Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

Pang Jianmin,Zhang Yujia,Zhang Zheng,Wu Jiangxing

DOI: https://doi.org/10.15302/j-sscae-2016.06.015

2016-01-01

Abstract:With the development of the Internet, the process of computer software globalization continues to advance. A lot of identical software is installed on tens of thousands of computers. This makes widespread exploitation of software vulnerabilities easy and attractive for an attacker because the same attack vector will probably successfully affect numerous targets. Traditional software security methods can only be used to repair the vulnerabilities. Although software-diversity technology can remove the threat momentarily, it cannot eliminate the risk caused by vulnerabilities. This paper proposes a scheme of combining software diversity and mimic defense in the software security industry to eliminate the threat.

Moses Garuba,Chunmei Liu,Duane Fraites

DOI: https://doi.org/10.1109/itng.2008.231

2008-04-01

Abstract:Organizations require security systems that are flexible and adaptable in order to combat increasing threats from software vulnerabilities, virus attacks and other malicious code, in addition to internal attacks. Network intrusion detection systems, which are part of the layered defense scheme, must be able to meet these organizational objectives in order to be effective. Although signature based network intrusion detection systems meet several organizational security objectives, heuristic based network intrusion detection systems are able to fully meet the objectives of the organization. Through a comparative theoretical study, this paper analyzes several organizational security objectives in order to determine the network intrusion detection system that effectively meets these objectives. Through conclusive analysis of the study, heuristic based systems are better served to meet the organizational objectives than signature based systems. The analysis was based on which system provided definitive security objectives and offered the flexibility, adaptability, and reduced vulnerability that an organization requires.

Wei-Jun SHEN,En-Yi TANG,Zhen-Yu CHEN,Xin CHEN,Bin LI,Juan ZHAI

DOI: https://doi.org/10.13328/j.cnki.jos.005503

2018-01-01

Abstract:Vulnerability detection is an important way of improving the security of software.However,the development of the Internet makes it possible for hackers to attack software systems with new techniques.This paper focuses on a new kind of vulnerability that relates to numerical stability.It poses new threat to software security as hackers are able to bypass security protection by the new kind of vulnerability,and numerical analysis is difficult to detect such a vulnerability.In the paper,the vulnerability related to numerical stability is defined from the perspective of software behavior variation caused by numerical errors,and an automatic detection approach is proposed.The approach combines the static analysis and symbolic execution,and detects the vulnerability by three steps:symbolic extraction,static attack analysis,and dynamic attack verification with high precision values.This new approach is evaluated on a few famous open source projects.The results show that the proposed approach effectively detects the vulnerabilities related to numerical stability hidden in the real-world projects.

MA Bolin,ZHANG Zheng,REN Quan,ZHANG Gaofei,WU Jiangxing

DOI: https://doi.org/10.11959/j.issn.1000−436x.2021176

2021-01-01

Abstract:Software-based redundant execution (SRE) is a popular fault-tolerant design method which makes use of faults occurring randomly to achieve fault-tolerance.Software-based heterogeneous redundant execution (SHRE) uses heterogeneous redundant software replicas with identical function based on SRE and diversity of software.By comparing the results of heterogeneous redundant software replicas, SHRE can resist threats from software vulnerabilities and homogenization.The classification method of SHRE was proposed, and the security capability of SHRE was introduced.Based on N-modular redundancy, I/O operation mode and the recovery capability of attacked software replica, resistance to attack of different structures were analyzed.The analysis shows that the security capability of SHRE performs best when it is triple-mode redundancy architecture and attacked software replica can be recovered.Besides, by shortening the recovery time of attacked software replica, security to SHRE can be improved.

Qisheng Zhang,Jin-Hee Cho,Terrence J. Moore,Ing-Ray Chen

DOI: https://doi.org/10.48550/arXiv.2007.08469

2020-07-17

Abstract:By leveraging the principle of software polyculture to ensure security in a network, we proposed a vulnerability-based software diversity metric to determine how a network topology can be adapted to minimize security vulnerability while maintaining maximum network connectivity. Our proposed software diversity-based adaptation (SDA) scheme estimates a node's software diversity based on the vulnerabilities of software packages installed on other nodes on attack paths reachable to the node and employs it for edge adaptations, such as removing an edge with a neighboring node that exposes high security vulnerability because two connected nodes use the same software packages or a neighboring node may have high software vulnerability or adding an edge with another node with less or no security vulnerability because the two nodes use different software packages or have low vulnerabilities associated with them. To validate the proposed SDA scheme, we conducted extensive experiments comparing the proposed SDA scheme with counterpart baseline schemes in real networks. Our simulation experimental results proved the outperformance of our proposed SDA compared to the existing counterparts and provided insightful findings in terms of the effectiveness and efficiency of the proposed SDA scheme under three real network topologies with vastly different network density.

Cryptography and Security

Yu-jia ZHANG,Jian-min PANG,Zheng ZHANG,Jiang-xing WU

DOI: https://doi.org/10.11896/j.issn.1002-137X.2018.02.037

2018-01-01

Abstract:With the development of reverse engineering,the software industry has suffered a great loss from the software piracy and malicious attack for a long time.Code obfuscation techniques which can hide specific function of a program from malicious analysis for malware is thus frequently employed to mitigate this risk.However,most of the existing obfuscation methods are language embedded and depend on the target architecture,this paper proposed a method of compile-time obfuscation,and further presented a prototype implementedation based on the LLVM compiler infrastructure.Furthermore,this paper implemented a mimic security defence system which is free from malicious attack with the software diversity method.

Cheng-Jie Xiong,Yan-Fu Li,Min Xie,Szu-Hui Ng,Thong-Ngee Goh

DOI: https://doi.org/10.1007/978-3-642-10619-4_38

2009-01-01

Abstract:Distributed systems are widely deployed in industries where high computational capability and low cost are required. Distributed software architecture is very important in the distributed system. However, since most distributed systems are designed based on a network structure, distributed software is very vulnerable to malware attacks. Due to the popularity of distributed system, it is vital to study the effects of malware attack on distributed systems. In this paper, we studied the malware attack behaviors by a Markov process model. The states of the object homogeneous distributed system can be derived by analyzing the Markov model, with which the service reliability and service availability can be further obtained. An illustrative demonstration is also presented.

Yongzheng Zhang,Binxing Fang,Xiaochun Yun

DOI: https://doi.org/10.3321/j.issn:1002-0470.2007.04.001

2007-01-01

Abstract:On the basis of the previous research work, this paper combines the index-based micro-analysis with the risk sum based macro-analysis to propose an integrated method for quantitative assessment of mainstream operating systems security vulnerabilities, and evaluates 1081 vulnerabilities related to six versions of three mainstream operating systems Windows NT, RedHat Linux and Solaris. This method can be used to effectively analyze the influences of the evolution of the operating systems on their security and compare the security status of the systems from various aspects on various levels.

WU Chunmei,XIA Nai,MAO Bing

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.03.063

2006-01-01

Abstract:A testbed which includes the common vulnerabilities is built.The paper compares three typical and publicly available tools by applying them to the testbed individually for sake of preventing intrusion.The result reveals that the tools building on finding vulnerable library functions have low false negatives rates but high false positives rates,the constrained based tools have low false positives rates but high false negatives rates,and the module checkers have high true positives rates when finding attacks against given security rules,but have high false negatives rates when finding many kinds of vulnerabilities.

ying zhou,zhongfu wu,feng li,hao wang,zhengzhou zhu

2006-01-01

Abstract:As Peer-to-peer (P2P) networking technologies become popular, P2P worms which exploit common vulnerabilities of P2P software to achieve fast worm propagation have emerged. It is believed that software diversity can decrease the virulence of worms and the effectiveness of repeated applications of single attacks. In this paper, we introduce software diversity into the prevent- ion of worm propagation in P2P networks. In particular, we propose a P2P-based software diversity model and conduct both theoretical analysis and extensive simulations to test the performance of software diversity in containing P2P worm propagation. The results indicate that our work can provide a new way to mitigate threats of P2P worms.

Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-030-29844-9_5

IF: 2.701

2019-01-01

Wireless Networks

Abstract:As mentioned earlier, moving target defense (MTD) [1] adopts multiple security technologies featuring diversity, dynamicity, and randomness, aiming to change the passive cyber defense situation by greatly increasing the cost of attack and vulnerability exploitation through the deployment and operation of networks, platforms, systems, devices, and even components that are subject to apparent uncertainty and random dynamics. In fact, such basic defense methods or technical elements as diversity, randomness, redundancy, and dynamicity are not exclusively for MTD or certain security defense systems. They have been widely used in all aspects of the related fields, and the purpose is nothing but how to endow the target system with security attributes, such as diversity, randomness, and dynamicity, to build a survivable, recoverable, and fault-tolerant self-adaptive system in the harsh context of an elusive operating environment, asymmetrical threats, or uncertain failures. For example, the biodiversity mechanism in natural communities guarantees the stability of the ecosystems, while the dynamic multipath forwarding mechanism in communication networks guarantees the anti-interception of data transmission. Various encryption technologies are applying pseudo-random properties or methods, and the redundancy technology is a “talisman” in the field of reliability. This chapter will elaborate on the concepts, characteristics, and applications of diversity, randomness, and dynamicity technologies themselves and analyze the possible engineering challenges for introducing these underlying defense technologies into information systems, with an attempt to comb the ties among the three technologies and propose the relevant arguments.

Xiang Li,Jinfu Chen,Zhechao Lin,Lin Zhang,Zibin Wang,Minmin Zhou,Wanggen Xie

DOI: https://doi.org/10.1109/cbd.2017.58

2017-08-01

Abstract:Software vulnerability remains a serious challenge to the software engineering domain over the past decade as a result of the recent technological advancement in information systems. The rapid development in software applications and failure on the part of system developers to properly analyze program codes before been released to the market increases the chance for data breaches. It is a known fact that most system failures are as a result of bugs and errors detected in software applications. Although code errors significantly affect software quality, there is no effective method that can be used in eliminating software errors to improve its reliability. Data Mining and its related algorithms are an active area which can successfully be applied in analyzing software vulnerability. However the concept of applying data mining techniques has not been empirically proven as an effective method for obtaining the essential characteristics of software vulnerability. To investigate this effect, we propose a vulnerability mining algorithm to analyze and obtain the essential characteristics of Software vulnerability based data mining techniques. We first extracted and preprocessed the software vulnerabilities using data mining techniques and common vulnerability database. We evaluate the proposed technique using the Common Vulnerability and Exposure (CVE) Database, Common Weakness Enumeration (CWE) Database, National Vulnerability Database (NVD) datasets. Empirical results show that the proposed vulnerability mining algorithm has a remarkable improvement in the vulnerability mining process. The most interesting finding is that, we observed that across all the three projects, recall was around 70% and precision was approximately 60%.

Zhidong Shen,Si Chen

DOI: https://doi.org/10.1155/2020/8858010

IF: 1.968

2020-09-29

Security and Communication Networks

Abstract:Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential software security problems. Together with the large-scale increase in the number of software and the increase in complexity, the traditional manual methods to deal with these security issues are inefficient and cannot meet the current cyberspace security requirements. Therefore, it is an important research topic for researchers in the field of software security to develop more intelligent technologies to apply to potential security issues in software. The development of deep learning technology has brought new opportunities for the study of potential security issues in software, and researchers have successively proposed many automation methods. In this paper, these automation technologies are evaluated and analysed in detail from three aspects: software vulnerability detection, software program repair, and software defect prediction. At the same time, we point out some problems of these research methods, give corresponding solutions, and finally look forward to the application prospect of deep learning technology in automated software vulnerability detection, automated program repair, and automated defect prediction.

computer science, information systems,telecommunications

Tingting Li,Cheng Feng,Chris Hankin

DOI: https://doi.org/10.48550/arXiv.1811.00142

2018-10-31

Cryptography and Security

Abstract:Network diversity has been widely recognized as an effective defense strategy to mitigate the spread of malware. Optimally diversifying network resources can improve the resilience of a network against malware propagation. This work proposes an efficient method to compute such an optimal deployment, in the context of upgrading a legacy Industrial Control System with modern IT infrastructure. Our approach can tolerate various constraints when searching for an optimal diversification, such as outdated products and strict configuration policies. We explicitly measure the vulnerability similarity of products based on the CVE/NVD, to estimate the infection rate of malware between products. A Stuxnet-inspired case demonstrates our optimal diversification in practice, particularly when constrained by various requirements. We then measure the improved resilience of the diversified network in terms of a well-defined diversity metric and Mean-time-to-compromise (MTTC), to verify the effectiveness of our approach. We further evaluate three factors affecting the performance of the optimization, such as the network structure, the variety of products and constraints. Finally, we show the competitive scalability of our approach in finding optimal solutions within a couple of seconds to minutes for networks of large scales (up to 10,000 hosts) and high densities (up to 240,000 edges).

Simon Miller,Susan Appleby,Jonathan M. Garibaldi,Uwe Aickelin

DOI: https://doi.org/10.2139/ssrn.2823280

2013-01-01

International Journal of Secure Software Engineering

Abstract:The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. We show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.

Zhang Tao,Chen Xiarun,Chen Zhong

DOI: https://doi.org/10.1109/ICIPCA59209.2023.10257912

2023-01-01

Abstract:As the Internet environment becomes increasingly complex, network security gradually has more and more impact on people's real life. The research on static vulnerability detection is of great significance to the security of software systems. To solve the problems of imperfect technical support for basic analysis and high false alarm rate in the current mainstream static vulnerability detection methods, we design a vulnerability detection method based on taint value range propagation analysis, combining data flow analysis and abstract interpretation to achieve cross-functional variable value range analysis, and combining the identification and analysis of data security checks to achieve an automated vulnerability detection system prototype—RVDetecor, with good performance and detection, and applicable to real-world scenarios. In its analysis of the Linux kernel source code, RVDetecor verified 15 fixed issues.

Kun Meng,Chuang Lin,Yuanzhuo Wang,Yang Yang

2009-01-01

Abstract:Based on the technology of dynamic diversity backups, an intrusion tolerant system is proposed which guarantees the performance of the system and does not degrade drastically when it is exposed to outside attacks. By analyzing the consequence of the attacks, we give the attack model and model of the proposed intrusion tolerant system by General Stochastic Petri Net (GSPN). Through it, we can evaluate the efficiency of the intrusion tolerant system (ITS) based on the dynamic diversity backups. In the end of the paper, we analyze the proposed system with three diversity backups and random schedule strategy among the backups by the tool SPNP (Stochastic Petri Net package). The results show that the ITS is affected lightly under the heave attacks, which implies that the system can defend most intrusion effectively.

Yan Wu,Jingyi Su,David D. Moran,Chris D. Near

DOI: https://doi.org/10.48550/arXiv.2301.06215

2023-01-15

Software Engineering

Abstract:The mass production of complex software has made it impossible to manually test it for security vulnerabilities. Automated security testing tools come in a variety of flavors, function at various stages of software development, and target different categories of software vulnerabilities. It is great that we have a plethora of automated tools to choose from, but it is a problem that their adoption and recognition are not prominent. The purpose of this study is to explore the possibilities of existing techniques while also broadening the horizon by exploring the future of security testing tools and related techniques.