Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests

Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests

The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security requirements in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher l...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Schanes, Christian, Hubler, Andreas, Fankhauser, Florian, Grechenig, Thomas
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Machine learning
Measurement
Monitoring
Neurons
Robustness
Security
Software
System testing
Testing
Unsupervised learning
Vectors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security requirements in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. In the presented approach, we observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This is a generic method for different test targets which improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.
DOI:10.1109/ICSTW.2013.59