| 標題: | A Cost-effective Approach to evaluating Security Vulnerability Scanner |
| 作者: | Tung, Yuan-Hsin Tseng, Shian-Shyong Shih, Jen-Feng Shan, Hwai-Ling 資訊工程學系 Department of Computer Science |
| 關鍵字: | web vulnerability;security;vulnerability detection;cost-effective evaluation;advanced confusion matrix |
| 公開日期: | 2013 |
| 摘要: | Web applications are exposed to various threats and attacks, and therefore numerous tools are developed for detecting web application vulnerabilities. Many studies have focused on evaluating vulnerability scanners. An efficient evaluation approach for detection tools is essential and can be extremely helpful to the users. In this paper, we propose a cost-effective approach to evaluating vulnerability scanners by considering redundant vulnerability alert problem. We define the redundant alert problem in scanner evaluation with our motivational example and propose the advanced confusion matrix by extending two defined attributes, true duplication (TD) and false duplication (FD). Then we apply our proposed cost-effective evaluation approach and build up the web Vulnerability Scanner Testbed. |
| URI: | http://hdl.handle.net/11536/134732 |
| 期刊: | 2013 15TH ASIA-PACIFIC NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (APNOMS) |
| Appears in Collections: | Conferences Paper |
- 記憶空間釋放再利用之安全漏洞自動探索與發掘 / 陳祐任;謝續平;Chen, Yu-Jen;Shieh, Shiuh-Pyng
- 公路路網之脆弱度、回復力及減輕對策之資源配置 / 馮正民;FENG CHENG-MIN
- 用於網路漏洞掃描器之選擇性進入點探查 / 洪偉達;謝續平;Hong, Wei-Da;Shieh, Shiuhpyng
- 公路路網之脆弱度、回復力及減輕對策之資源配置 / 馮正民;FENG CHENG-MIN
- CRAXweb: Automatic Web Application Testing and Attack Generation / Huang, Shih-Kun;Lu, Han-Lin;Leong, Wai-Meng;Liu, Huan
- A testing framework for Web application security assessment / Huang, YW;Tsai, CH;Lin, TP;Huang, SK;Lee, DT
- 自動化網頁測試與攻擊產生 / 梁偉明;Leong, Wai-Meng;黃世昆;Huang, Shih-Kun
- 多樣化 Web 程式攻擊生成方法 / 施筱瑜;黃世昆;Shih, Hsiao-Yu;Huang, Shih-Kun
Loading...