当前位置:
X-MOL 学术
›
arXiv.cs.SE
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Vulnerability Coverage for Secure Configuration
arXiv - CS - Software Engineering Pub Date : 2020-06-14 , DOI: arxiv-2006.08604 Shuvalaxmi Dass and Akbar Siami Namin
arXiv - CS - Software Engineering Pub Date : 2020-06-14 , DOI: arxiv-2006.08604 Shuvalaxmi Dass and Akbar Siami Namin
We present a novel idea on adequacy testing called ``{vulnerability
coverage}.'' The introduced coverage measure examines the underlying software
for the presence of certain classes of vulnerabilities often found in the
National Vulnerability Database (NVD) website. The thoroughness of the test
input generation procedure is performed through the adaptation of evolutionary
algorithms namely Genetic Algorithms (GA) and Particle Swarm Optimization
(PSO). The methodology utilizes the Common Vulnerability Scoring System (CVSS),
a free and open industry standard for assessing the severity of computer system
security vulnerabilities, as a fitness measure for test inputs generation. The
outcomes of these evolutionary algorithms are then evaluated in order to
identify the vulnerabilities that match a class of vulnerability patterns for
testing purposes.
中文翻译:
安全配置的漏洞覆盖
我们提出了一个关于充分性测试的新想法,称为“{漏洞覆盖}”。引入的覆盖度量检查底层软件是否存在某些经常在国家漏洞数据库 (NVD) 网站上发现的漏洞类别。测试输入生成过程的彻底性是通过进化算法的适应来执行的,即遗传算法 (GA) 和粒子群优化 (PSO)。该方法利用通用漏洞评分系统 (CVSS),这是一种用于评估计算机系统安全漏洞严重性的免费和开放的行业标准,作为测试输入生成的适合度衡量标准。
更新日期:2020-06-17
中文翻译:
安全配置的漏洞覆盖
我们提出了一个关于充分性测试的新想法,称为“{漏洞覆盖}”。引入的覆盖度量检查底层软件是否存在某些经常在国家漏洞数据库 (NVD) 网站上发现的漏洞类别。测试输入生成过程的彻底性是通过进化算法的适应来执行的,即遗传算法 (GA) 和粒子群优化 (PSO)。该方法利用通用漏洞评分系统 (CVSS),这是一种用于评估计算机系统安全漏洞严重性的免费和开放的行业标准,作为测试输入生成的适合度衡量标准。