Call for Paper - November 2020 Edition
IJCA solicits original research papers for the November 2020 Edition. Last date of manuscript submission is October 20, 2020. Read More

A Theoretical Framework for Software Vulnerability Detection based on Cascaded Refinement Network

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2018
Authors:
Richard Amankwah, Patrick Kwaku Kudjo, Beatrice Korkor Agyemang, Kofi Mensah, Bright Brew, Samuel Yeboah Antwi
10.5120/ijca2018918078

Richard Amankwah, Patrick Kwaku Kudjo, Beatrice Korkor Agyemang, Kofi Mensah, Bright Brew and Samuel Yeboah Antwi. A Theoretical Framework for Software Vulnerability Detection based on Cascaded Refinement Network. International Journal of Computer Applications 182(25):12-15, November 2018. BibTeX

@article{10.5120/ijca2018918078,
	author = {Richard Amankwah and Patrick Kwaku Kudjo and Beatrice Korkor Agyemang and Kofi Mensah and Bright Brew and Samuel Yeboah Antwi},
	title = {A Theoretical Framework for Software Vulnerability Detection based on Cascaded Refinement Network},
	journal = {International Journal of Computer Applications},
	issue_date = {November 2018},
	volume = {182},
	number = {25},
	month = {Nov},
	year = {2018},
	issn = {0975-8887},
	pages = {12-15},
	numpages = {4},
	url = {http://www.ijcaonline.org/archives/volume182/number25/30131-2018918078},
	doi = {10.5120/ijca2018918078},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Software vulnerability detection is an active area of research in the software engineering domain. This is partly due to the continuous disclosure of security vulnerabilities. Although previous studies demonstrate the usefulness of employing several detection techniques, models, tools in detecting software vulnerabilities, the improvement of effectiveness of these detection models and tools is still a major challenge to researchers and practitioners. Cascaded Refinement Network (CRN) is novel model that has been successfully applied in several domains of studies such as image analysis, however its application to the field of vulnerability analysis has not been investigated. Motivated by the model effectiveness in these fields of studies, we investigate its feasibility within the domain of vulnerability detection using a theoretical framework. The analysis involves first presenting a general overview of the static analysis tools, and then an overview of the theoretical framework for vulnerability detection based on the CRN. The preliminary findings show that the concept is feasible within the domain of vulnerability detection.

References

  1. C. Kuang, Q. Miao, and H. Chen, "Analysis of software vulnerability," in Proceedings of the 5th WSEAS International Conference on Information Security and Privacy, 2006, pp. 218-223.
  2. I. V. Krsul, "Software vulnerability analysis," Purdue University, 1998.
  3. W. Jimenez, A. Mammar, and A. Cavalli, "Software Vulnerabilities, Prevention and Detection Methods: A Review1," Security in Model-Driven Architecture, p. 6, 2009.
  4. T. Wang, T. Wei, G. Gu, and W. Zou, "TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection," in Security and privacy (SP), 2010 IEEE symposium on, 2010, pp. 497-512.
  5. P. E. Black and E. Fong, "Proceedings of Defining the State of the Art in Software Security Tools Workshop," NIST Special Publication, vol. 500, p. 264, 2005.
  6. A. Vetro, M. Morisio, and M. Torchiano, "An empirical validation of FindBugs issues related to defects," in Evaluation & Assessment in Software Engineering (EASE 2011), 15th Annual Conference on, 2011, pp. 144-153.
  7. P. Mell, K. Scarfone, and S. Romanosky, "A complete guide to the common vulnerability scoring system version 2.0," in Published by FIRST-Forum of Incident Response and Security Teams, 2007, p. 23.
  8. S. Hansman and R. Hunt, "A taxonomy of network and computer attacks," Computers & Security, vol. 24, pp. 31-43, 2005.
  9. M. Roesch, "Snort: Lightweight intrusion detection for networks," in Lisa, 1999, pp. 229-238.
  10. Q. Chen and V. Koltun, "Photographic image synthesis with cascaded refinement networks," in IEEE International Conference on Computer Vision (ICCV), 2017, p. 3.
  11. K. Zhang, Z. Zhang, Z. Li, and Y. Qiao, "Joint face detection and alignment using multitask cascaded convolutional networks," IEEE Signal Processing Letters, vol. 23, pp. 1499-1503, 2016.
  12. I. Y.-L. Hsiao and C.-W. Jen, "A new hardware design and FPGA implementation for Internet routing towards IP over WDM and terabit routers," in Circuits and Systems, 2000. Proceedings. ISCAS 2000 Geneva. The 2000 IEEE International Symposium on, 2000, pp. 387-390.
  13. D. Evans and D. Larochelle, "Improving security using extensible lightweight static analysis," IEEE software, vol. 19, pp. 42-51, 2002.
  14. G. J. Holzmann, "Static source code checking for user-defined properties," in Proc. IDPT, 2002.
  15. D. Hovemeyer and W. Pugh, "Finding bugs is easy," ACM Sigplan Notices, vol. 39, pp. 92-106, 2004.
  16. M. N. Al-Ameen, M. M. Hasan, and A. Hamid, "Making findbugs more powerful," in Software Engineering and Service Science (ICSESS), 2011 IEEE 2nd International Conference on, 2011, pp. 705-708.
  17. N. Ayewah, D. Hovemeyer, J. D. Morgenthaler, J. Penix, and W. Pugh, "Using static analysis to find bugs," IEEE software, vol. 25, 2008.
  18. T. Kremenek, K. Ashcraft, J. Yang, and D. Engler, "Correlation exploitation in error ranking," in ACM SIGSOFT Software Engineering Notes, 2004, pp. 83-93.
  19. A. L. Maas, A. Y. Hannun, and A. Y. Ng, "Rectifier nonlinearities improve neural network acoustic models," in Proc. icml, 2013, p. 3.

Keywords

Software Vulnerability; Static Analysis; Cascaded Refinement Network