当前位置:
X-MOL 学术
›
IEEE Trans. Serv. Comput.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Shifting to Mobile: Network-based Empirical Study of Mobile Vulnerability Market
IEEE Transactions on Services Computing ( IF 8.1 ) Pub Date : 2020-01-01 , DOI: 10.1109/tsc.2016.2646687 Keman Huang , Jia Zhang , Wei Tan , Zhiyong Feng
IEEE Transactions on Services Computing ( IF 8.1 ) Pub Date : 2020-01-01 , DOI: 10.1109/tsc.2016.2646687 Keman Huang , Jia Zhang , Wei Tan , Zhiyong Feng
With the increasing popularity and great economic benefit from vulnerability exploitation, it is important to study mobile vulnerability in the mobile ecosystem. Beyond the traditional technical solutions such as developing technologies to identify potential vulnerabilities, discover the widely available exploitations and protect consumers from attacks, constructing the vulnerability market, a marketplace for vulnerability discovery, disclosure and exploitation, has been considered as an effective approach. Therefore, understanding the mechanism of the vulnerability market for further optimizations is attracting attentions from both academia and industry. Since mobile ecosystem is playing an increasingly important role for the daily life, this paper aims to understand the evolution of the mobile vulnerability market in a data-driven approach, aiming to identify the important issues for further research. Specially, a five-layer heterogeneous network, consisting of the software vendors, products, public disclosed vulnerabilities, hunters, organizations and their relations, is established to formally represent the evolution of the mobile vulnerability market. Based on the data collected from a variety of agencies, including NVD, OSVDB, BID and vendor advisories, a comprehensive empirical analysis is reported, focusing on the growth of the mobile vulnerability market as well as the interactions between mobile and other PCs platforms. Finally, suggestions drawn from the observations, including security evaluation for code reused, data leaking protection and permission overuse identification, hunter's strategy and behavior understanding, information sharing and external workforce hiring, as well as cross-platform vulnerability digging are discussed for further security enhancement.
中文翻译:
转向移动:基于网络的移动漏洞市场实证研究
随着漏洞利用的日益普及和巨大的经济效益,研究移动生态系统中的移动漏洞变得非常重要。除了传统的技术解决方案,例如开发技术以识别潜在漏洞,发现广泛可用的漏洞并保护消费者免受攻击,构建漏洞市场,一个漏洞发现、披露和利用的市场,已被认为是一种有效的方法。因此,了解漏洞市场的机制以进一步优化正在引起学术界和工业界的关注。由于移动生态系统在日常生活中发挥着越来越重要的作用,本文旨在以数据驱动的方法了解移动漏洞市场的演变,旨在确定进一步研究的重要问题。特别地,建立了一个由软件供应商、产品、公开披露的漏洞、猎人、组织及其关系组成的五层异构网络,正式代表了移动漏洞市场的演变。根据从各种机构收集的数据,包括 NVD、OSVDB、BID 和供应商咨询,报告了全面的实证分析,重点关注移动漏洞市场的增长以及移动和其他 PC 平台之间的交互。最后,从观察中得出的建议,包括代码重用的安全评估、数据泄漏保护和权限过度使用识别、猎人的策略和行为理解、信息共享和外部劳动力招聘,
更新日期:2020-01-01
中文翻译:
转向移动:基于网络的移动漏洞市场实证研究
随着漏洞利用的日益普及和巨大的经济效益,研究移动生态系统中的移动漏洞变得非常重要。除了传统的技术解决方案,例如开发技术以识别潜在漏洞,发现广泛可用的漏洞并保护消费者免受攻击,构建漏洞市场,一个漏洞发现、披露和利用的市场,已被认为是一种有效的方法。因此,了解漏洞市场的机制以进一步优化正在引起学术界和工业界的关注。由于移动生态系统在日常生活中发挥着越来越重要的作用,本文旨在以数据驱动的方法了解移动漏洞市场的演变,旨在确定进一步研究的重要问题。特别地,建立了一个由软件供应商、产品、公开披露的漏洞、猎人、组织及其关系组成的五层异构网络,正式代表了移动漏洞市场的演变。根据从各种机构收集的数据,包括 NVD、OSVDB、BID 和供应商咨询,报告了全面的实证分析,重点关注移动漏洞市场的增长以及移动和其他 PC 平台之间的交互。最后,从观察中得出的建议,包括代码重用的安全评估、数据泄漏保护和权限过度使用识别、猎人的策略和行为理解、信息共享和外部劳动力招聘,
京公网安备 11010802027423号