Abstract
Due to the delay of threat warning and vulnerability fixing, the critical servers in cyberspace are under potential threat. With the help of vulnerability detection system, we can reduce risk and manage servers efficiently. To date, substantial related works have been done, combined with unenjoyable performance. To address these issues, we present VulAware, which is a distributed framework for detecting vulnerabilities. It is able to detect remote vulnerabilities automatically. Finally, empirical results show that VulAware significantly outperforms the state-of-the-art methods in both speed and robustness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
China National Vulnerability Database.
- 2.
National Internet Emergency Centre.
- 3.
- 4.
- 5.
References
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)
Broder, A., Mitzenmacher, M.: Network applications of bloom filters: a survey. Internet Math. 1(4), 485–509 (2004)
Chen, T.M., Cai, J.M., Jiang, R.R., Feng, X.C.: Design of network security scanning system based on plug-in. Comput. Eng. Des. (2004)
Doupé, A., Cavedon, L., Kruegel, C., Vigna, G.: Enemy of the state: a state-aware black-box vulnerability scanner. In: USENIX Security Symposium (2012)
Doupé, A., Cova, M., Vigna, G.: Why Johnny can’t pentest: an analysis of black-box web vulnerability scanners. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 111–131. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14215-4_7
Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: SecuBat: a web vulnerability scanner. In: International Conference on World Wide Web, pp. 247–256 (2006)
Liang, L., Zhang, Y., Gao, Y., Qian, X.: Research and implementation of a vulnerability detection and initiative recover system model. Comput. Eng. 3(3), 1–7 (2004)
Zhan, S.: Research and application of distributed vulnerability scanning model. Ph.D. thesis, Guangdong University of Technology (2013)
Acknowledgment
Our research is supported by Key Lab of Information Network Security of Ministry of Public Security, Open Project Foundation of Information Technology Research Base of Civil Aviation Administration of China (NO. CAAC-ITRB-201705), Beijing Common Construction Project (2017), National Innovation and Start-up Training Program (201710018026).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Wang, Z., Ma, P., Wang, R., Gao, S., Zhao, X., Yang, T. (2018). VulAware: Towards Massive-Scale Vulnerability Detection in Cyberspace. In: Meng, L., Zhang, Y. (eds) Machine Learning and Intelligent Communications. MLICOM 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 251. Springer, Cham. https://doi.org/10.1007/978-3-030-00557-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-00557-3_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00556-6
Online ISBN: 978-3-030-00557-3
eBook Packages: Computer ScienceComputer Science (R0)