Intelligent Vulnerability Analyzer – A Novel Dynamic Vulnerability Analysis Framework for Mobile Based Online Applications

Autor: N. Deepika Malar, M. Eswaran, D. Jeya Mala
Rok vydání: 2018
Předmět:
Zdroj: Communications in Computer and Information Science ISBN: 9789811086595
DOI: 10.1007/978-981-10-8660-1_60
Popis: As per the survey taken by Computer Security Institute (2002), due to the evolution of internet technology and application popularization, security has become the key issue for implementing web based applications which have crucial online transactions. The surveys indicated that highly secured online applications accessed through the web are frequently experiencing several kinds of threats when compared to other conventional applications. If the vulnerable areas of such highly secured online applications are left undetected, inadvertent effects will happen ranging from erroneous operations, software failure and resource wastage to life threatening attacks such as leaking of sensitive information during crucial online transactions. In the proposed approach, the external attacks occurred due to dynamic user inputs are identified using heuristic guided intelligent graph searching performed by the Intelligent Vulnerability Analyzer Agent (IVA). To achieve this, each SQL query that accesses the SQLite data base information is converted into a graph and the agent compares each node in this graph against the SQL Master Graph (SQLMG) for potential threat areas. This is done by analyzing the pre and post conditions during the path exploration process from one node to another. For this, the agent performs both static source code as well as dynamic execution based analysis. Further, the queries are analyzed for percentage of false positives and false negatives based analysis.
Databáze: OpenAIRE
Externí odkaz: