An Automated Vulnerability Detection and Remediation Method for Software Security

Jurn, Jeesoo; Kim, Tae‐Eun; Kim, Hwankuk

doi:10.3390/su10051652

Cited by 17 publications

(15 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fuzzing, at its core, is a testing method that generates random inputs (i.e., numbers, chars, metadata, binary, and especially "known-to-be-dangerous" values such as zero, negative or very large numbers, SQL requests, special characters) that causes the target software to crash [26]. It can be divided into dumb fuzzing and smart fuzzing.…”

Section: Fuzzingmentioning

confidence: 99%

“…It can be divided into dumb fuzzing and smart fuzzing. Dumb fuzzing simply generates defects by randomly changing the input variables; this is very fast as changing the input variable is simple, but it is not very good at finding defects as code coverage is narrow [26]. Smart fuzzing, on the other hand, generates input values suitable for the target software based on the software's format and error generation.…”

Section: Fuzzingmentioning

confidence: 99%

See 1 more Smart Citation

Role of Artificial Intelligence in the Internet of Things (IoT) cybersecurity

Kuzlu

Fair

Güler³

2021

Discov Internet Things

159

View full text Add to dashboard Cite

In recent years, the use of the Internet of Things (IoT) has increased exponentially, and cybersecurity concerns have increased along with it. On the cutting edge of cybersecurity is Artificial Intelligence (AI), which is used for the development of complex algorithms to protect networks and systems, including IoT systems. However, cyber-attackers have figured out how to exploit AI and have even begun to use adversarial AI in order to carry out cybersecurity attacks. This review paper compiles information from several other surveys and research papers regarding IoT, AI, and attacks with and against AI and explores the relationship between these three topics with the purpose of comprehensively presenting and summarizing relevant literature in these fields.

show abstract

Section: Fuzzingmentioning

confidence: 99%

Section: Fuzzingmentioning

confidence: 99%

Role of Artificial Intelligence in the Internet of Things (IoT) cybersecurity

Kuzlu

Fair

Güler³

2021

Discov Internet Things

159

View full text Add to dashboard Cite

show abstract

“…To sustain the need of using, as an initial database, the list of IoT-oriented CVEs in our current proposal, numerous articles consider CVEs as main data source for vulnerabilities [5,13,14,15]. In Reference [14], the authors emphasize the need for a structured and trustworthy database of information regarding vulnerabilities, attacks, threats, countermeasures, and risks within the task of information security risk management processes.…”

Section: Related Workmentioning

confidence: 99%

“…As a rule, IoT systems are big consumers of computational resources, memory resources, and bandwidth. Therefore, existing approaches [5] for software solutions are not proven to be reliable for IoT systems also [3]. In this paper, we focus on IoT vulnerabilities found in IoT-specific technologies.…”

Section: Introductionmentioning

confidence: 99%

Named-Entity-Recognition-Based Automated System for Diagnosing Cybersecurity Situations in IoT Networks

Georgescu

Iancu

Zurini

2019

Sensors

View full text Add to dashboard Cite

The aim of this paper was to enhance the process of diagnosing and detecting possible vulnerabilities within an Internet of Things (IoT) system by using a named entity recognition (NER)-based solution. In both research and practice, security system management experts rely on a large variety of heterogeneous security data sources, which are usually available in the form of natural language. This is challenging as the process is very time consuming and it is difficult to stay up to date with the constant findings in the areas of security threats, vulnerabilities, attacks, countermeasures, and risks. The proposed system is conceived as a semantic indexing solution of existing vulnerabilities and serves as an information tool for security management experts. By integrating the proposed system, the users can easily discover the potential vulnerabilities of their IoT devices. The proposed solution integrates ontologies and NER techniques in order to obtain a high rate of automation with the scope of reaching a self-maintained and up-to-date system in terms of vulnerabilities and common exposures knowledge. To achieve this, a total of 312 CVEs (common vulnerabilities and exposures) specific to the IoT field were identified. CVEs are arguably one of the most important cybersecurity resources nowadays, containing information about the latest discovered vulnerabilities. This set is further used as data corpus for an NER model designed to identify the main entities and relations that are relevant to IoT security. The goal is to automatically monitor cybersecurity information relevant to IoT, and filter and present it in an organized and structured framework based on users’ needs. The taxonomies specific to IoT security are implemented via a domain ontology, which is later used to process natural language. Relevant tokens are marked as entities and the relations between them identified. The text analysis solution is connected to a gateway which scans the environment and identifies the main IoT devices and communication technologies. The strength of the approach proposed within this research is that the designed semantic gateway is using context-aware searches in the modeled IoT security database and can identify possible vulnerabilities before they can be exploited.

show abstract

“…al. [5], introduced a trend of systems and tools associated with machine-driven vulnerability detection and correction. we tend to propose an automatic vulnerability detection technique supported binary complexness analysis to stop a zero-day attack.…”

Section: Related Workmentioning

confidence: 99%

Software Vulnerability Classification Based On Deep Neural Network

Vitthalrao*,

Gupta

2019

IJEAT

View full text Add to dashboard Cite

Software vulnerability is most common issues in software engineering, many applications has suffering vulnerability, information leakage, and data hijacking such kind of problems facing since couple of years. Sometimes developers should be making some mistakes during code making which generate vulnerability issues for entire application. In this research work, we carried out an approach to software vulnerability detection using deep learning approach behalf of metadata processing. The system carried software vulnerability detection based on the Deep Neural Network (DNN). a new dynamic vulnerability classification approach has suggested. The model basic build based on TF-IDF as well density based feature selection approach for DNN. basically TF-IDF has used to measured the frequency and weight of specific word of vulnerability description; the Vector Space Model (VSM) is used for feature selection to achieve an finest set of feature term, and; the DNN neural network model is used to built an dynamic weakness classifier to achieve effectiveness into the bug detection. The overall system has categorized into four phases in first phase we detect the code clone to eliminate the data redundancy and execution time complexity, in second we apply Vector Space Model (VSM) recommend the re-factor possibility in entire code while in third section we build DNN module for software vulnerability detection and finally recommend the vulnerability for entire code. The system partial implementation has evaluated in java environment which provide satisfactory results for heterogeneous code modules .

show abstract

An Automated Vulnerability Detection and Remediation Method for Software Security

Cited by 17 publications

References 13 publications

Role of Artificial Intelligence in the Internet of Things (IoT) cybersecurity

Role of Artificial Intelligence in the Internet of Things (IoT) cybersecurity

Named-Entity-Recognition-Based Automated System for Diagnosing Cybersecurity Situations in IoT Networks

Software Vulnerability Classification Based On Deep Neural Network

Contact Info

Product

Resources

About