Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits

Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits

Currently the problem of monitoring the security of information systems is highly relevant. One of the important security monitoring tasks is to automate the process of determination of the system weaknesses for their further elimination. The paper considers the techniques for analysis of vulnerabil...

Full description

Bibliographic Details
Main Authors: Andrey Fedorchenko, Elena Doynikova, Igor Kotenko
Format: Article
Language:English
Published: Graz University of Technology 2019-09-01
Series:Journal of Universal Computer Science
Subjects:
vulnerability analysis
exploit analysis
vulnerab
Online Access:https://lib.jucs.org/article/22645/download/pdf/
id doaj-4e4862c6d5484418aef5a52a9b8fa2f9
record_format Article
spelling doaj-4e4862c6d5484418aef5a52a9b8fa2f92021-06-23T07:57:14ZengGraz University of TechnologyJournal of Universal Computer Science0948-69682019-09-012591043106510.3217/jucs-025-09-104322645Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of ExploitsAndrey Fedorchenko0Elena Doynikova1Igor Kotenko2St. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesSt. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesSt. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesCurrently the problem of monitoring the security of information systems is highly relevant. One of the important security monitoring tasks is to automate the process of determination of the system weaknesses for their further elimination. The paper considers the techniques for analysis of vulnerability indexes and exploit source code, as well as their subsequent classification. The suggested approach uses open security sources and incorporates two techniques, depending on the available security data. The first technique is based on the analysis of publicly available vulnerability indexes of the Common Vulnerability Scoring System for vulnerability classification by weaknesses. The second one complements the first one in case if there are exploits but there are no associated vulnerabilities and therefore the indexes for classification are absent. It is based on the analysis of the exploit source code for the features, i.e. indexes, using graph models. The extracted indexes are further used for weakness determination using the first technique. The paper provides the experiments demonstrating an effectiveness and potential of the developed techniques. The obtained results and the methods for their enhancement are discussed.https://lib.jucs.org/article/22645/download/pdf/vulnerability analysisexploit analysisvulnerab
collection DOAJ
language English
format Article
sources DOAJ
author Andrey Fedorchenko
Elena Doynikova
Igor Kotenko
spellingShingle Andrey Fedorchenko
Elena Doynikova
Igor Kotenko
Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits
Journal of Universal Computer Science
vulnerability analysis
exploit analysis
vulnerab
author_facet Andrey Fedorchenko
Elena Doynikova
Igor Kotenko
author_sort Andrey Fedorchenko
title Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits
title_short Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits
title_full Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits
title_fullStr Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits
title_full_unstemmed Determination of System Weaknesses Based on the Analysis of Vulnerability Indexes and the Source Code of Exploits
title_sort determination of system weaknesses based on the analysis of vulnerability indexes and the source code of exploits
publisher Graz University of Technology
series Journal of Universal Computer Science
issn 0948-6968
publishDate 2019-09-01
description Currently the problem of monitoring the security of information systems is highly relevant. One of the important security monitoring tasks is to automate the process of determination of the system weaknesses for their further elimination. The paper considers the techniques for analysis of vulnerability indexes and exploit source code, as well as their subsequent classification. The suggested approach uses open security sources and incorporates two techniques, depending on the available security data. The first technique is based on the analysis of publicly available vulnerability indexes of the Common Vulnerability Scoring System for vulnerability classification by weaknesses. The second one complements the first one in case if there are exploits but there are no associated vulnerabilities and therefore the indexes for classification are absent. It is based on the analysis of the exploit source code for the features, i.e. indexes, using graph models. The extracted indexes are further used for weakness determination using the first technique. The paper provides the experiments demonstrating an effectiveness and potential of the developed techniques. The obtained results and the methods for their enhancement are discussed.
topic vulnerability analysis
exploit analysis
vulnerab
url https://lib.jucs.org/article/22645/download/pdf/
work_keys_str_mv AT andreyfedorchenko determinationofsystemweaknessesbasedontheanalysisofvulnerabilityindexesandthesourcecodeofexploits
AT elenadoynikova determinationofsystemweaknessesbasedontheanalysisofvulnerabilityindexesandthesourcecodeofexploits
AT igorkotenko determinationofsystemweaknessesbasedontheanalysisofvulnerabilityindexesandthesourcecodeofexploits
_version_ 1721362373577539584

Similar Items