Abstract
The need to secure software application in today’s hostile computer environment cannot be overlooked. The increase in attacks aimed at software directly in the last decade and the demand for more secure software applications has drawn the attention of the software industry into looking for better ways in which software can be developed more securely. To achieve this, it has been suggested that security needs to be integrated into every phase of software development lifecycle (SDLC). In line with this view, security tools are now used during SDLC to integrate security into software applications. Here, we propose a neural network based security tool for analyzing software design for security flaws. Our findings show that the trained neural network was able to match possible attack patterns to design scenarios presented to it. With the information on the attack pattern identified, developers can make informed decision in mitigating risks in their designs.
Chapter PDF
Similar content being viewed by others
References
Berg, B.: SDL: Threat Modeling tools vs. Threat Analysis tool, http://www.dib0.nl/code/166-sdl-threat-modeling-tool-vs-threat-analysis-tool
Burns, S.F.: Threat Modeling: A Process to Ensure Application Security, SANS Institute InfoSec Reading Room, http://www.sans.org/reading_room/whitepapers/securecode/threat-modeling-process-ensure-application-security_1646
Common Vulnerability Scoring System (CVSS-SIG), http://www.first.org/cvss
Gegick, M., Williams, L.: On the design of more secure software-intensive systems by use of attack patterns. Information and Software Technology 49, 381–397 (2006)
Keary, E.: Integration into the SDLC, The OWASP Foundation, https://www.owasp.org/images/f/f6/Integration_into_the_SDLC.ppt
Kienzle, D.M., Elder, M.C.: Final Technical Report: Security Patterns for Web Application Development (2002), http://www.scrypt.net/~celer/securitypatterns/final%20report.pdf
Kenneth, R., Wyk, V., McGraw, G.: Bridging the Gap Software Development and Information Security. IEEE Security & Privacy 3(5), 75–79 (2005)
McGraw, G.: Building Secure Software. A difficult but critical step in protecting your business. Citigal, Inc. (2003), http://www.cigital.com/whitepapers/dl/Building_Secure_Software.pdf
McGraw, G.: The Role of Architectural Risk in Software, Inform IT Network, http://www.informit.com/articles/article.aspx?p=446451
Microsoft Security Development Lifecycle, SDL Threat Modeling Tool, http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx
Mockel, C., Abdallah, A.E.: Threat Modeling Approaches and Tools for Securing Architectural Designs of E-Banking Application. Journal of Information Assurance and Security 6(5), 346–356 (2010)
Mouratidis, H., Giorgini, P.: Security Attack Testing (SAT)- testing the security of information systems at design time. Information Systems 32, 1166–1183 (2007)
OWASP Top 10, The Ten Most Critical Web Application Security Risk, http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf
Pemmaraju, K., Lord, E., McGraw, G.: Software Risk Management. The importance of building quality and reliability into the full development lifecycle. Citigal, Inc. (2000), http://www.cigital.com/whitepapers/dl/wp-qandr.pdf
Ricard, R.: ISO 1799 Risk Analysis Toolkit (2011), http://sourceforge.net/projects/ratiso17799
Srinivasa, K.D., Sattipalli, A.R.: Hand Written Character Recognition using Back Propagation Network. Journal of Theoretical and Applied Information Technology 5(3), 257–269 (2009)
Swigart, S., Campell, S.: Threat Modeling at Microsoft, http://download.microsoft.com/download/6/9/B/69BCB7C6-D158-4073-AD3E-F849E8ACBCE0/SDL_Series_-_4.pdf
Spampinato, D.G.: SeaMonster: Providing Tool Support for Security Modeling. In: NISK Conference, http://www.shieldsproject.eu/files/docs/seamonster_nisk2008.pdf
Ahmad, I., Swati, S.U., Mohsin, S.: Intrusion detection mechanism by resilient bpck Propagation (RPROP). European Journal of Scientific Research 17(4), 523–530 (2007)
Liu, G., Hu, F., Chen, W.: A neural network emsemble based method for detecting computer virus. In: Proceedings of 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering, vol. 1, pp. 391–393 (2010)
Pan, Z., Chen, S., Hu, G., Zhang, D.: Hybrid neural network and c4.5 for misuse detection. In: Proceedings of 2003 International Conference on Machine Learning and Cybernetics, vol. 4, pp. 2463–2467 (2003)
Joseph, A., Bong, D.B.L., Mat, D.A.A.: Application of Neural Network in User Authentication for Smart Home Systems. World Academy of Science, Engineering and Technology 53, 1293–1300 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Adebiyi, A., Arreymbi, J., Imafidon, C. (2013). A Neural Network Based Security Tool for Analyzing Software. In: Camarinha-Matos, L.M., Tomic, S., Graça, P. (eds) Technological Innovation for the Internet of Things. DoCEIS 2013. IFIP Advances in Information and Communication Technology, vol 394. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37291-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-37291-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37290-2
Online ISBN: 978-3-642-37291-9
eBook Packages: Computer ScienceComputer Science (R0)