基于时间滞后的软件漏洞开发过程建模

Q3 Computer Science

Journal of Cyber Security and Mobility Pub Date : 2021-06-15 DOI:10.13052/jcsm2245-1439.1042

Adarsh Anand, N. Bhatt, J. Kaur, Y. Tamura

{"title":"基于时间滞后的软件漏洞开发过程建模","authors":"Adarsh Anand, N. Bhatt, J. Kaur, Y. Tamura","doi":"10.13052/jcsm2245-1439.1042","DOIUrl":null,"url":null,"abstract":"With the increase in the discovery of vulnerabilities, the expected exploits occurred in various software platform has shown an increased growth with respect to time. Only after being discovered, the potential vulnerabilities might be exploited. There exists a finite time lag in the exploitation process; from the moment the hackers get information about the discovery of a vulnerability and the time required in the final exploitation. By making use of the time lag approach, we have developed a framework for the vulnerability exploitation process that occurred in multiple stages. The time lag between the discovery and exploitation of a vulnerability has been bridged via the memory kernel function over a finite time interval. The applicability of the proposed model has been validated using various software exploit datasets.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"3 1","pages":"663-678"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Time Lag-Based Modelling for Software Vulnerability Exploitation Process\",\"authors\":\"Adarsh Anand, N. Bhatt, J. Kaur, Y. Tamura\",\"doi\":\"10.13052/jcsm2245-1439.1042\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the increase in the discovery of vulnerabilities, the expected exploits occurred in various software platform has shown an increased growth with respect to time. Only after being discovered, the potential vulnerabilities might be exploited. There exists a finite time lag in the exploitation process; from the moment the hackers get information about the discovery of a vulnerability and the time required in the final exploitation. By making use of the time lag approach, we have developed a framework for the vulnerability exploitation process that occurred in multiple stages. The time lag between the discovery and exploitation of a vulnerability has been bridged via the memory kernel function over a finite time interval. The applicability of the proposed model has been validated using various software exploit datasets.\",\"PeriodicalId\":37820,\"journal\":{\"name\":\"Journal of Cyber Security and Mobility\",\"volume\":\"3 1\",\"pages\":\"663-678\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Cyber Security and Mobility\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.13052/jcsm2245-1439.1042\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Computer Science\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cyber Security and Mobility","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.13052/jcsm2245-1439.1042","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 1

摘要

随着漏洞发现的增加，各种软件平台上发生的预期漏洞也呈现出随时间增长的趋势。只有被发现后，潜在的漏洞才有可能被利用。在开发过程中存在一定的时滞;从黑客获得有关漏洞发现的信息的那一刻起，以及最终利用所需的时间。通过使用时间滞后方法，我们为多个阶段发生的漏洞利用过程开发了一个框架。漏洞的发现和利用之间的时间差已经通过内存内核函数在有限的时间间隔内弥合。利用各种软件漏洞数据集验证了所提出模型的适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Time Lag-Based Modelling for Software Vulnerability Exploitation Process

With the increase in the discovery of vulnerabilities, the expected exploits occurred in various software platform has shown an increased growth with respect to time. Only after being discovered, the potential vulnerabilities might be exploited. There exists a finite time lag in the exploitation process; from the moment the hackers get information about the discovery of a vulnerability and the time required in the final exploitation. By making use of the time lag approach, we have developed a framework for the vulnerability exploitation process that occurred in multiple stages. The time lag between the discovery and exploitation of a vulnerability has been bridged via the memory kernel function over a finite time interval. The applicability of the proposed model has been validated using various software exploit datasets.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Cyber Security and Mobility Computer Science-Computer Networks and Communications

CiteScore

2.30

自引率

0.00%

发文量

期刊介绍： Journal of Cyber Security and Mobility is an international, open-access, peer reviewed journal publishing original research, review/survey, and tutorial papers on all cyber security fields including information, computer & network security, cryptography, digital forensics etc. but also interdisciplinary articles that cover privacy, ethical, legal, economical aspects of cyber security or emerging solutions drawn from other branches of science, for example, nature-inspired. The journal aims at becoming an international source of innovation and an essential reading for IT security professionals around the world by providing an in-depth and holistic view on all security spectrum and solutions ranging from practical to theoretical. Its goal is to bring together researchers and practitioners dealing with the diverse fields of cybersecurity and to cover topics that are equally valuable for professionals as well as for those new in the field from all sectors industry, commerce and academia. This journal covers diverse security issues in cyber space and solutions thereof. As cyber space has moved towards the wireless/mobile world, issues in wireless/mobile communications and those involving mobility aspects will also be published.