A BENCHMARK FRAMEWORK AND SUPPORT FOR AT-SCALE BINARY VULNERABILITY ANALYSIS

Download
Author
Afanador, Kayla N.
Date
2021-09Advisor
Irvine, Cynthia E.
Eagle, Christopher S.
Shaffer, Alan B.
Denning, Peter J.
Alderson, David L., Jr.
Beverly, Robert
Metadata
Show full item recordAbstract
Today, software is integrated into nearly every aspect of our lives and so are its vulnerabilities. Exploited software vulnerabilities can have detrimental financial, social, and economic effects. Researchers rely on Vulnerability Analysis Tools and Techniques (VATT) to amplify the vulnerability analysis process. There are hundreds of VATTs on the market, but there is no way to compare their relative efficacy. We developed a framework for the Benchmark for Vulnerability Analysis Tools and Techniques (BVATT). In addition to providing key metrics for quantifying the performance of a particular VATT, the proposed framework ensures that BVATT will facilitate the comparison of different VATTs in a manner that is repeatable, reproducible, fair, verifiable, and relevant. Additionally, in the past decade, there has been a noteworthy increase of VATTs that leverage machine-learning and data-mining techniques to identify vulnerabilities. Yet, there is no open-source tool to synthesize the extraction, cleaning, and transformation of common features from binary files to be compatible with these techniques. We develop such a tool, and call it BiSECT (Binary Synthesized Extraction, Cleaning, and Transformation). BiSECT reduces the barrier to entry and makes binary vulnerability analysis using data mining and machine learning more accessible to researchers.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Submarine Pier Side Weapons Handling Risk Assessment
Vaneman, Warren; Sweeney, Joseph; Langford, Gary; Parker, Gary; Wolfgeher, Chris; Harley, Willima (Monterey, California. Naval Postgraduate School, 2015);This research examines new methods to assess and improve Physical Protection Systems (PPS), paying specific attention to a Navy Level 3 Restricted Areas, a special type of industrial and refit zone that normally handles ... -
Identifying Supervisory Control and Data Acquisition (SCADA) systems on a network via remote reconnaissance
Wiberg, Kenneth C. (Monterey, California. Naval Postgraduate School, 2006-09);Presidential Decision Directive (PDD) 63 calls for improving the security of Supervisory Control and Data Acquisition (SCADA) and other control systems which operate the critical infrastructure of the United States. In ... -
Using expert systems to conduct vulnerability assessments
Lankhorst, Debra A. (Monterey, California. Naval Postgraduate School, 1996-09);An Information Warrior faces a complex and dynamic operating environment. To conduct an accurate Vulnerability Assessment and Risk Analysis of the enemy force (or a friendly force), a multitude of cause and effect relationships ...