基于集成的方法提高漏洞评估和渗透测试的准确性

2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH) Pub Date : 2016-02-01 DOI:10.1109/ICICCS.2016.7542303

J. Goel, Mohsen Hallaj Asghar, Vivek Kumar, S. Pandey

{"title":"基于集成的方法提高漏洞评估和渗透测试的准确性","authors":"J. Goel, Mohsen Hallaj Asghar, Vivek Kumar, S. Pandey","doi":"10.1109/ICICCS.2016.7542303","DOIUrl":null,"url":null,"abstract":"Vulnerability Assessment and Penetration Testing is an important activity to improve cyber defense of systems/networks. It assist to make systems/networks vulnerability free. But it is a costly process. Premium VAPT tools are very costly. Even premium VAPT tools are not able to give 100 % accuracy to find out vulnerability. In addition to that, single VAPT tool cannot find all type of vulnerabilities. So there is a need of a model that can find out all type vulnerabilities, gives almost 100 % accuracy and do not cost more. To achieve this goal we made an Ensemble approach of VAPT tools. Our approach combine multiple VAPT tools (open source/premium) and apply majority voting and weighted priority. Our approach provide better accuracy and more versatility. Our approach provide cost effective solution for vulnerability analysis and penetration testing. After that we made a software to implement this approach called `VEnsemble 1.0'. We have also presented implemented software and results in this paper.","PeriodicalId":389065,"journal":{"name":"2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Ensemble based approach to increase vulnerability assessment and penetration testing accuracy\",\"authors\":\"J. Goel, Mohsen Hallaj Asghar, Vivek Kumar, S. Pandey\",\"doi\":\"10.1109/ICICCS.2016.7542303\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Vulnerability Assessment and Penetration Testing is an important activity to improve cyber defense of systems/networks. It assist to make systems/networks vulnerability free. But it is a costly process. Premium VAPT tools are very costly. Even premium VAPT tools are not able to give 100 % accuracy to find out vulnerability. In addition to that, single VAPT tool cannot find all type of vulnerabilities. So there is a need of a model that can find out all type vulnerabilities, gives almost 100 % accuracy and do not cost more. To achieve this goal we made an Ensemble approach of VAPT tools. Our approach combine multiple VAPT tools (open source/premium) and apply majority voting and weighted priority. Our approach provide better accuracy and more versatility. Our approach provide cost effective solution for vulnerability analysis and penetration testing. After that we made a software to implement this approach called `VEnsemble 1.0'. We have also presented implemented software and results in this paper.\",\"PeriodicalId\":389065,\"journal\":{\"name\":\"2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICICCS.2016.7542303\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICCS.2016.7542303","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

漏洞评估和渗透测试是提高系统/网络网络防御能力的一项重要活动。它有助于使系统/网络无漏洞。但这是一个代价高昂的过程。高级VAPT工具非常昂贵。即使是高级的VAPT工具也不能100%准确地发现漏洞。除此之外，单个VAPT工具无法找到所有类型的漏洞。因此，需要一种能够发现所有类型漏洞的模型，它的准确率几乎是100%，而且成本不高。为了实现这一目标，我们制作了VAPT工具的集成方法。我们的方法结合了多个VAPT工具(开源/高级)，并应用多数投票和加权优先级。我们的方法提供了更好的准确性和更多的通用性。我们的方法为漏洞分析和渗透测试提供了经济有效的解决方案。之后，我们制作了一个软件来实现这种方法，称为“VEnsemble 1.0”。本文还给出了实现的软件和结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Ensemble based approach to increase vulnerability assessment and penetration testing accuracy

Vulnerability Assessment and Penetration Testing is an important activity to improve cyber defense of systems/networks. It assist to make systems/networks vulnerability free. But it is a costly process. Premium VAPT tools are very costly. Even premium VAPT tools are not able to give 100 % accuracy to find out vulnerability. In addition to that, single VAPT tool cannot find all type of vulnerabilities. So there is a need of a model that can find out all type vulnerabilities, gives almost 100 % accuracy and do not cost more. To achieve this goal we made an Ensemble approach of VAPT tools. Our approach combine multiple VAPT tools (open source/premium) and apply majority voting and weighted priority. Our approach provide better accuracy and more versatility. Our approach provide cost effective solution for vulnerability analysis and penetration testing. After that we made a software to implement this approach called `VEnsemble 1.0'. We have also presented implemented software and results in this paper.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH)

自引率

0.00%

发文量