检索结果-南通市图书馆

Evaluating the Impact of software security Tactics: A Design Perspective

Computers, Materials & Continua 2021年第3期66卷 2283-2299页

作者： Mamdouh Alenezi Abhishek Kumar Pandey Richa Verma Mohd Faizan Shalini Chandra Alka Agrawal Rajeev Kumar Raees Ahmad Khan College of Computer and Information Sciences Prince Sultan UniversitySaudi Arabia Department of Information Technology Babasaheb Bhimrao Ambedkar UniversityLucknowUttar PradeshIndia Department of Computer Science Babasaheb Bhimrao Ambedkar UniversityLucknowUttar PradeshIndia Department of Computer Application Shri Ramswaroop Memorial UniversityLucknowUttar PradeshIndia

Design architecture is the edifice that strengthens the functionalities as well as the security of web *** order to facilitate architectural security from the web application’s design phase itself,practitioners are now adopting the novel mechanism of security *** the intent to conduct a research from the perspective of security tactics,the present study employs a hybrid multi-criteria decision-making approach named fuzzy analytic hierarchy process-technique for order preference by similarity ideal solution(AHP-TOPSIS)method for selecting and assessing multi-criteria *** adopted methodology is a blend of fuzzy analytic hierarchy process(fuzzy AHP)and fuzzy technique for order preference by similarity ideal solution(fuzzy TOPSIS).To establish the efficacy of this methodology,the results are obtained after the evaluation have been tested on fifteen different web application projects(Online Quiz competition,Entrance Test,and others)of the Babasaheb Bhimrao Ambedkar University,Lucknow,*** tabulated outcomes demonstrate that the methodology of the Multi-Level Fuzzy Hybrid system is highly effective in providing accurate estimation for strengthening the security of web *** proposed study will help experts and developers in developing and managing security from any web application design phase for better accuracy and higher security.

关键词： Web application software security security tactics fuzzy AHP fuzzy TOPSIS

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Fuzzing:Progress,Challenges,and Perspectives

引用

Computers, Materials & Continua 2024年第1期78卷 1-29页

作者： Zhenhua Yu Zhengqi Liu Xuya Cong Xiaobo Li Li Yin Institute of Systems security and Control College of Computer Science and TechnologyXi'an University of Science and TechnologyXi'an710054China School of Mathematics and Information Science Baoji University of Arts and SciencesBaoji721013China Institute of Systems Engineering Macao University of Science and TechnologyTaipaMacaoChina

As one of the most effective techniques for finding software vulnerabilities,fuzzing has become a hot topic in software *** feeds potentially syntactically or semantically malformed test data to a target program to mine vulnerabilities and crash the *** recent years,considerable efforts have been dedicated by researchers and practitioners towards improving fuzzing,so there aremore and more methods and forms,whichmake it difficult to have a comprehensive understanding of the *** paper conducts a thorough survey of fuzzing,focusing on its general process,classification,common application scenarios,and some state-of-the-art techniques that have been introduced to improve its ***,this paper puts forward key research challenges and proposes possible future research directions that may provide new insights for researchers.

关键词： Fuzzing vulnerability software testing software security

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

software Vulnerability Mining and Analysis Based on Deep Learning

引用

Computers, Materials & Continua 2024年第8期80卷 3263-3287页

作者： Shibin Zhao Junhu Zhu Jianshan Peng State Key Laboratory of Mathematical Engineering and Advanced Computing Zhengzhou450001China

In recent years,the rapid development of computer software has led to numerous security problems,particularly software *** flaws can cause significant harm to users’privacy and *** security defect detection technology relies on manual or professional reasoning,leading to missed detection and high false detection *** intelligence technology has led to the development of neural network models based on machine learning or deep learning to intelligently mine holes,reducing missed alarms and false ***,this project aims to study Java source code defect detection methods for defects like null pointer reference exception,XSS(Transform),and Structured Query Language(SQL)***,the project uses open-source Javalang to translate the Java source code,conducts a deep search on the AST to obtain the empty syntax feature library,and converts the Java source code into a dependency *** feature vector is then used as the learning target for the neural *** types of Convolutional Neural Networks(CNN),Long Short-Term Memory(LSTM),Bi-directional Long Short-Term Memory(BiLSTM),and Attention Mechanism+Bidirectional LSTM,are used to investigate various code defects,including blank pointer reference exception,XSS,and SQL injection *** results show that the attention mechanism in two-dimensional BLSTM is the most effective for object recognition,verifying the correctness of the method.

关键词： Vulnerability mining software security deep learning static analysis

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Anticipatory active monitoring for safety-and security-critical software

引用

Science China(Information Sciences) 2012年第12期55卷 2723-2737页

作者： Martin LEUCKER Institute of software Technology and Programming Languages University of Lbeck

Since formal verification and testing of systems is normally faced with challenges such as state explosion and uncertain execution environments,it is extremely difficult to exhaustively verify and test software during the development ***,monitoring has become an indispensable means for finding latent software faults at *** current monitoring approaches only generate passive monitors,which cannot foresee possible faults and consequently cannot prevent their *** this paper,we propose an active monitoring approach based on runtime *** approach aims to predict possible incoming violations using a monitor that executes anticipatory semantics of temporal logic,and then generates the necessary steering actions according to a partial system model,which steers the system away from paths causing these *** this case,the monitor and monitored system make up a discrete feedback control *** further investigate the control theory behind active monitoring so that non-blocking controllability can be *** results of applying active monitoring to two cases,a railway crossing control system and security-enhanced Linux(SELinux),show that the method can effectively ensure both safety and security properties at runtime.

关键词： active monitoring runtime verification anticipation software safety software security

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

software Defect Prediction via Deep Belief Network

引用

Chinese Journal of Electronics 2019年第5期28卷 925-932页

作者： WEI Hua SHAN Chun HU Changzhen ZHANG Yu YU Xiao School of Computer Science and Technology Beijing Institute of Technology China Information Technology security Evaluation Center Beijing Key Laboratory of software security Engineering Technology Beijing Institute of Technology School of Electrical and Information Engineering and Beijing Key Laboratory of Intelligent Processing for Building Big Data Beijing University of Civil Engineering and Architecture State Key Laboratory in China for Geomechanics and Deep Underground Engineering (Beijing) China University of Mining and Technology School of Computer Science and Technology Shandong University of Technology

Defect distribution prediction is a meaningful topic because software defects are the fundamental cause of many attacks and data loss. Building accurate prediction models can help developers find bugs and prioritize their testing efforts. Previous researches focus on exploring different machine learning algorithms based on the features that encode the characteristics of *** problem of data redundancy exists in software defect data set, which has great influence on prediction *** propose a defect distribution prediction model(Deep belief network prediction model, DBNPM), a system for detecting whether a program module contains defects. The key insight of DBNPM is Deep belief network(DBN)technology, which is an effective deep learning technique in image processing and natural language processing,whose features are similar to defects in source *** results show that DBNPM can efficiently extract and process the data characteristics of source program and the performance is better than Support vector machine(SVM), Locally linear embedding SVM(LLE-SVM), and Neighborhood preserving embedding SVM(NPE-SVM).

关键词： Defect prediction software security Deep belief network(DBN)

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

MEBS: Uncovering Memory Life-Cycle Bugs in Operating System Kernels

引用

Journal of Computer Science & Technology 2021年第6期36卷 1248-1268页

作者： Gen Zhang Peng-Fei Wang Tai Yue Xu Zhou Kai Lu College of Computer National University of Defense TechnologyChangsha 410073China

Allocation,dereferencing,and freeing of memory data in kernels are coherently *** widely exist real cases where the correctness of memory is *** incorrectness in kernel memory brings about significant security issues,e.g.,information *** memory allocation,dereferencing,and freeing are closely related,previous work failed to realize they are closely *** this paper,we study the life-cycle of kernel memory,which consists of allocation,dereferencing,and *** in them are called memory life-cycle(MLC)*** propose an in-depth study of MLC bugs and implement a memory life-cycle bug sanitizer(MEBS)for MLC bug *** an interprocedural global call graph and novel identification approaches,MEBS can reveal memory allocation,dereferencing,and freeing sites in *** constructing a modified define-use chain and examining the errors in the life-cycle,MLC bugs can be ***,the experimental results on the latest kernels demonstrate that MEBS can effectively detect MLC bugs,and MEBS can be scaled to different *** than 100 new bugs are exposed in Linux and FreeBSD,and 12 common vulnerabilities and exposures(CVE)are assigned.

关键词： software security operating system memory life-cycle static analysis vulnerability detection

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

software Vulnerabilities Overview:A Descriptive Study

引用

Tsinghua Science and Technology 2020年第2期25卷 270-280页

作者： Mario Calín Sánchez Juan Manuel Carrillo de Gea José Luis Fernández-Alemán Jesús Garcerán Ambrosio Toval the Department of Informatics and Systems Faculty of Computer ScienceUniversity of Murcia

Computer security is a matter of great *** the last decade there have been numerous cases of cybercrime based on the exploitation of software *** fact has generated a great social concern and a greater importance of computer security as a *** this work,the most important vulnerabilities of recent years are identified,classified,and categorized individually.A measure of the impact of each vulnerability is used to carry out this classification,considering the number of products affected by each vulnerability,as well as its *** addition,the categories of vulnerabilities that have the greatest presence are *** on the results obtained in this study,we can understand the consequences of the most common vulnerabilities,which software products are affected,how to counteract these vulnerabilities,and what their current trend is.

关键词： descriptive study software security software vulnerabilities vulnerability databases

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

Unleashing the power of pseudo-code for binary code similarity analysis

引用

Cybersecurity 2023年第2期6卷 44-61页

作者： Weiwei Zhang Zhengzi Xu Yang Xiao Yinxing Xue School of Computer Science and Engineering University of Science and Technology of ChinaHefeiChina School of Computer Science and Engineering Nanyang Technological UniversitySingaporeSingapore Institute of Information Engineering Chinese Academy of SciencesBeijingChina School of Cyber security University of Chinese Academy of SciencesBeijingChina

Code similarity analysis has become more popular due to its significant applicantions,including vulnerability detection,malware detection,and patch *** the source code of the software is difficult to obtain under most circumstances,binary-level code similarity analysis(BCSA)has been paid much attention *** recent years,many BCSA studies incorporating Al techniques focus on deriving semantic information from binary functions with code representations such as assembly code,intermediate representations,and control flow graphs to measure the ***,due to the impacts of different compilers,architectures,and obfuscations,binaries compiled from the same source code may vary considerably,which becomes the major obstacle for these works to obtain robust *** this paper,we propose a solution,named UPPC(Unleashing the Power of Pseudo-code),which leverages the pseudo-code of binary function as input,to address the binary code similarity analysis challenge,since pseudocode has higher abstraction and is platform-independent compared to binary *** selectively inlines the functions to capture the full function semantics across different compiler optimization levels and uses a deep pyramidal convolutional neural network to obtain the semantic embedding of the *** evaluated UPPC on a data set containing vulnerabilities and a data set including different architectures(X86,ARM),different optimization options(O0-O3),different compilers(GCC,Clang),and four obfuscation *** experimental results show that the accuracy of UPPC in function search is 33.2%higher than that of existing methods.

关键词： Binary code similarity Machine learning software security Pseudo-code

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Accurate and efficient exploit capture and classification

引用

Science China(Information Sciences) 2017年第5期60卷 193-209页

作者： Yu DING Tao WEI Hui XUE Yulong ZHANG Chao ZHANG Xinhui HAN Institute of Computer Science and Technology Peking University Eletrical Engineering and Computer Sciences UC Berkeley

software exploits, especially zero-day exploits, are major security threats. Every day, security experts discover and collect numerous exploits from honeypots, malware forensics, and underground ***, no easy methods exist to classify these exploits into meaningful categories and to accelerate diagnosis as well as detailed analysis. To address this need, we present Seismo Meter, which recognizes both control-flowhijacking, and data-only attacks by combining approximate control-flow integrity, fast dynamic taint analysis and API sandboxing schemes. Once it detects an exploit incident, Seismo Meter generates a succinct data representation, called an exploit skeleton, to characterize the captured exploit. Seismo Meter then classifies the captured exploits into different exploit families by performing distance computing on the extracted *** evaluate the efficiency of Seismo Meter, we conduct a field test using exploit samples from public exploit databases, such as Metasploit, as well as wild-captured exploits. Our experiments demonstrate that Seismo Meter is a practical system that successfully detects and correctly classifies all these exploit attacks.

关键词： software security exploit classification exploit attack capture control flow integrity JIT security

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Selecting Best software Vulnerability Scanner Using Intuitionistic Fuzzy Set TOPSIS

引用

Computers, Materials & Continua 2022年第8期72卷 3613-3629页

作者： Navneet Bhatt Jasmine Kaur Adarsh Anand Omar H.Alhazmi Anil Surendra Modi School of Commerce Narsee Monjee Institute of Management StudiesDeemed to be UniversityMumbai400056India Department of Operational Research Faculty of Mathematical SciencesUniversity of DelhiDelhi110007India Department of Computer Science Taibah UniversityMedina30001Saudi Arabia

software developers endeavor to build their products with the least number of *** this,many vulnerabilities are detected in software that threatens its *** automated software i.e.,vulnerability scanners,are available in the market which helps detect and manage vulnerabilities in a computer,application,or a ***,the choice of an appropriate vulnerability scanner is crucial to ensure efficient vulnerability *** current work serves a dual purpose,first,to identify the key factors which affect the vulnerability discovery process in a *** second,is to rank the popular vulnerability scanners based on the identified *** will aid the firm in determining the best scanner for them considering multiple *** multi-criterion decision making based ranking approach has been discussed using the Intuitionistic Fuzzy set(IFS)and Technique for Order of Preference by Similarity to Ideal Solution(TOPSIS)to rank the various *** IFS TOPSIS,the opinion of a whole group could be simultaneously considered in the vulnerability scanner *** this study,five popular vulnerability scanners,namely,Nessus,Fsecure Radar,Greenbone,Qualys,and Nexpose have been *** inputs of industry specialists i.e.,people who deal in software security and vulnerability management process have been taken for the ranking *** the proposed methodology,a hierarchical classification of the various vulnerability scanners could be *** clear enumeration of the steps allows for easy adaptability of the model to varied *** study will help product developers become aware of the needs of the market and design better *** from the user’s point of view,it will help the system administrators in deciding which scanner to deploy depending on the company’s needs and *** current work is the first to use a Multi Criterion Group Decision Making technique in vulnerability scanner selection.

关键词： Intuitionistic fuzzy set group decision making multi-criteria decision making(MCDM) ranking algorithm software security TOPSIS vulnerability vulnerability scanners

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：