Optimizing the Sequence of Vulnerability Scanning Injections (Poster)

Abstract

Security Operation Centers face human resource bottleneck in scaling the operations. We attempt to address the issue by developing a framework to prioritize the operational actions, especially in vulnerability scanning and penetration testing tasks. More specifically, we prioritized scanning injections in the order of expected rewards, calculated with the combination of priors and injection-to-injection similarity measures. The framework is shown to reduce the total number of actions while maintaining the amount of vulnerabilities revealed.

Publication
Date
Links
PDF

Bibtex

@inproceedings{8625098,
author={K. {Funaya} and S. {Bajaj} and K. {Sharad} and A. {Srivastava}},
booktitle={2018 IEEE Conference on Dependable and Secure Computing (DSC)},
title={Optimizing the Sequence of Vulnerability Scanning Injections},
year={2018},
volume={},
number={},
pages={1-2},
keywords={computer crime;security of data;security operation centers;injection-to-injection similarity measures;penetration testing tasks;operational actions;human resource bottleneck;vulnerability scanning injections;Security;Feature extraction;Task analysis;Machine learning;Payloads;Web pages;Europe},
doi={10.1109/DESEC.2018.8625098},
ISSN={},
month={Dec},
}