针对封闭源代码软件漏洞自动生成可共享的网络威胁情报:基于深度学习的检测系统

IF 2.4 4区 计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Süleyman Muhammed Arıkan, Aynur Koçak, Mustafa Alkan
{"title":"针对封闭源代码软件漏洞自动生成可共享的网络威胁情报:基于深度学习的检测系统","authors":"Süleyman Muhammed Arıkan, Aynur Koçak, Mustafa Alkan","doi":"10.1007/s10207-024-00882-4","DOIUrl":null,"url":null,"abstract":"<p>Software can be vulnerable to various types of interference. The production of cyber threat intelligence for closed source software requires significant effort, experience, and many manual steps. The objective of this study is to automate the process of producing cyber threat intelligence, focusing on closed source software vulnerabilities. To achieve our goal, we have developed a system called cti-for-css. Deep learning algorithms were used for detection. To simplify data representation and reduce pre-processing workload, the study proposes the function-as-sentence approach. The MLP, OneDNN, LSTM, and Bi-LSTM algorithms were trained using this approach with the SOSP and NDSS18 binary datasets, and their results were compared. The aforementioned datasets contain buffer error vulnerabilities (CWE-119) and resource management error vulnerabilities (CWE-399). Our results are as successful as the studies in the literature. The system achieved the best performance using Bi-LSTM, with F1 score of 82.4%. Additionally, AUC score of 93.0% was acquired, which is the best in the literature. The study concluded by producing cyber threat intelligence using closed source software. Shareable intelligence was produced in an average of 0.1 s, excluding the detection process. Each record, which was represented using our approach, was classified in under 0.32 s on average.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"19 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Automating shareable cyber threat intelligence production for closed source software vulnerabilities: a deep learning based detection system\",\"authors\":\"Süleyman Muhammed Arıkan, Aynur Koçak, Mustafa Alkan\",\"doi\":\"10.1007/s10207-024-00882-4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Software can be vulnerable to various types of interference. The production of cyber threat intelligence for closed source software requires significant effort, experience, and many manual steps. The objective of this study is to automate the process of producing cyber threat intelligence, focusing on closed source software vulnerabilities. To achieve our goal, we have developed a system called cti-for-css. Deep learning algorithms were used for detection. To simplify data representation and reduce pre-processing workload, the study proposes the function-as-sentence approach. The MLP, OneDNN, LSTM, and Bi-LSTM algorithms were trained using this approach with the SOSP and NDSS18 binary datasets, and their results were compared. The aforementioned datasets contain buffer error vulnerabilities (CWE-119) and resource management error vulnerabilities (CWE-399). Our results are as successful as the studies in the literature. The system achieved the best performance using Bi-LSTM, with F1 score of 82.4%. Additionally, AUC score of 93.0% was acquired, which is the best in the literature. The study concluded by producing cyber threat intelligence using closed source software. Shareable intelligence was produced in an average of 0.1 s, excluding the detection process. Each record, which was represented using our approach, was classified in under 0.32 s on average.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"19 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00882-4\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00882-4","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

软件容易受到各种干扰。为封闭源代码软件制作网络威胁情报需要大量精力、经验和许多手工步骤。本研究的目标是实现网络威胁情报制作过程的自动化,重点关注封闭源代码软件的漏洞。为实现这一目标,我们开发了一个名为 cti-for-css 的系统。深度学习算法用于检测。为了简化数据表示并减少预处理工作量,本研究提出了函数即句子的方法。利用这种方法,在 SOSP 和 NDSS18 二进制数据集上训练了 MLP、OneDNN、LSTM 和 Bi-LSTM 算法,并比较了它们的结果。上述数据集包含缓冲区错误漏洞(CWE-119)和资源管理错误漏洞(CWE-399)。我们的结果与文献中的研究结果一样成功。系统使用 Bi-LSTM 取得了最佳性能,F1 得分为 82.4%。此外,AUC 得分为 93.0%,是文献中最好的。研究最后使用闭源软件生成了网络威胁情报。除检测过程外,平均 0.1 秒即可生成可共享情报。使用我们的方法表示的每条记录平均在 0.32 秒内完成分类。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

Automating shareable cyber threat intelligence production for closed source software vulnerabilities: a deep learning based detection system

Automating shareable cyber threat intelligence production for closed source software vulnerabilities: a deep learning based detection system

Software can be vulnerable to various types of interference. The production of cyber threat intelligence for closed source software requires significant effort, experience, and many manual steps. The objective of this study is to automate the process of producing cyber threat intelligence, focusing on closed source software vulnerabilities. To achieve our goal, we have developed a system called cti-for-css. Deep learning algorithms were used for detection. To simplify data representation and reduce pre-processing workload, the study proposes the function-as-sentence approach. The MLP, OneDNN, LSTM, and Bi-LSTM algorithms were trained using this approach with the SOSP and NDSS18 binary datasets, and their results were compared. The aforementioned datasets contain buffer error vulnerabilities (CWE-119) and resource management error vulnerabilities (CWE-399). Our results are as successful as the studies in the literature. The system achieved the best performance using Bi-LSTM, with F1 score of 82.4%. Additionally, AUC score of 93.0% was acquired, which is the best in the literature. The study concluded by producing cyber threat intelligence using closed source software. Shareable intelligence was produced in an average of 0.1 s, excluding the detection process. Each record, which was represented using our approach, was classified in under 0.32 s on average.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Information Security
International Journal of Information Security 工程技术-计算机:理论方法
CiteScore
6.30
自引率
3.10%
发文量
52
审稿时长
12 months
期刊介绍: The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信