The Experts below are selected from a list of 128508 Experts worldwide ranked by ideXlab platform
Dai Yiqi - One of the best experts on this subject based on the ideXlab platform.
-
WCNIS - A software Vulnerability Analysis environment based on virtualization technology
2010 IEEE International Conference on Wireless Communications Networking and Information Security, 2010Co-Authors: Wang Chunlei, Dai YiqiAbstract:The accurate identification and effective Analysis of software vulnerabilities depends on flexible and extensible Analysis environment. However, current research work cannot provide highly available environment supporting for different types of vulnerabilities. Aiming at the problem, this paper proposes a novel method for constructing software Vulnerability Analysis environment based upon virtualization technique, defines the system level simulation model for Vulnerability Analysis, and describes the simulation model based Vulnerability Analysis method. Based upon the simulation model and Analysis method, we have designed and implemented the Virtualization-based Vulnerability Analysis Environment (VirtualVAE), which can examine the operation behaviors of guest operation system and applications at hardware level, and analyze the operation process of sensitive data in the whole system. Therefore, it can accurately simulate a wide variety of system behaviors, and provide dynamic Analysis capabilities for different types of vulnerabilities. The experimental results show that it provides a flexible environment for accurately identifying and analyzing the vulnerabilities of software systems.
-
Vulnerability Analysis Framework for Binaries Based on Model Checking
Computer Science, 2010Co-Authors: Dai YiqiAbstract:In order to analyze vulnerabilities in executable programs,a Vulnerability Analysis framework for binaries based upon model checking was proposed.Firstly,the abstract model of binary was defined,and the formal models of vulnerabilities based upon finite state automaton and the representations of software security attributes based upon event system were described.Then,the model checking based Vulnerability Analysis process and algorithm were proposed with respect to the abstract models of binaries and the security attributes to be checked.After that,the prototype of Vulnerability Analysis tool was designed and implemented based upon the framework.The illustrative sample program was analyzed to show in detail the principles of the framework,and the experimental results show the effectiveness of the Analysis method.
Jong In Lim - One of the best experts on this subject based on the ideXlab platform.
-
ISGT - Automated Vulnerability Analysis technique for smart grid infrastructure
2017 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), 2017Co-Authors: Yoojin Kwon, Huy Kang Kim, Koudjo M. Koumadi, Yong Hun Lim, Jong In LimAbstract:A smart grid is a fully automated power electricity network, which operates, protects and controls all its physical environments of power electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various Vulnerability Analysis methodologies for general systems have been suggested, whereas there has been few practical research targeting the smart grid infrastructure. In this paper, we highlight the significance of security Vulnerability Analysis in the smart grid environment. Then we introduce various automated Vulnerability Analysis techniques from executable files. In our approach, we propose a novel binary-based Vulnerability discovery method for AMI and EV charging system to automatically extract security-related features from the embedded software. Finally, we present the test result of Vulnerability discovery applied for AMI and EV charging system in Korean smart grid environment.
Hamid Reza Shahriari - One of the best experts on this subject based on the ideXlab platform.
-
Neural software Vulnerability Analysis using rich intermediate graph representations of programs
Information Sciences, 2021Co-Authors: Seyed Mohammad Ghaffarian, Hamid Reza ShahriariAbstract:Abstract Security vulnerabilities are among the major concerns of modern software engineering. Successful results of machine learning techniques in various challenging applications have led to an emerging field of research to investigate the effectiveness of machine learning, and more recently, deep learning techniques, for the problem of software Vulnerability Analysis and discovery. In this paper, we explore the utilization of Graph Neural Networks as the latest trend and progress in the field of artificial neural networks. To this end, we propose an original neural Vulnerability Analysis approach, using customized intermediate graph representations of programs to train graph neural network models. Experimental results on a public suite of vulnerable programs show that the proposed approach is effective at the task of software Vulnerability Analysis. Additional empirical experiments answer complementary research questions about the proposed approach. In particular, we present experimental results for the challenging task of cross-project Vulnerability Analysis, with interesting insights on the capabilities of our novel approach. Furthermore, a software utility that was developed in the course of this study is also published as a further contribution to the research community.
Zhi Xue - One of the best experts on this subject based on the ideXlab platform.
-
mining privilege escalation paths for network Vulnerability Analysis
Fuzzy Systems and Knowledge Discovery, 2007Co-Authors: Baowen Zhang, William Zhu, Zhi XueAbstract:Computer security is an important issue in our society. In order to prevent computer systems and networks from attacks, we should try to find flaws in these systems and evaluate them. Generally researchers and red teams use attack graphs to perform network Vulnerability Analysis, which tend to suffer scalability problems. In this paper we put forward a mining method to generate privilege escalation paths in networks. With these privilege escalation paths we create net privilege graphs and use them for network Vulnerability Analysis. Experiments show that our approach is valid and scalable to find the possible vulnerabilities exploitation ways in networks.
-
FSKD (4) - Mining Privilege Escalation Paths for Network Vulnerability Analysis
Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007), 2007Co-Authors: Baowen Zhang, William Zhu, Zhi XueAbstract:Computer security is an important issue in our society. In order to prevent computer systems and networks from attacks, we should try to find flaws in these systems and evaluate them. Generally researchers and red teams use attack graphs to perform network Vulnerability Analysis, which tend to suffer scalability problems. In this paper we put forward a mining method to generate privilege escalation paths in networks. With these privilege escalation paths we create net privilege graphs and use them for network Vulnerability Analysis. Experiments show that our approach is valid and scalable to find the possible vulnerabilities exploitation ways in networks.
Li Xin - One of the best experts on this subject based on the ideXlab platform.
-
Software Vulnerability Analysis
Computer Science, 2003Co-Authors: Li XinAbstract:Software Vulnerability is the root reason that cause computer system security problem. It's a new research topic to analyze Vulnerability based on the essence of software Vulnerability. This paper analyzes the main definitions and taxonomies of Vulnerability .studies Vulnerability database and tools for Vulnerability Analysis and detection,and gives the details about what caused the most common vnlnerabilities in the LINUX/UNIX operating systems.
