Visible to the public Relating the Empirical Foundations of Attack Generation and Vulnerability Discovery

TitleRelating the Empirical Foundations of Attack Generation and Vulnerability Discovery
Publication TypeConference Paper
Year of Publication2020
AuthorsWestland, T., Niu, N., Jha, R., Kapp, D., Kebede, T.
Conference Name2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI)
Date Publishedaug
KeywordsAnalytical models, anti-virus, antivirus tool, automatic attack generation, automatic exploit generation, compositionality, computer viruses, data mining, Data models, information foraging, Information Reuse and Security, malware detection, Payloads, program testing, pubcrawl, Resiliency, security, security auditing, security testing, software security, Tools, Trojan detection, Trojan horses, vulnerability discovery
AbstractAutomatically generating exploits for attacks receives much attention in security testing and auditing. However, little is known about the continuous effect of automatic attack generation and detection. In this paper, we develop an analytic model to understand the cost-benefit tradeoffs in light of the process of vulnerability discovery. We develop a three-phased model, suggesting that the cumulative malware detection has a productive period before the rate of gain flattens. As the detection mechanisms co-evolve, the gain will likely increase. We evaluate our analytic model by using an anti-virus tool to detect the thousands of Trojans automatically created. The anti-virus scanning results over five months show the validity of the model and point out future research directions.
Citation Keywestland_relating_2020