ISA: A Source Code Static Vulnerability Detection System Based on Data Fusion

A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

Security and Communication Networks ◽

10.1155/2021/9997641 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Xingzheng Li ◽

Bingwen Feng ◽

Guofeng Li ◽

Tong Li ◽

Mingjin He

Keyword(s):

Detection System ◽

Source Code ◽

Detection Methods ◽

Alignment Algorithm ◽

Vulnerability Detection ◽

Timely Manner ◽

Assembly Code ◽

Software Vulnerabilities ◽

Network Intrusion ◽

Deep Learning Model

Software vulnerabilities are one of the important reasons for network intrusion. It is vital to detect and fix vulnerabilities in a timely manner. Existing vulnerability detection methods usually rely on single code models, which may miss some vulnerabilities. This paper implements a vulnerability detection system by combining source code and assembly code models. First, code slices are extracted from the source code and assembly code. Second, these slices are aligned by the proposed code alignment algorithm. Third, aligned code slices are converted into vector and input into a hyper fusion-based deep learning model. Experiments are carried out to verify the system. The results show that the system presents a stable and convergent detection performance.

Download Full-text

The Design and Development of the Vulnerability Detection System of Android Platform

Revista de la Facultad de Ingeniería ◽

10.21311/002.31.7.10 ◽

2016 ◽

Keyword(s):

Detection System ◽

Vulnerability Detection ◽

Design And Development ◽

Android Platform

Download Full-text

Source code and binary level vulnerability detection and hot patching

Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering ◽

10.1145/3324884.3418914 ◽

2020 ◽

Author(s):

Zhengzi Xu

Keyword(s):

Source Code ◽

Vulnerability Detection

Download Full-text

PDVDS: A Pattern-Driven Software Vulnerability Detection System

2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing ◽

10.1109/euc.2010.88 ◽

2010 ◽

Author(s):

Shaoyin Cheng ◽

Jinding Wang ◽

Jiajie Wang ◽

Jun Yang ◽

Fan Jiang

Keyword(s):

Detection System ◽

Vulnerability Detection ◽

Software Vulnerability

Download Full-text

Research and implementation of vulnerability detection system for power plant industrial control network

10.1117/12.2624141 ◽

2021 ◽

Author(s):

Xiao Zhang ◽

Yang Pan ◽

Cong Li ◽

Zengkai Wang

Keyword(s):

Power Plant ◽

Detection System ◽

Control Network ◽

Vulnerability Detection ◽

Industrial Control

Download Full-text

Java Source Code Plagiarism Detection System

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2018.3748 ◽

2018 ◽

Vol 6 (3) ◽

pp. 3596-3600

Author(s):

Mrs. Ghuge Madhuri Laxman

Keyword(s):

Detection System ◽

Source Code ◽

Plagiarism Detection

Download Full-text

Evaluation of SQL Injection Vulnerability Detection Tools

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.a2648.109119 ◽

2019 ◽

Vol 9 (1) ◽

pp. 1747-1751

Keyword(s):

Static Analysis ◽

Web Applications ◽

Source Code ◽

False Negative ◽

Vulnerability Detection ◽

Sql Injection ◽

User Input ◽

Root Cause ◽

Analysis Tools ◽

Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

Download Full-text

An on-line wireless attack detection system using multi-layer data fusion

2011 IEEE International Workshop on Measurements and Networking Proceedings (M&N) ◽

10.1109/iwmn.2011.6088478 ◽

2011 ◽

Cited By ~ 2

Author(s):

Francisco J. Aparicio-Navarro ◽

Konstantinos G. Kyriakopoulos ◽

David J. Parish

Keyword(s):

Data Fusion ◽

Detection System ◽

Attack Detection ◽

On Line

Download Full-text

Generalized Evidential Processing in Multiple Simultaneous Threat Detection in UNIX

Enhancing Enterprise and Service-Oriented Architectures with Advanced Web Portal Technologies ◽

10.4018/978-1-4666-0336-3.ch009 ◽

2012 ◽

pp. 104-120

Author(s):

Zafar Sultan ◽

Paul Kwan

Keyword(s):

Data Fusion ◽

Detection System ◽

Set Cover ◽

Threat Detection ◽

Fusion Model ◽

Detection Systems ◽

Size Groups ◽

On Line ◽

And Performance ◽

Statistical Data Fusion

In this paper, a hybrid identity fusion model at decision level is proposed for Simultaneous Threat Detection Systems. The hybrid model is comprised of mathematical and statistical data fusion engines; Dempster Shafer, Extended Dempster and Generalized Evidential Processing (GEP). Simultaneous Threat Detection Systems improve threat detection rate by 39%. In terms of efficiency and performance, the comparison of 3 inference engines of the Simultaneous Threat Detection Systems showed that GEP is the better data fusion model. GEP increased precision of threat detection from 56% to 95%. Furthermore, set cover packing was used as a middle tier data fusion tool to discover the reduced size groups of threat data. Set cover provided significant improvement and reduced threat population from 2272 to 295, which helped in minimizing the processing complexity of evidential processing cost and time in determining the combined probability mass of proposed Multiple Simultaneous Threat Detection System. This technique is particularly relevant to on-line and Internet dependent applications including portals.

Download Full-text

Generalized Evidential Processing in Multiple Simultaneous Threat Detection in UNIX

International Journal of Web Portals ◽

10.4018/jwp.2010040105 ◽

2010 ◽

Vol 2 (2) ◽

pp. 51-67

Author(s):

Zafar Sultan ◽

Paul Kwan

Keyword(s):

Data Fusion ◽

Detection System ◽

Set Cover ◽

Threat Detection ◽

Fusion Model ◽

Data Set ◽

Detection Systems ◽

Processing Cost ◽

Size Groups ◽

And Performance

In this paper, a hybrid identity fusion model at decision level is proposed for Simultaneous Threat Detection Systems. The hybrid model is comprised of mathematical and statistical data fusion engines; Dempster Shafer, Extended Dempster and Generalized Evidential Processing (GEP). Simultaneous Threat Detection Systems improve threat detection rate by 39%. In terms of efficiency and performance, the comparison of 3 inference engines of the Simultaneous Threat Detection Systems showed that GEP is the better data fusion model. GEP increased precision of threat detection from 56% to 95%. Furthermore, set cover packing was used as a middle tier data fusion tool to discover the reduced size groups of threat data. Set cover provided significant improvement and reduced threat population from 2272 to 295, which helped in minimizing the processing complexity of evidential processing cost and time in determining the combined probability mass of proposed Multiple Simultaneous Threat Detection System. This technique is particularly relevant to on-line and Internet dependent applications including portals.

Download Full-text