inheritance. In this case, the value of Rs is 0, and the degree of uncertainty of the structure of the system is the highest. An unordered state, if the structure of the system is heterogeneous and non-uniformly distributed. It appears that there are a few “central” nodes in the system, i.e., nodes with large connectivity, and most nodes have only a small degree of connectivity. On the other hand, there are a few nodes with a high degree of inheritance, and most nodes have only a small degree of inheritance. At this time, the value of Rs is larger, indicating that the degree of structural uncertainty is low, and the overall appearance of an “Orderly” state that’s easy to control and manage. 3.3. Software structure complexity measurement method Complexity is an inherent feature of the software itself. The complexity of software is related to the prediction and detection of software defects, the possibility of defects in modules with high complexity is also relatively high, and detection should be a high focus. Based on the software’s directed weighted network model, this paper improves the calculation method of node’s sweep degree [19] and proposes to use the system’s average sweep degree as a measure index to form a measurement method for the complexity of the software structure; as shown in Fig. 3. This paper uses the average ripple of the system to measure the complexity of the software system. For a given weighted network of a software system, the structural complexity of the software system can be calculated. The specific calculation steps are as follows: (1) Select a node in the network and calculate the number m of the directed edges and the sum of the weights d of the edges in the path through which the node has reached each node in its reachable set, and calculate the value of d / m. (2) Calculate the sum of all the d / m values obtained in (1), that is, obtain the degree of ripple of the node |T(v)|.

C. Shan, S. Mei and C. Hu et al. / Computer Networks 152 (2019) 178–185

181

Fig. 3. Measurement process of software structure complexity.

(a) The degree of node ripple In graph theory, the reachable set of a node v is defined as a set of nodes that can be reached by a directed edge path, denoted by |T(v)|, the degree of node v is the number of elements contained in |T(v)|, and is denoted as |T(v)|. In this paper, we will improve the calculation method of node’s ripple degree according to the weight of the edges in the directed weighted network. For each node in the reachable concentration of the node, we first calculate the number of directed edges that the node passes to the node and the sum of its weights, d, is calculated by dividing d by m, that is, d / m. Finally, the value of d / m at each node is added to obtain the degree of ripple |T(v)| of the nodes in the directed weighted network. The degree of ripple reflects the total number of classes or modules that are directly and indirectly dependent on a given class or module, and characterizes how much the node affects the entire graph or network. The greater the degree of ripple, the more classes or modules it depends on, the higher the construction cost (i.e., the complexity of the construction), and the higher the error probability. (3) For each node in the network, the calculations of (1) and (2) are performed, and the degree of ripple of all nodes in the network is obtained. (4) Calculate the sum of the total number N of nodes in a directed weighted network and the sum T of the degree of ripple of all nodes. (5) Calculate the total number N1 of nodes with degree 0 and the sum of ripple degree T1 . (6) The average ripple of the computing system |T |avg = (T − T1 )/(N − N1 ). (a) The average ripple of the system For a node, its construction complexity can be measured by its ripple degree. For the entire software network, the construction complexity of the system can be measured by the average ripple of the system. The degree of ripple can describe the direct and indirect dependencies between classes, which reflects the complexity of their structures. Therefore, the average ripple of the system can be used to characterize the complexity of dependencies between classes or modules within the entire system. In the first step (1) calculation, in the accessible set of a node, this paper does not take into account the node itself, i.e., calculate the m value and d value of all nodes except itself from the node to its accessible set. Therefore, in the fifth step (5), the accessible set of the node whose degree of outlier is 0 is an empty set, and its degree of ripple is 0. That is, T1 = 0. In addition, when a node

has multiple paths from a node to a reachable set, the minimum number of directed edges that pass through the path is considered. Only the m and d values of the path are calculated. Other paths are not calculated. 4. Experiment and analysis 4.1. Lab environment The actual operating environment for this paper’s experiments is shown in Table 2. 4.2. Experimental verification 4.2.1. Experiment process (1) Get the project source code The project imported into Eclipse is an online shop system (B2C) based on Java’s domestic open source project downloaded from the open source China website (https://www.oschina.net/) — jeeshop. The construction and deployment of the B2C mall is simple, the system architecture is easy to understand, and the requirements of this study can be easily accomplished; including development of secondary functional requirements. (2) Project source code reverse engineering generate UML class diagram After importing the project into Eclipse, use the plug-in AmaterasUML to create a new class diagram file and generate a UML class diagram for the software. From simple to complex, the class diagram of each functional unit is first generated and then merged to obtain the class diagram of the entire software system. (3) UML class diagram inheritance to obtain software directed weighted network diagram

Table 2 Experimental operating environment. Name Computer parameter information Java environment

Tool

Operating environment Windows 10 Operating System Intel(R) Core(TM) i3-6100 CPU @ 3.70 GHz Processor RAM 8G, 64-bit Operating System, X64-based Processor Java version “1.8.0_131” Java(TM) SE Runtime Environment (build 1.8.0_131-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode) AmaterasUMLPlugin, Pajek 5.02 Version, 64-bit

182

C. Shan, S. Mei and C. Hu et al. / Computer Networks 152 (2019) 178–185 Table 3 Input file contents.

connection information and perform calculations. The node information is shown in Fig. 4.

∗

Vertices 117 1 "PagerModel" 2 "a" …… 11 "j" 12 "QueryModel" …… 29 "Order1" 30 "Order2" 31 "OrdersAction" 32 "OrderDetail" 33 "Product1" 34 "aa" …… 41 "hh" 42 "Address" 43 "ii" …… 51 "qq" 52 "AccountAction" 53 "News" 54 "Catalog" 55 "rr" 56 "Product2" …… 117 "c9" ∗ Arcs 2 1 1 2 3 0.8 …… 117 115 1

From the UML class diagram obtained in the second step, node, edge and join information are then extracted from the class diagram of the entire software system, converted into the correct data format, and the .NET file is imported into Pajek. When class diagrams are abstracted from a software system, they mainly consider the relationship between classes and classes. In the class diagram obtained from the experimental sample software jeeshop abstract, the relationship between classes involves inheritance and combinational relations. Therefore, the two relationships are mainly distinguished by assignment. In this paper, the combination relationship is assigned a value of 0.8 and inheritance. Relationship assignment is 1. In the UML class diagram, the total number of classes is 117 and the total number of edges between classes is 141. The specific contents of the .NET input file are shown in Table 3. In order to facilitate the input, only the names of the corresponding classes of the important center nodes are kept here, and the specific names of other classes are ignored, and alphabetical sorting is used instead. After importing the .NET input file to Pajek and optimizing the display of the network diagram on the 2D level, a directional weighted network diagram of the jeeshop software is obtained. The total number of nodes in the directed weighted network obtained by inheritance is 117, the total number of edges is 141, and the corresponding weight values are displayed on the edge. (4) Extracting metrics from directed weighted networks According to the software directed weighted network obtained by the above experimental process, the metrics are calculated using the parameter information in the network, and the order and complexity of the software structure are quantified and measured. This article uses the Python language’s math library to perform simple arithmetic operations in the calculation of experimental data. First, calculate the degree of connection and degree of inheritance for each node in the directed weighted network graph. Right-click the node in the network graph to display the node’s

4.2.2. Initial experiment results According to the calculation method mentioned above, the data of degree of connection and the degree of succession of 117 nodes (which cannot be completely listed due to too much data) are shown in Fig. 5 (Node Connection 1) and Fig. 6 (Node Inheritance 1) respectively. (1) Software structural ordering measures results According to the order degree measurement method of the structure proposed in this paper, the degree of connectivity of the node and the degree of inheritance are taken as the input, and the structural order degree evaluation coefficient of the software system is calculated as output. Python is used for fast sum operations. Firstly, the data is read into a list and the Sum function is used to sum the list Sum(list). The sum of the degrees of connectivity of all nodes is P = 265.6. In the same operation, the sum of the degree of inheritance of all nodes is A = 331. Calculating the maximum entropy separately: Emax1 = 5.58, Emax2 = 5.80, gets the total entropy E1 = 4.3411, E2 = 4.7273, then calculating the evaluation coefficient from the parameter values obtained in the previous steps R1 = 0.2220, R2 = 0.1849. Finally, we calculate the evaluation coefficient of system structure order degree Rs = 0.5R1 + 0.5R2 = 0.2035. (2) Software structure complexity measurement results The average spread of the system is calculated from the node’s sweep data. The total number of nodes in the weighted network of the software system is N = 117, and the degree of sweep of all nodes can be experimentally obtained as shown in Fig. 7 (Node Ripple Data 1). First calculate the sum of the ripple of all nodes T = 270.88. Then, the total number of nodes with degree 0 is determined as N1 = 13, and the sum of degree of ripple of nodes with degree 0 is given as T1 = 0. From this we discovered the average ripple of the system as |T |avg = (T − T1 )/(N − N1 ) = 2.605. During testing and maintenance of the software system, the test can be optimized based on the degree of spread of each node in the network. We can focus on testing whether there are flaws in the modules with high degree of impact and improve the efficiency of testing and maintenance. 4.2.3. Comparison test results Same as before, using the jeeshop project as an experimental sample and keeping the size of the project constant. That is, keeping the number of classes in the project and nodes in the directed weighted network unchanged, but adjusting the connection relationship between the nodes, and making the number of central nodes in the software network decrease. In this experiment, the nodes PagerModel and QueryModel are the main central nodes. QueryModel depends on PagerModel. So in the comparison experiment, the centrality of the node QueryModel is removed, and the node that originally depends on QueryModel is changed to rely on the PagerModel node. The specific experimental operation involves changing the edge information in the input Pajek .NET data file. Also, the node pointing to node number 12 is adjusted to number 1, and a new directional weighted network diagram is obtained. The directional and weighted network obtained after optimization is subjected to the same operation in the previous section, and its structural orderliness and complexity is measured, and a comparative analysis is performed according to the measurement results.

C. Shan, S. Mei and C. Hu et al. / Computer Networks 152 (2019) 178–185

183

20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

Node Connection1

Node Connection2

1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97 100 103 106 109 112 115

Node Connection (P)

Fig. 4. Node connection information.

Node Number Fig. 5. Node Connectivity Data.

Fig. 6. Node Inheritance Data.

(1) Software structural ordering measures results The degree of connection of the node is only changed between PagerModel and QueryModel. Only the node inheritance centered on QueryModel has changed. The degree of ripple of the nodes only changes at originally reached QueryModel through

the directional path. The new node’s connection, inheritance, and ripple data are shown in above Fig. 5 (Node Connection2), Fig. 6 (Node Inheritance2). The sum of the degrees of connectivity of all nodes is P = 265.6. In the same operation, the sum of the degree of inheritance of all nodes is A = 303. The maximum entropy Emax1 = 5.58, Emax2 = 5.71,

184

C. Shan, S. Mei and C. Hu et al. / Computer Networks 152 (2019) 178–185

Fig. 7. Node Degree of Data. Table 4 Experimental comparison data. Software system

Structural order evaluation coefficient Rs

Structural complexity (average ripple)

Before improvement After improvement

0.2035 0.2044

2.605 2.197

performing a sum operation on Ei1 , Ei2 to obtain the total entropy value E1 = 4.2495, E2 = 4.7374. Calculating the evaluation coefficient values corresponding to the degree of connection and the degree of inheritance R1 = 1 − E1 /Emax 1 = 0.2384, R2 = 1 − E2 /Emax 2 = 0.1703, and then calculating the evaluation coefficient of system structure order degree Rs = 0.5R1 + 0.5R2 = 0.2044. (2) Software structure complexity measurement results The software system has the degree of ripple to all nodes in the weighted network as shown in Fig. 7 (Node Ripple Data2). The sum of all nodes T = 228.51. From this we calculate the average spread of the system as |T |avg = (T − T1 )/(N − N1 ) = 2.197. 4.3. Experimental analysis According to the metrics and measurement methods proposed in this paper, the structural ordering degree and structural complexity of the software system are calculated. Then, the software system is partially optimized and the same method is used to calculate the structural order and structure of the new software system. The complexity and the comparative data obtained is shown in Table 4 below. According to the data in Table 4, the following conclusions are obtained: (1) The evaluation coefficient of the structural order of the software system is calculated to be 0.2035, slightly lower than a center value of 0.25 from 0 to 0.5. This indicates that the order of the system is not very high, and the structure has a certain degree of uncertainty; and there is room for optimization of the design. (2) The average system complexity of the software system is calculated to be 2.605. It can be understood that each class in the system has an average relationship with two to three other classes, so it is not particularly complex in structure. However, due to the experimental sample, the size of the software system is not large, so there is room for reduction in structural complexity.

(3) Since the size of the software system in this experiment sample is not large, the optimization is not particularly obvious. There is still a slight improvement in the evaluation coefficient of structural order, which indicates that the stability of the system structure is increased and the reliability is higher. Compared with the original system, the software system has a lower structural complexity and higher security. At the same time, the measurement results are consistent with the expected trends of the analysis results, indicating that the measurement method proposed in this paper has a certain degree of correctness and feasibility. 5. Conclusion Firstly, this paper abstracts the software into directed weighted network, that is, based on the directed network, edges between nodes are given different weights according to their different relations. This is a more accurate and comprehensive description of the structure of the software system. Then, based on the directed weighted network of the software as the measurement basis, some measurement indicators are improved and corresponding measurement methods are proposed to realize the measurement of the structural order and structural complexity of the software. Based on the measurement results, the structure of the software system is evaluated. The directed weighted network model can avoid ignoring the relationship attributes between classes, so the measurement based on the directed weighted network of software is more accurate. Through experimental analysis and verification, it is proved that the measurement indexes and methods proposed in this paper are correct and feasible to some extent. They can be applied in the development process of software system or the test and maintenance process to realize the overall evaluation of software reliability and security and guide the optimization and evolution process of software design. However, for the future work, this paper will be carried out from the following aspects. Firstly, a larger scale open source project of experimental samples can be further selected and a large number of experiments can be carried out to fully verify the correctness and availability of the measurement method proposed in

C. Shan, S. Mei and C. Hu et al. / Computer Networks 152 (2019) 178–185

this paper. Secondly, through a large number of experimental analysis, a range of security thresholds for the degree of order and complexity of the software structure can be determined to form a standard for evaluating the software structure. In this way, for a given software system, the method proposed in this paper is used to measure its structural order and structural complexity, and the measurement results are obtained. If the measurement results are within the security range, it indicates that the software has good reliability and security; otherwise, the software structure needs to be optimized.

185

[19] Y. Ma, K. He, D. Du, A qualitative method for measuring the structural complexity of software systems based on complex networks, in: Asia-pacific Software Engineering Conference, IEEE Computer Society, 2005, pp. 257– 263. Available at http://www.computer.org/csdl/proceedings/apsec/2005/2465/ 00/24650257-abs.html. Chun Shan received her Ph.D. degree in computer science from Beijing Institute of Technology in 2015. She is a vice professor and master supervisor. Her research interests include software security, network security and artificial intelligence. She is leading the project of Software Vulnerability Detection Methods and Techniques Based on Topological Invariant supported by Natural Science Foundation of China (Grant no. U1636115).

Acknowledgments This work is supported by the National Key R&D Program of China (Grant no. 2016YFB080 070 0); and the National Natural Science Foundation of China (Grant no. U1636115). References [1] B. Li, et al., Research on software complexity measure based on complex networks, Chin. J. Electron. 34 (s1) (2006) 2371–2375. Available at:http://www. wanfangdata.com.cn/details/detail.do?_type=perio&id=dianzixb20 06z10 08. [2] H. Tian, H. Zhao, Software structure complexity measurement based on software weighted network, Comput. Sci. 43 (s2) (2016) 506–508. [3] Z. Zhou, Factors affecting software reliability, Inf. Comput. (5) (2016) 94–95. Available online at: http://kns.cnki.net/kns/brief/result.aspx?dbprefix=SCDB. [4] K. Sahu, R. Shree, Stability: abstract roadmap of software security, AIJRSTEM 9 (2) (2015) 183–186. [5] F.Q. Yang, Thinking on the development of software engineering technology, J. Softw. 16 (1) (2005). http://www.wanfangdata.com.cn/details/detail.do?_type= perio&id=rjxb20 05010 01. [6] E.F. Norman, L.P. Shari, in: Software Metrics, Second ed., China Machine Press, Beijing, 2003, pp. 5–10. [7] S. Boccaletti, V. Latora, Y. Moreno, et al., Complex networks: structure and dynamics, Complex Syst. Complex. Sci. 424 (4–5) (2006) 175–308. [8] J. Wang, C. Ju, Y. Gao, A.K. Sangaiah, G.-j. Kim, A PSO based energy efficient coverage control algorithm for wireless sensor networks, Comput. Mater. Continua 56 (3) (2018) 433–446. [9] Y. Yang, J. Ai, X. Li, et al., MHCP model for quality evaluation for software structure based on software complex network, IEEE International Symposium on Software Reliability Engineering, IEEE, 2016. [10] G. Chen, Introduction to complex networks and their recent advances, Adv. Mech. 38 (6) (2008) 653–662. Availablehttp://lxjz.cstam.org.cn/EN/Y2008/V38/ I6/653. [11] T. McCabe, A software complexity measure, IEEE Trans. Softw. Eng. 2 (4) (1976) 308–320. https://www.mendeley.com/research-papers/ software-complexity-measure. [12] M.H. Halstead, in: Elements of Software Science, Elsevier Press, Amsterdam, 1977, pp. 28–154. https://www.researchgate.net/publication/235978157_ Elements_Of_Software_Science. Available. [13] S.R. Chidamber, C.F. Kemerer, A metrics suite for object oriented design, IEEE Trans. Softw. Eng. 20 (6) (1994) 476–493. Available athttps://ieeexplore.ieee. org/stamp/stamp.jsp?arnumber=295895. [14] M. Han, D. Li, C. Liu, et al., Networking characteristics in software and its contribution to software quality, Comput. Eng. Appl. 42 (20) (2006) 29–31. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id= jsjgcyyy20 0620 0 09. [15] Y. Tu, Y. Lin, J. Wang, J.-U. Kim, Semi-supervised learning with generative adversarial networks on digital signal modulation classification, Comput. Mater. Continua 55 (May (2)) (2018) 243–254. [16] Y. Tan, J. Wu, Network structure entropy and its application in unscaled networks, Syst. Eng. Theory Pract. 24 (6) (2004) 1–3. Available at http://www. wanfangdata.com.cn/details/detail.do?_type=perio&id=xtgcllysj20 04060 01. [17] P. Li, H. Zhao, H. Li, et al., Software network metrics based on standard structure entropy bias rate, J. Northeastern Univ. 31 (11) (2010) 1558–1561. Available at http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id= dbdxxb201011010. [18] X. Zhang, H. Liao, W. Li, et al., Software security measurement based on information entropy and attack surfaces, Comput. Appl. 33 (1) (2013) 19–22. http: //www.wanfangdata.com.cn/details/detail.do?_type=perio&id=jsjyy201301006.

Shanshan Mei received a B.S. degree in Software Engineering in 2017. She is currently working toward the M.S. degree in the Beijing Institute of Technology, Beijing, China. Her research interest is software security.

Changzhen Hu received his Ph.D. degree in information security from Beijing Institute of Technology in 1996. He is the vice dean, professor and doctoral supervisor of the school of Computer Science and Technology in Beijing Institute of Technology. He is leading the project of the National Key R&D Program of China (Grant no. 2016YFB080 070 0). His research interest is cyberspace security.

Liyuan Liu received her M.S. degree in software engineering from Beijing Institute of Technology in 2018. Her research interest is software security.

Limin Mao received her Ph.D. degree in mechanical engineering from Beijing Institute of Technology in 2008. She is currently a researcher in network security within the General Department of Network and Information, China Aerospace Science and Industry Corp. Ltd. Her research interest includes data security, privacy protection, and proactive network security protection.