Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications
Autor: | Hossain Shahriar, Hisham M. Haddad |
---|---|
Rok vydání: | 2016 |
Předmět: |
021110 strategic
defence & security studies Fuzzy rule business.industry Computer science Cross-site scripting Fuzzy set File inclusion vulnerability 0211 other engineering and technologies 02 engineering and technology Machine learning computer.software_genre Fuzzy logic Vulnerability assessment 0202 electrical engineering electronic engineering information engineering Web application 020201 artificial intelligence & image processing Artificial intelligence Data mining business Risk assessment computer |
Zdroj: | International Journal of Secure Software Engineering. 7:1-18 |
ISSN: | 1947-3044 1947-3036 |
DOI: | 10.4018/ijsse.2016040101 |
Popis: | This paper addresses the problem of assessing risk in web application due to implementation level vulnerabilities. In particular, the authors address the common research challenge of finding enough historical data to compute the probability of vulnerabilities and exploitations. They develop a Fuzzy Logic based System (FLS)1 to compute the risk uniformly and to address the diversity of risks. The authors propose a set of crisp metrics that are used to define fuzzy sets. They also develop a set of rule-bases to assess the risk level. The proposed FLS can be a useful tool to aid application developers and industry practitioners to assess the risk and plan ahead for employing necessary mitigation approaches. The authors evaluate their proposed approach using three real-world web applications implemented in PHP, and apply it to four types of common vulnerabilities. The initial results indicate that the proposed FLS approach can effectively discover high risk applications. |
Databáze: | OpenAIRE |
Externí odkaz: |