Detailed Information

Cited 1 time in webofscience Cited 2 time in scopus
Metadata Downloads

A hybrid vulnerability analysis tool using a risk evaluation technique

Authors
Park, J.Choo, Y.Lee, J.
Issue Date
Mar-2019
Publisher
Springer New York LLC
Keywords
Vulnerability; Degree of risk; Vulnerability detection; Accuracy of detection
Citation
Wireless Personal Communications, v.105, no.2, pp.443 - 459
Journal Title
Wireless Personal Communications
Volume
105
Number
2
Start Page
443
End Page
459
URI
http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/31194
DOI
10.1007/s11277-018-5959-z
ISSN
0929-6212
Abstract
Recent there have been many efforts to detect and analyze vulnerabilities using diverse analysis tools, removing them at the development stage. However, vulnerability analysis tools are prone to missed detections incorrect detections and over detection which reduces the accuracy of detection. In this study, a vulnerability detection technique is proposed that develops and manages safe applications and can resolve and analyze these problems. Risks due to vulnerabilities are computed and an intelligent vulnerability detection technique is used to improve accuracy and evaluate risks of the final version of the application. This helps the development and execution of safe applications.Through incorporation of tools that use both static and dynamic analysis techniques our proposed technique overcomes weak points at each stage and improves the accuracy of vulnerability detection. Existing vulnerability risk evaluation system only evaluate self-risks while our proposed vulnerability risk evaluation system reflects vulnerability self-risk and detection accuracy in a complex fashion to evaluate relative. Our proposed technique compares and analyzes existing analysis tools such as lists for detections and detection accuracy based on the top 10 items of SANS at CWE. Quantitative evaluation systems for existing vulnerability risks and proposed application vulnerability risks are compared and analyzed. Through, incorporation of tools that use both static analysis and dynamic analysis techniques. We developed prototype analysis tool using our technique to test the application's vulnerability-detection ability and show our proposed technique is superior to existing ones.
Files in This Item
There are no files associated with this item.
Appears in
Collections
ETC > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher PARK, JAE PYO photo

PARK, JAE PYO
Graduate School (Graduate School of Information Sciences)
Read more

Altmetrics

Total Views & Downloads

BROWSE