Title :
A Weakness-Based Attack Pattern Modeling and Relational Analysis Method
Author :
Lili Lu ; Song Huang ; Zhengping Ren
Author_Institution :
Coll. of Command Inf. Syst., PLA Univ. of Sci. & Technol., Nanjing, China
Abstract :
With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper. An Attack Pattern is modeled to describe a single weakness´s specific exploiting process. Then attack nets are constructed as a result of their relational analysis. The method is verified by a case study.
Keywords :
Internet; Petri nets; data analysis; pattern classification; security of data; Web application security; Web information; colored Petri net; combination analysis method; relational analysis method; security testing; software security weakness study pattern; weakness-based attack pattern modeling; Analytical models; Educational institutions; Finite element analysis; Image color analysis; Security; Software; Testing; Attack Pattern; Colored Petri Net; attack injection; attack net; software security testing;
Conference_Titel :
Computational Science and Engineering (CSE), 2014 IEEE 17th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4799-7980-6
DOI :
10.1109/CSE.2014.203
