| Title | Relating the Empirical Foundations of Attack Generation and Vulnerability Discovery |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Westland, T., Niu, N., Jha, R., Kapp, D., Kebede, T. |
| Conference Name | 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI) |
| Date Published | aug |
| Keywords | Analytical models, anti-virus, antivirus tool, automatic attack generation, automatic exploit generation, compositionality, computer viruses, data mining, Data models, information foraging, Information Reuse and Security, malware detection, Payloads, program testing, pubcrawl, Resiliency, security, security auditing, security testing, software security, Tools, Trojan detection, Trojan horses, vulnerability discovery |
| Abstract | Automatically generating exploits for attacks receives much attention in security testing and auditing. However, little is known about the continuous effect of automatic attack generation and detection. In this paper, we develop an analytic model to understand the cost-benefit tradeoffs in light of the process of vulnerability discovery. We develop a three-phased model, suggesting that the cumulative malware detection has a productive period before the rate of gain flattens. As the detection mechanisms co-evolve, the gain will likely increase. We evaluate our analytic model by using an anti-virus tool to detect the thousands of Trojans automatically created. The anti-virus scanning results over five months show the validity of the model and point out future research directions. |
| DOI | 10.1109/IRI49571.2020.00014 |
| Citation Key | westland_relating_2020 |
Relating the Empirical Foundations of Attack Generation and Vulnerability Discovery