Cybersecurity and Software Assurance

Permanent URI for this collection

Browse

Recent Submissions

Now showing 1 - 6 of 6
  • Item
    VULNERLIZER: Cross-analysis Between Vulnerabilities and Software Libraries
    ( 2021-01-05) Pekaric, Irdin ; Felderer, Michael ; Steinmüller, Philipp
    The identification of vulnerabilities is a continuous challenge in software projects. This is due to the evolution of methods that attackers employ as well as the constant updates to the software, which reveal additional issues. As a result, new and innovative approaches for the identification of vulnerable software are needed. In this paper, we present VULNERLIZER, which is a novel framework for cross-analysis between vulnerabilities and software libraries. It uses CVE and software library data together with clustering algorithms to generate links between vulnerabilities and libraries. In addition, the training of the model is conducted in order to reevaluate the generated associations. This is achieved by updating the assigned weights. Finally, the approach is then evaluated by making the predictions using the CVE data from the test set. The results show that the VULNERLIZER has a great potential in being able to predict future vulnerable libraries based on an initial input CVE entry or a software library. The trained model reaches a prediction accuracy of 75% or higher.
  • Item
    Utilizing Remote Evaluation for Providing Data Sovereignty in Data-sharing Ecosystems
    ( 2021-01-05) Bruckner, Fabian ; Howar, Falk
    The maintenance of digital sovereignty is an important aspect of data-driven business models and data-sharing ecosystems. Considering this, sensitive data is often stored in proprietary systems under the data owner’s control and with appropriate security mechanisms. However, nowadays, it is often necessary to share data. As executing unknown and untrusted code on systems containing sensitive data is potentially dangerous, data-processing algorithms cannot be directly sent to the data-storing systems, as one solution. Instead, we have implemented an approach called remote processing that uses the domain-specific language \degree{}, which provides built-in usage control mechanisms for data processing tasks. The approach extends the well-known remote processing paradigm that allows controlled, distributed data usage without actual data sharing (transmission via network). Instead of classified data, applications and their execution results are transmitted. This way, sensitive data is never directly exposed to third parties. Furthermore, the application-integrated usage control mechanisms prevent malicious data usage.
  • Item
    Tracing CAPEC Attack Patterns from CVE Vulnerability Information using Natural Language Processing Technique
    ( 2021-01-05) Kanakogi, Kenta ; Washizaki, Hironori ; Fukazawa, Yoshiaki ; Ogata, Shinpei ; Okubo , Takao ; Kato, Takehisa ; Kanuka, Hideyuki ; Hazeyama, Atsuo ; Yoshioka, Nobukazu
    To effectively respond to vulnerabilities, information must not only be collected efficiently and quickly but also the vulnerability and the attack techniques must be understood. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses. Because the information in these two repositories is not directly related, identifying the related CAPEC attack information from the CVE vulnerability information is challenging. One proposed method traces some related CAPEC-ID from CVE-ID through Common Weakness Enumeration (CWE). However, it is not applicable to all patterns. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using TF-IDF and Doc2Vec. Additionally, we experimentally confirm that TF-IDF is more accurate than Doc2vec.
  • Item
    The use of partially observable Markov decision processes to optimally implement moving target defense
    ( 2021-01-05) Mcabee, Ashley ; Tummala, Murali ; Mceachen, John
    For moving target defense (MTD) to shift advantage away from cyber attackers, we need techniques which render systems unpredictable but still manageable. We formulate a partially observable Markov decision process (POMDP) which facilitates optimized MTD capable of thwarting cyber attacks without excess overhead. This paper describes POMDP formulation including the use of an absorbing final state and attack penalty scaling factor to abstract defender-defined priorities into the model. An autonomous agent leverages the POMDP to select the optimal defense based on assessed cyber-attack phase. We offer an example formulation wherein attack suppression of greater than 99% and system availability of greater than 94% were maintained even as probability of detection of attack phase dropped to 74%.
  • Item
    Machine Learning-Based Android Malware Detection Using Manifest Permissions
    ( 2021-01-05) Mcdonald, Jeffrey ; Herron, Nathan ; Glisson, William ; Benton, Ryan
    The Android operating system is currently the most prevalent mobile device operating system holding roughly 54 percent of the total global market share. Due to Android’s substantial presence, it has gained the attention of those with malicious intent, namely, malware authors. As such, there exists a need for validating and improving current malware detection techniques. Automated detection methods such as anti-virus programs are critical in protecting the wide variety of Android-powered mobile devices on the market. This research investigates effectiveness of four different machine learning algorithms in conjunction with features selected from Android manifest file permissions to classify applications as malicious or benign. Case study results, on a test set consisting of 5,243 samples, produce accuracy, recall, and precision rates above 80%. Of the considered algorithms (Random Forest, Support Vector Machine, Gaussian Naïve Bayes, and K-Means), Random Forest performed the best with 82.5% precision and 81.5% accuracy.
  • Item
    Introduction to the Minitrack on Cybersecurity and Software Assurance
    ( 2021-01-05) Chamberlain, Luanne ; George, Richard ; Llanso, Thomas