PVD: Passive Vulnerability Detection
- The identification of vulnerabilities relies on detailed information about the target infrastructure. The gathering of the necessary information is a crucial step that requires an intensive scanning or mature expertise and knowledge about the system even though the information was already available in a different context. In this paper we propose a new method to detect vulnerabilities that reuses the existing information and eliminates the necessity of a comprehensive scan of the target system. Since our approach is able to identify vulnerabilities without the additional effort of a scan, we are able to increase the overall performance of the detection. Because of the reuse and the removal of the active testing procedures, our approach could be classified as a passive vulnerability detection. We will explain the approach and illustrate the additional possibility to increase the security awareness of users. Therefore, we applied the approach on an experimental setup and extracted security relevant information from web logs.
Author details: | Marian GawronORCiD, Feng ChengGND, Christoph MeinelORCiDGND |
---|---|
DOI: | https://doi.org/10.1109/IACS.2017.7921992 |
ISBN: | 978-1-5090-4243-2 |
ISSN: | 2471-125X |
Title of parent work (English): | 8th International Conference on Information and Communication Systems (ICICS) |
Publisher: | IEEE |
Place of publishing: | New York |
Publication type: | Other |
Language: | English |
Date of first publication: | 2017/05/11 |
Publication year: | 2017 |
Release date: | 2022/11/18 |
Number of pages: | 6 |
First page: | 322 |
Last Page: | 327 |
Organizational units: | An-Institute / Hasso-Plattner-Institut für Digital Engineering gGmbH |
DDC classification: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
Peer review: | Referiert |