Browse > Article
http://dx.doi.org/10.5762/KAIS.2017.18.11.46

A Software Vulnerability Analysis System using Learning for Source Code Weakness History  

Lee, Kwang-Hyoung (Division of Software Engineering, Seoil University)
Park, Jae-Pyo (Graduate School of Information Sciences)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.18, no.11, 2017 , pp. 46-52 More about this Journal
Abstract
Along with the expansion of areas in which ICT and Internet of Things (IoT) devices are utilized, open source software has recently expanded its scope of applications to include computers, smart phones, and IoT devices. Hence, as the scope of open source software applications has varied, there have been increasing malicious attempts to attack the weaknesses of open source software. In order to address this issue, various secure coding programs have been developed. Nevertheless, numerous vulnerabilities are still left unhandled. This paper provides some methods to handle newly raised weaknesses based on the analysis of histories and patterns of previous open source vulnerabilities. Through this study, we have designed a weaknesses analysis system that utilizes weakness histories and pattern learning, and we tested the performance of the system by implementing a prototype model. For five vulnerability categories, the average vulnerability detection time was shortened by about 1.61 sec, and the average detection accuracy was improved by 44%. This paper can provide help for researchers studying the areas of weaknesses analysis and for developers utilizing secure coding for weaknesses analysis.
Keywords
Open source; Secure coding; Secure weakness; Weakness history; Weakness learning;
Citations & Related Records
Times Cited By KSCI : 14  (Citation Analysis)
연도 인용수 순위
1 Jin-Hyeon Chang, "Improvement of The National Technical Qualifications System from ICT point of view", The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 16, No. 2, pp. 189-199, Apr. 30, 2016. DOI: http://dx.doi.org/10.7236/JIIBC.2016.16.2.189   DOI
2 Mi-Hee Youn, Dongwon Kim, "A study of Development and Management on ASEAN Women's ICT Development Index and Measurement", The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 16, No. 4, pp. 181-187, Aug. 31, 2016. DOI: http://dx.doi.org/10.7236/JIIBC.2016.16.4.181   DOI
3 Young-Jun Jeon, Hee-Joung Hwang, "Design of Dynamic Buffer Assignment and Message model for Large-scale Process Monitoring of Personalized Health Data", The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 15, No. 6, pp. 187-193, Dec. 31, 2015. DOI: http://dx.doi.org/10.7236/JIIBC.2015.15.6.187   DOI
4 Jee-Hyun Kim, Young-Im Cho, "A Study on National ICT Competency Model, The Journal of The Institute of Internet", Broadcasting and Communication (IIBC), Vol. 15, No. 6, pp. 275-281, Dec. 31, 2015. DOI: http://dx.doi.org/10.7236/JIIBC.2015.15.6.275
5 Young-Jun Jeon, Seok-Jin Im, Hee-Joung Hwang, "Design of a Data Grid Model between TOS and HL7 FHIR Service for the Retrieval of Personalized Health Resources", The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 16, No. 4, pp. 139-145, Aug. 31, 2016. DOI: http://dx.doi.org/10.7236/JIIBC.2016.16.4.139   DOI
6 S. K. Choi, T. J. Hwang, Y. B. Park, "2011 CWE/SANS Top 25 Dangerous Software Errors-based Vulnerability analysis and Secure Coding of the Hadoop's MapReduce Framework," Korea Computer Congress, 2013.
7 Gee-Hyun Hwang, "The Relationship among TQM Practices, Employee Satisfaction and Employee Loyalty in ICT Customer Service and Retail Distribution Organizations", Journal of Society of Korea Industrial and Systems Engineering, Vol.38, No.1, pp. 188-198, 2015. DOI : https://doi.org/10.11627/jkise.2014.38.1.188   DOI
8 Eunhye Kim, Ju-Won Park, "Runtime Prediction Based on Workload-Aware Clustering", J. Soc. Korea Ind. Syst. Eng, Vol. 38, No. 3, pp. 56-63, Sep. 2015. DOI: http://dx.doi.org/10.11627/jkise.2015.38.3.56   DOI
9 H. H. Chae, J. K. Lee, K. H. Lee, "A Study on The Security Vulnerability Analysis of Open an Automatic Demand Response System", Journal of digital Convergence , vol. 14, no. 5, pp. 333-339, 2016. DOI: http://dx.doi.org/10.14400/JDC.2016.14.5.333   DOI
10 H. J. Lee, O. C. Na, S. Y. Sung, H. B. Chang, "A Design on Security Governance Framework for Industry Convergence Environment ", Journal of the Korea Convergence Society, vol. 6, no. 4, pp. 33-40, 2015. DOI: https://doi.org/10.15207/JKCS.2015.6.4.033   DOI
11 CAPEC : Comon Attack Pattern Enumeration and Classification, http://capec.mitre.org/. Date accessed: 20/06/2016.
12 2011 CWE/SANS Top 25 Most Dangerous Programming Errors, http://cwe.mitre.org/top25/. Date accessed: 20/06/2016.
13 Ji Hoon Kyung, Chong Su Kim, A Study on Measurements of IT Security Service Quality:Feasibility of Quantitative Measures, J. Soc. Korea Ind. Syst. Eng Vol. 38, No. 4, pp. 30-38, Dec. 2015. DOI: http://dx.doi.org/10.11627/jkise.2015.38.4.30   DOI
14 Hee-Ohl Kim, Dong-Hyun Baek, Prioritize Security Strategy based on Enterprise Type Classification Using Pair Comparison, J. Soc. Korea Ind. Syst. Eng, Vol. 39, No. 4, pp. 97-105, Dec. 2016. DOI: http://dx.doi.org/10.11627/jkise.2016.39.4.097   DOI
15 J. H. Lee, S. J. Kim, J. P. Park, "A Development of Smart Fuzzing Tool Combined with Black and White Box Testing," Asia Pacific International Conference on Information Science and Technology(APIC-IST) 2016.
16 Common Vulnerability Scoring System, http://www.first.org/cvss/. Date accessed: 20/06/2016.
17 Common Weakness Enumeration, http://cwe.mitre.org. Date accessed: 20/06/2016.
18 S. W. Cho, W. J. Jang, H. W. Lee, "mVoIP Vulnerability Analysis And its Countermeasures on Smart Phone", Journal of the Korea Convergence Society, vol. 3, no. 3, pp. 7-12, 2012.
19 Y. J. Moon, A study on program configuration management methodology based on the configuration management practices of CMMI and SPICE, Master's Thesis, Dept. of Computer Engineering, Yonsei University, 2006.
20 CODE Community, IT Framework, InforDream, 2006.
21 S. S. Shin, J. I. Kim, J. J. Youn, "Vulnerability Analysis of the Creativity and Personality Education based on Digital Convergence Curation System", Journal of the Korea Convergence Society, vol. 6, no. 4, pp. 225-234, 2015. DOI: https://doi.org/10.15207/JKCS.2015.6.4.225   DOI
22 Myongyeal Lee, Jaepyo Park, Analysis and Study on Invasion Threat and Security Measures for Smart Home Services in IoT Environment, The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 16, No. 5, pp. 27-32, Oct. 31, 2016. DOI: http://dx.doi.org/10.7236/JIIBC.2016.16.5.27   DOI
23 Ho-Yong Lee, Dong-Hoon Lee, Security of Ethernet in Automotive Electric/Electronic Architectures, The Journal of The Institute of Internet, Broadcasting and Communication (IIBC), Vol. 16, No. 5, pp. 39-48, Oct. 31, 2016. DOI: http://dx.doi.org/10.7236/JIIBC.2016.16.5.39   DOI