TY  - GEN
A1  - Gawron, Marian
A1  - Cheng, Feng
A1  - Meinel, Christoph
T1  - PVD: Passive Vulnerability Detection
T2  - 8th International Conference on Information and Communication Systems (ICICS)
N2  - The identification of vulnerabilities relies on detailed information about the target infrastructure. The gathering of the necessary information is a crucial step that requires an intensive scanning or mature expertise and knowledge about the system even though the information was already available in a different context. In this paper we propose a new method to detect vulnerabilities that reuses the existing information and eliminates the necessity of a comprehensive scan of the target system. Since our approach is able to identify vulnerabilities without the additional effort of a scan, we are able to increase the overall performance of the detection. Because of the reuse and the removal of the active testing procedures, our approach could be classified as a passive vulnerability detection. We will explain the approach and illustrate the additional possibility to increase the security awareness of users. Therefore, we applied the approach on an experimental setup and extracted security relevant information from web logs.
Y1  - 2017
UR  - https://publishup.uni-potsdam.de/frontdoor/index/index/docId/56736
SN  - 978-1-5090-4243-2
SN  - 2471-125X
SP  - 322
EP  - 327
PB  - IEEE
CY  - New York
ER  -