Improving the Accuracy of Automated Security Tests Based on Learned System Behavior Models

Christian Schanes, Florian Fankhauser, Andreas Hübler, Thomas Grechenig
DB

Abstract

The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security problems in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. We observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.

Type
Conference paper
Publication
Talk: The Fourth International Workshop on Security Testing (SECTEST 2013), Luxembourg; 03-22-2013; in: “Proceedings of the Fourth International Workshop on Security Testing (SECTEST 2013)", IEEE, (2013)
Christian Schanes
Projektass. Dipl.-Ing. Dr.techn.
Florian Fankhauser
Projektass. Dipl.-Ing.
Thomas Grechenig
Thomas Grechenig
Ao.Univ.Prof. Dipl.-Ing. Dr.techn.