2013 | OriginalPaper | Buchkapitel
Security Oracle Based on Tree Kernel Methods
verfasst von : Andrea Avancini, Mariano Ceccato
Erschienen in: Trustworthy Eternal Systems via Evolving Software, Data and Knowledge
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
The objective of software testing is to stress a program to reveal programming defects. Security testing is, more specifically, that branch of testing which aims to reveal defects that could lead to security problems. Most of security testing declensions, however, have been mostly interested in the automatic generation of test cases that “try” to reveal a vulnerability, rather than assessing if test cases have actually “managed” to expose security issues.
In this paper, we cope with the latter problem. We investigate on the feasibility of using tree kernel methods to implement a classifier able to evaluate if a test case revealed a vulnerability, i.e. a security oracle for injection attacks. We compare six different variants of tree kernel methods in terms of their effectiveness in detecting attacks.