An Optimized Static Propositional Function Model to Detect Software Vulnerability

Han, Lei; Zhou, Man; Qian, Yekui; Fu, Cai; Zou, Deqing

doi:10.1109/access.2019.2943896

Cited by 5 publications

(4 citation statements)

References 32 publications

(32 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wibowo et al (2017) investigated the Architectural Vulnerability Factor (AVF) of all major in-core memory structures of an out-of-order superscalar processor while Sultana and Williams (2017) used micro patterns detect vulnerability in software. Ziems and Wu (2021) and Paradis et al, (2018) modelled test as a source code and used it for software vulnerability detection in natural language processing (NLP), Han et al (2019) proposed a static detection model, while Choi et al (2020) developed Cyber-Physical Inconsistency to target vulnerability detection in Robotic Vehicles (RVs).…”

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

This study provided a systematic literature review of software vulnerability detection (SVD) by searching ACM and IEEE databases for related literatures. Using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) flowchart, a total of 55 studies published in the selected journals and conference proceeding of IEEE and ACM from 2015 to 2021 were reviewed. The objective is to identify, select and critically evaluate research works carried out on software vulnerability detection. The selected articles were grouped into 7 categories across various vulnerability detection evaluation criteria such as neural network – 5 papers, machine learning – 11 papers, static and dynamic analysis – 8 papers, code clone – 3 papers, classification – 4 papers, models – 3 papers, and frameworks – 6 papers. There are 15 articles that could not fall into any of these 7 categories, thus, they were place in others row that used different criteria to implement vulnerability detection. The result showed that many researchers used machine learning strategy to detect vulnerability in software since large volume of data can be reviewed easily with machine learning. Although many systems have been developed for detecting software vulnerability, none is able to show the type of vulnerability detected.

show abstract

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

show abstract

“…The number of vulnerabilities is greater because Shodan knows more specific organization data and can relate a more significant number of known vulnerabilities. Because Shodan is a secure software and its documentation only describes the variable "tag" for the query processes and not in the response processes, we have limited ourselves to verify its existence in order to assign a risk value for the prioritization process [21,40]. Since the quality of information exposed in Shodan provides more significant value in knowledge and investigation for cybercriminals [20,22], the risk increases when this variable called "tags" has some content.…”

Section: Probability Of Open Ports (Pop)mentioning

confidence: 99%

An Environment-Specific Prioritization Model for Information-Security Vulnerabilities Based on Risk Factor Analysis

et al. 2022

View full text Add to dashboard Cite

Vulnerabilities represent a constant and growing risk for organizations. Their successful exploitation compromises the integrity and availability of systems. The use of specialized tools facilitates the vulnerability monitoring and scanning process. However, the large amount of information transmitted over the network makes it difficult to prioritize the identified vulnerabilities based on their severity and impact. This research aims to design and implement a prioritization model for detecting vulnerabilities based on their network environment variables and characteristics. A mathematical prioritization model was developed, which allows for calculating the risk factor using the phases of collection, analysis, and extraction of knowledge from the open information sources of the OSINT framework. The input data were obtained through the Shodan REST API. Then, the mathematical model was applied to the relevant information on vulnerabilities and their environment to quantify and calculate the risk factor. Additionally, a software prototype was designed and implemented that automates the prioritization process through a Client–Server architecture incorporating data extraction, correlation, and calculation modules. The results show that prioritization of vulnerabilities was achieved with the information available to the attacker, which allows evaluating the overexposure of information from organizations. Finally, we concluded that Shodan has relevant variables that assess and quantify the overexposure of an organization’s data. In addition, we determined that the Common Vulnerability Scoring System (CVSS) is not sufficient to prioritize software vulnerabilities since the environments where they reside have different characteristics.

show abstract

“…A review of existing related work in this area indicates that vulnerability detection is still a challenging area for software developers. Han et al [76] proposes that one of the reasons that the currently available static 7. Related work -SRA detection technologies have limited applicability and the problem of state space explosion (the exponential increase in the size of system state space with growing number of state variables) is the lack of appropriate theory to accurately characterize vulnerabilities.…”

Section: Vulnerability Detection and Knowledge Sharingmentioning

confidence: 99%

“…We found the basic idea of describing a vulnerability in terms of its preconditions, characteristics, and decision rules to be similar to VCGs, where every path from the top cause in the graph, down to the vulnerability is describing a possible execution path that leads to the existence of a vulnerability. Han et al [76] refers to our vulnerability modeling technique as a structured method for analyzing and recording the causes of software vulnerabilities. VCGs are described as one of the detection frameworks for vulnerability positioning and discrimination.…”

Section: Vulnerability Detection and Knowledge Sharingmentioning

confidence: 99%

Vulnerability and Risk Analysis Methods and Application in Large Scale Development of Secure Systems

Ardi

2021

Linköping Studies in Science and Technology. Dissertations

View full text Add to dashboard Cite

An Optimized Static Propositional Function Model to Detect Software Vulnerability

Cited by 5 publications

References 32 publications

A systematic literature review of software vulnerability detection

A systematic literature review of software vulnerability detection

An Environment-Specific Prioritization Model for Information-Security Vulnerabilities Based on Risk Factor Analysis

Vulnerability and Risk Analysis Methods and Application in Large Scale Development of Secure Systems

Contact Info

Product

Resources

About