語系:
繁體中文
English
說明(常見問題)
回圖書館首頁
手機版館藏查詢
登入
回首頁
切換:
標籤
|
MARC模式
|
ISBD
Scaling Software Security Analysis t...
~
Jang, Jiyong.
FindBook
Google Book
Amazon
博客來
Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code.
紀錄類型:
書目-語言資料,印刷品 : Monograph/item
正題名/作者:
Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code./
作者:
Jang, Jiyong.
面頁冊數:
162 p.
附註:
Source: Dissertation Abstracts International, Volume: 75-02(E), Section: B.
Contained By:
Dissertation Abstracts International75-02B(E).
標題:
Engineering, Computer. -
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3575504
ISBN:
9781303536595
Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code.
Jang, Jiyong.
Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code.
- 162 p.
Source: Dissertation Abstracts International, Volume: 75-02(E), Section: B.
Thesis (Ph.D.)--Carnegie Mellon University, 2013.
Software security is a big data problem. The volume of new software artifacts created far outpaces the current capacity of software analysis. This gap has brought an urgent challenge to our security community---scalability. If our techniques cannot cope with an ever increasing volume of software, we will always be one step behind attackers. Thus developing scalable analysis to bridge the gap is essential.
ISBN: 9781303536595Subjects--Topical Terms:
1669061
Engineering, Computer.
Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code.
LDR
:03552nam a2200313 4500
001
1958949
005
20140512081856.5
008
150210s2013 ||||||||||||||||| ||eng d
020
$a
9781303536595
035
$a
(MiAaPQ)AAI3575504
035
$a
AAI3575504
040
$a
MiAaPQ
$c
MiAaPQ
100
1
$a
Jang, Jiyong.
$3
2094204
245
1 0
$a
Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code.
300
$a
162 p.
500
$a
Source: Dissertation Abstracts International, Volume: 75-02(E), Section: B.
500
$a
Adviser: David Brumley.
502
$a
Thesis (Ph.D.)--Carnegie Mellon University, 2013.
520
$a
Software security is a big data problem. The volume of new software artifacts created far outpaces the current capacity of software analysis. This gap has brought an urgent challenge to our security community---scalability. If our techniques cannot cope with an ever increasing volume of software, we will always be one step behind attackers. Thus developing scalable analysis to bridge the gap is essential.
520
$a
In this dissertation, we argue that automatic code reuse detection enables an efficient data reduction of a high volume of incoming malware for downstream analysis and enhances software security by efficiently finding known vulnerabilities across large code bases. In order to demonstrate the benefits of automatic software similarity detection, we discuss two representative problems that are remedied by scalable analysis: malware triage and unpatched code clone detection.
520
$a
First, we tackle the onslaught of malware. Although over one million new malware are reported each day, existing research shows that most malware are not written from scratch; instead, they are automatically generated variants of existing malware. When groups of highly similar variants are clustered together, new malware more easily stands out. Unfortunately, current systems struggle with handling this high volume of malware. We scale clustering using feature hashing and perform semantic analysis using co-clustering. Our evaluation demonstrates that these techniques are an order of magnitude faster than previous systems and automatically discover highly correlated features and malware groups. Furthermore, we design algorithms to infer evolutionary relationships among malware, which helps analysts understand trends over time and make informed decisions about which malware to analyze first.
520
$a
Second, we address the problem of detecting unpatched code clones at scale. When buggy code gets copied from project to project, eventually all projects will need to be patched. We call clones of buggy code that have been fixed in only a subset of projects unpatched code clones. Unfortunately, code copying is usually ad-hoc and is often not tracked, which makes it challenging to identify all unpatched vulnerabilities in code bases at the scale of entire OS distributions. We scale unpatched code clone detection to spot over 15,000 latent security vulnerabilities in 2.1 billion lines of code from the Linux kernel, all Debian and Ubuntu packages, and all C/C++ projects in SourceForge in three hours on a single machine. To the best of our knowledge, this is the largest set of bugs ever reported in a single paper.
590
$a
School code: 0041.
650
4
$a
Engineering, Computer.
$3
1669061
650
4
$a
Computer Science.
$3
626642
690
$a
0464
690
$a
0984
710
2
$a
Carnegie Mellon University.
$b
Electrical and Computer Engineering.
$3
2094139
773
0
$t
Dissertation Abstracts International
$g
75-02B(E).
790
$a
0041
791
$a
Ph.D.
792
$a
2013
793
$a
English
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3575504
筆 0 讀者評論
館藏地:
全部
電子資源
出版年:
卷號:
館藏
1 筆 • 頁數 1 •
1
條碼號
典藏地名稱
館藏流通類別
資料類型
索書號
使用類型
借閱狀態
預約狀態
備註欄
附件
W9253777
電子資源
11.線上閱覽_V
電子書
EB
一般使用(Normal)
在架
0
1 筆 • 頁數 1 •
1
多媒體
評論
新增評論
分享你的心得
Export
取書館
處理中
...
變更密碼
登入