Pub Date : 2021-06-01DOI: 10.4108/eai.11-5-2021.169912
Van Trieu-Do, Richard B. Garcia-Lebron, Maochao Xu, Shouhuai Xu, Yusheng Feng
Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework o ff ers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.
{"title":"Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study","authors":"Van Trieu-Do, Richard B. Garcia-Lebron, Maochao Xu, Shouhuai Xu, Yusheng Feng","doi":"10.4108/eai.11-5-2021.169912","DOIUrl":"https://doi.org/10.4108/eai.11-5-2021.169912","url":null,"abstract":"Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework o ff ers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131090326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-06-01DOI: 10.4108/eai.1-6-2021.170011
Li Wang
Moving Target Defense (MTD) was proposed as a promising defense paradigm to introduce various uncertainties into computer systems, which can greatly raise the bar for the attackers. Currently, there are two classes of MTD research over computer system, system level MTD and network level MTD. System level MTD research introduces uncertainties to various aspects of computer systems; while network level MTD research brings unpredictability of network properties to the target network. A lot of network level MTD research has been proposed, which covers various aspects of computer network. However, the existing MTD approaches usually target on one aspect of computer network, and most of them are designed against a certain network security threat. They can hardly defend against complex attacks or provide complicated protections. In this paper, we propose Shoal, a Moving Target Defense engine with multiple MTD strategies over SDN networks. By applying hybrid and multiple network level MTD methods, Shoal is capable of providing complicated protections and defending advanced attacks. We evaluate Shoal in two advanced protection scenarios, moving target surface and Crossfire attack. The evaluation results, in term of security effectiveness and performance cost, show the protection provided by Shoal’s hybrid MTD methods is effective and the performance cost is relatively low. Received on 25 March 2021; accepted on 09 May 2021; published on 01 June 2021
{"title":"Shoal: A Network Level Moving Target Defense Engine with Software Defined Networking","authors":"Li Wang","doi":"10.4108/eai.1-6-2021.170011","DOIUrl":"https://doi.org/10.4108/eai.1-6-2021.170011","url":null,"abstract":"Moving Target Defense (MTD) was proposed as a promising defense paradigm to introduce various uncertainties into computer systems, which can greatly raise the bar for the attackers. Currently, there are two classes of MTD research over computer system, system level MTD and network level MTD. System level MTD research introduces uncertainties to various aspects of computer systems; while network level MTD research brings unpredictability of network properties to the target network. A lot of network level MTD research has been proposed, which covers various aspects of computer network. However, the existing MTD approaches usually target on one aspect of computer network, and most of them are designed against a certain network security threat. They can hardly defend against complex attacks or provide complicated protections. In this paper, we propose Shoal, a Moving Target Defense engine with multiple MTD strategies over SDN networks. By applying hybrid and multiple network level MTD methods, Shoal is capable of providing complicated protections and defending advanced attacks. We evaluate Shoal in two advanced protection scenarios, moving target surface and Crossfire attack. The evaluation results, in term of security effectiveness and performance cost, show the protection provided by Shoal’s hybrid MTD methods is effective and the performance cost is relatively low. Received on 25 March 2021; accepted on 09 May 2021; published on 01 June 2021","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"129 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114081076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-08DOI: 10.4108/EAI.8-4-2021.169179
Reem Bashir, H. Janicke, W. Zeng
Sandbox applications can be used as anti-forensics techniques to hide important evidence in the digital forensics investigation. There is limited research on sandboxing technologies, and the existing researches on sandboxing are focusing on the technology itself. The impact of sandbox applications on live digital forensics investigation has not been systematically analysed and documented. In this study, we proposed a methodology to analyse sandbox applications on Windows systems. The impact of having standalone sandbox applications on Windows operating systems image was evaluated. Experiments were conducted to examine the artefacts of three sandbox applications: Sandboxie, BufferZone and ToolWiz Time Freeze on Windows 7, Windows Server 12 R2 and Windows XP operating systems in 2018. We found that (1) only the installed applications can be found after deleting the ToolWiz Time Freeze content. Unlike Sandboxie, the data can be retrieved from the memory images even after deleting the application’s content if the system was not restated; (2) not all the sandbox applications data will be deleted after restarting the systems, e.g., BufferZone’s content can be retrieved even after restarting the system. Received on 26 January 2021; accepted on 07 April 2021; published on 08 April 2021
沙盒应用可以作为反取证技术,在数字取证调查中隐藏重要证据。对沙盒技术的研究有限,现有的沙盒研究主要集中在技术本身。沙箱应用程序对实时数字取证调查的影响尚未得到系统的分析和记录。在这项研究中,我们提出了一种方法来分析Windows系统上的沙箱应用程序。评估了在Windows操作系统映像上使用独立沙箱应用程序的影响。实验研究了2018年Windows 7、Windows Server 12 R2和Windows XP操作系统上的三种沙盒应用程序:sandboxxie、BufferZone和ToolWiz Time Freeze的工件。我们发现(1)删除ToolWiz Time Freeze内容后,只能找到已安装的应用程序。与sandboxxie不同的是,即使在删除应用程序的内容后,如果系统没有重述,也可以从内存映像中检索数据;(2)重启系统后,并非所有沙箱应用程序的数据都会被删除,例如,即使重启系统,BufferZone的内容也可以被检索。2021年1月26日收到;于2021年4月7日接受;出版于2021年4月8日
{"title":"Evaluating the Impact of Sandbox Applications on Live Digital Forensics Investigation","authors":"Reem Bashir, H. Janicke, W. Zeng","doi":"10.4108/EAI.8-4-2021.169179","DOIUrl":"https://doi.org/10.4108/EAI.8-4-2021.169179","url":null,"abstract":"Sandbox applications can be used as anti-forensics techniques to hide important evidence in the digital forensics investigation. There is limited research on sandboxing technologies, and the existing researches on sandboxing are focusing on the technology itself. The impact of sandbox applications on live digital forensics investigation has not been systematically analysed and documented. In this study, we proposed a methodology to analyse sandbox applications on Windows systems. The impact of having standalone sandbox applications on Windows operating systems image was evaluated. Experiments were conducted to examine the artefacts of three sandbox applications: Sandboxie, BufferZone and ToolWiz Time Freeze on Windows 7, Windows Server 12 R2 and Windows XP operating systems in 2018. We found that (1) only the installed applications can be found after deleting the ToolWiz Time Freeze content. Unlike Sandboxie, the data can be retrieved from the memory images even after deleting the application’s content if the system was not restated; (2) not all the sandbox applications data will be deleted after restarting the systems, e.g., BufferZone’s content can be retrieved even after restarting the system. Received on 26 January 2021; accepted on 07 April 2021; published on 08 April 2021","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117000998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-03-10DOI: 10.4108/EAI.10-3-2021.168964
F. Ikuero, Vasileios Germanos, L. Brooks, W. Zeng
One of the most common problems of election in Nigeria is inefficient data management. All subsequent elections were blighted by inefficient data management that resulted in violence in the country and distrust among political parties. These flaws prompted the government at different times to modify the nation’s electoral systems ranging from party systems to electoral management body reformation and electronics verification technologies. In this paper, we investigated the opinions of 71 Nigeria citizens about the Nigeria General Elections (NGEs) processes and data management in these processes. We found that the majority of the participants rated the existing voting system in Nigeria to be of low effectiveness and reliability. The majority of the participants believe that an e-voting system based on Blockchain technology has the capability to prevent alterations in the voting processes. Received on 26 January 2021; accepted on 3 March 2021; published on 10 March 2021
{"title":"Is E-voting Systems based on Blockchain Technology Efficient in Nigeria General Elections?","authors":"F. Ikuero, Vasileios Germanos, L. Brooks, W. Zeng","doi":"10.4108/EAI.10-3-2021.168964","DOIUrl":"https://doi.org/10.4108/EAI.10-3-2021.168964","url":null,"abstract":"One of the most common problems of election in Nigeria is inefficient data management. All subsequent elections were blighted by inefficient data management that resulted in violence in the country and distrust among political parties. These flaws prompted the government at different times to modify the nation’s electoral systems ranging from party systems to electoral management body reformation and electronics verification technologies. In this paper, we investigated the opinions of 71 Nigeria citizens about the Nigeria General Elections (NGEs) processes and data management in these processes. We found that the majority of the participants rated the existing voting system in Nigeria to be of low effectiveness and reliability. The majority of the participants believe that an e-voting system based on Blockchain technology has the capability to prevent alterations in the voting processes. Received on 26 January 2021; accepted on 3 March 2021; published on 10 March 2021","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126126048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-12DOI: 10.4108/eai.25-6-2021.170245
Tomasz Kosinski, R. Scandariato, M. Fjeld
Since the advent of consumer-oriented IoT products, like smart homes, researchers have taken up the challenge of shielding the consumers from the risks this technology entails, including privacy harms. However, security and privacy research is ‘hungry’ for open data (e.g., about the network traffic patterns of the devices) and open platforms to validate IoT-related solutions outside a pure simulation environment. Except for the few cases seen in the related work, datasets are not readily available to the research community and are difficult to produce in-house. Also, the reproducibility of research results and open science is hindered by the lack of an open experimentation platform (to test privacy and security solutions) that also offers a fine-grained control of the experimental setup. We present SyntIoT, a platform that allows researchers to easily deploy a complete IoT ecosystem (including devices, users, vendor clouds) into the physical world and at a low cost, hence lowering the barriers to entry in this research field. SyntIoT can be used to collect field data and to realistically validate security and privacy solutions. Our platform uses synthetic IoT devices that are fully configurable in a declarative way. Interestingly, our platform also allows commercial devices to be deployed alongside the synthetic ones. The platform provides an infrastructure to monitor the ecosystem and to extract rich data, which can be used for empirical research and data mining. This paper presents the platform, explains how it meets established research needs not yet answered in previous works, and highlights its usage in the context of three experimental scenarios.
{"title":"SyntIoT: Privacy and security experimentation in consumer-oriented IoT ecosystems","authors":"Tomasz Kosinski, R. Scandariato, M. Fjeld","doi":"10.4108/eai.25-6-2021.170245","DOIUrl":"https://doi.org/10.4108/eai.25-6-2021.170245","url":null,"abstract":"Since the advent of consumer-oriented IoT products, like smart homes, researchers have taken up the challenge of shielding the consumers from the risks this technology entails, including privacy harms. However, security and privacy research is ‘hungry’ for open data (e.g., about the network traffic patterns of the devices) and open platforms to validate IoT-related solutions outside a pure simulation environment. Except for the few cases seen in the related work, datasets are not readily available to the research community and are difficult to produce in-house. Also, the reproducibility of research results and open science is hindered by the lack of an open experimentation platform (to test privacy and security solutions) that also offers a fine-grained control of the experimental setup. We present SyntIoT, a platform that allows researchers to easily deploy a complete IoT ecosystem (including devices, users, vendor clouds) into the physical world and at a low cost, hence lowering the barriers to entry in this research field. SyntIoT can be used to collect field data and to realistically validate security and privacy solutions. Our platform uses synthetic IoT devices that are fully configurable in a declarative way. Interestingly, our platform also allows commercial devices to be deployed alongside the synthetic ones. The platform provides an infrastructure to monitor the ecosystem and to extract rich data, which can be used for empirical research and data mining. This paper presents the platform, explains how it meets established research needs not yet answered in previous works, and highlights its usage in the context of three experimental scenarios.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123190975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays, some encryption schemes are not sensitive enough to plain-image, which leads to poor robustness and the scheme is vulnerability to attacks. By employing chaotic maps and cellular automata (CA), a novel image encryption algorithm is presented in this work to increase the sensitivity to plain-image and improve the security. Firstly, initial values of the two-dimensional Logistic-Sine-coupling map (2D-LSCM) and the Logistic-Sine-Cosine map (LSC) are calculated by the SHA-256 hash value of original image, and the process of diffusion is conducted next. Secondly, the key matrices are produced by iterating chaotic map in the process of permutation. The diffused image is scrambled by the index matrices, which are produced by sorting every row or column of the key matrices. Finally, the previous scrambled image is transformed into cipher-image by using CA. The experimental results and theoretical analysis prove that the proposed scheme owns good security as it can effectively resist a variety of attacks.
{"title":"Image encryption algorithm using chaotic maps and cellular automata","authors":"Lanhang Li, Yuling Luo, Shubin Tang, Lvchen Cao, Xue Ouyang","doi":"10.4108/eai.21-6-2021.170238","DOIUrl":"https://doi.org/10.4108/eai.21-6-2021.170238","url":null,"abstract":"Nowadays, some encryption schemes are not sensitive enough to plain-image, which leads to poor robustness and the scheme is vulnerability to attacks. By employing chaotic maps and cellular automata (CA), a novel image encryption algorithm is presented in this work to increase the sensitivity to plain-image and improve the security. Firstly, initial values of the two-dimensional Logistic-Sine-coupling map (2D-LSCM) and the Logistic-Sine-Cosine map (LSC) are calculated by the SHA-256 hash value of original image, and the process of diffusion is conducted next. Secondly, the key matrices are produced by iterating chaotic map in the process of permutation. The diffused image is scrambled by the index matrices, which are produced by sorting every row or column of the key matrices. Finally, the previous scrambled image is transformed into cipher-image by using CA. The experimental results and theoretical analysis prove that the proposed scheme owns good security as it can effectively resist a variety of attacks.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"1218 9","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113994794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-30DOI: 10.4108/eai.21-6-2021.170236
Yixin Li, Liming Wang, Jing Yang, Zhen Xu, Xi Luo
Nowadays, cybercriminals tend to leverage dynamic malicious infrastructures with multiple servers to conduct attacks, such as malware distribution and control. Compared with a single server, employing multiple servers allows crimes to be more efficient and stealthy. As the necessary role infrastructures play, many approaches have been proposed to detect malicious servers. However, many existing methods typically target only on the individual server and therefore fail to reveal inter-server connections of an attack campaign. In this paper, we propose a complementary system, deMSF, to identify server flocks, which are formed by infrastructures involved in the same malicious campaign. Our solution first acquires server flocks by mining relations of servers from both spatial and temporal dimensions. Further we extract the semantic vectors of servers based on word2vec and build a textCNN-based flocks classifier to recognize malicious flocks. We evaluate deMSF with real-world traffic collected from an ISP network. The result shows that it has a high precision of 99% with 90% recall.
{"title":"deMSF: a Method for Detecting Malicious Server Flocks for Same Campaign","authors":"Yixin Li, Liming Wang, Jing Yang, Zhen Xu, Xi Luo","doi":"10.4108/eai.21-6-2021.170236","DOIUrl":"https://doi.org/10.4108/eai.21-6-2021.170236","url":null,"abstract":"Nowadays, cybercriminals tend to leverage dynamic malicious infrastructures with multiple servers to conduct attacks, such as malware distribution and control. Compared with a single server, employing multiple servers allows crimes to be more efficient and stealthy. As the necessary role infrastructures play, many approaches have been proposed to detect malicious servers. However, many existing methods typically target only on the individual server and therefore fail to reveal inter-server connections of an attack campaign. In this paper, we propose a complementary system, deMSF, to identify server flocks, which are formed by infrastructures involved in the same malicious campaign. Our solution first acquires server flocks by mining relations of servers from both spatial and temporal dimensions. Further we extract the semantic vectors of servers based on word2vec and build a textCNN-based flocks classifier to recognize malicious flocks. We evaluate deMSF with real-world traffic collected from an ISP network. The result shows that it has a high precision of 99% with 90% recall.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124284104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-30DOI: 10.4108/eai.30-6-2020.165502
Soohyun Park, Yeongeun Kang, Jeman Park, Joongheon Kim
This paper proposes a self-controllable super-resolution adaptation algorithm in drone platforms. The drone platforms are generally used for surveillance in target network areas. Thus, super-resolution algorithms which are for enhancing surveillance video quality are essential. In surveillance drone platforms, generating video streams obtained by CCTV cameras is not static, because the cameras record the video when abnormal objects are detected. The generation of streams is not predictable, therefore, this unpredictable situation can be harmful to reliable surveillance monitoring. To handle this problem, the proposed algorithm designs superresolution adaptation. With the proposed algorithm, the shallow model which is fast and low-performance will be used if the stream queue is near overflow. On the other hand, the deep model which is highperformance and slow will be used if the queue is idle to improve the performance of super-resolution. Received on 31 May 2020; accepted on 25 June 2020; published on 30 June 2020
{"title":"Self-Controllable Super-Resolution Deep Learning Framework for Surveillance Drones in Security Applications","authors":"Soohyun Park, Yeongeun Kang, Jeman Park, Joongheon Kim","doi":"10.4108/eai.30-6-2020.165502","DOIUrl":"https://doi.org/10.4108/eai.30-6-2020.165502","url":null,"abstract":"This paper proposes a self-controllable super-resolution adaptation algorithm in drone platforms. The drone platforms are generally used for surveillance in target network areas. Thus, super-resolution algorithms which are for enhancing surveillance video quality are essential. In surveillance drone platforms, generating video streams obtained by CCTV cameras is not static, because the cameras record the video when abnormal objects are detected. The generation of streams is not predictable, therefore, this unpredictable situation can be harmful to reliable surveillance monitoring. To handle this problem, the proposed algorithm designs superresolution adaptation. With the proposed algorithm, the shallow model which is fast and low-performance will be used if the stream queue is near overflow. On the other hand, the deep model which is highperformance and slow will be used if the queue is idle to improve the performance of super-resolution. Received on 31 May 2020; accepted on 25 June 2020; published on 30 June 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124583536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-10DOI: 10.4108/eai.13-7-2018.165275
Yuan He, Wenjie Wang, Hongyu Sun, Yuqing Zhang
It is quite common for reusing code in soft development, which may lead to the wide spread of the vulnerability, so automatic detection of vulnerable code clone is becoming more and more important. However, the existing solutions either cannot automatically extract the characteristics of the vulnerable codes or cannot select different algorithms according to different codes, which results in low detection accuracy. In this paper, we consider the identification of vulnerable code clone as a code recognition task and propose a method named Vul-Mirror based on a few-shot learning model for discovering clone vulnerable codes. It can not only automatically extract features of vulnerabilities, but also use the network to measure similarity. The results of experiments on open-source projects of five operating systems show that the accuracy of Vul-Mirror is 95.7%, and its performance is better than the state-of-the-art methods.
{"title":"Vul-Mirror: A Few-Shot Learning Method for Discovering Vulnerable Code Clone","authors":"Yuan He, Wenjie Wang, Hongyu Sun, Yuqing Zhang","doi":"10.4108/eai.13-7-2018.165275","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.165275","url":null,"abstract":"It is quite common for reusing code in soft development, which may lead to the wide spread of the vulnerability, so automatic detection of vulnerable code clone is becoming more and more important. However, the existing solutions either cannot automatically extract the characteristics of the vulnerable codes or cannot select different algorithms according to different codes, which results in low detection accuracy. In this paper, we consider the identification of vulnerable code clone as a code recognition task and propose a method named Vul-Mirror based on a few-shot learning model for discovering clone vulnerable codes. It can not only automatically extract features of vulnerabilities, but also use the network to measure similarity. The results of experiments on open-source projects of five operating systems show that the accuracy of Vul-Mirror is 95.7%, and its performance is better than the state-of-the-art methods.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127535285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: