A Hybrid Vulnerability Analysis Tool Using a Risk Evaluation Technique

Abstract

Recent there have been many efforts to detect and analyze vulnerabilities using diverse analysis tools, removing them at the development stage. However, vulnerability analysis tools are prone to missed detections, incorrect detections, and over detection, which reduces the accuracy of detection. In this paper, a vulnerability detection technique is proposed that develops and manages safe applications and can resolve and analyze these problems. Risks due to vulnerabilities are computed, and an intelligent vulnerability detection technique is used to improve accuracy and evaluate risks of the final version of the application. This helps the development and execution of safe applications. Through incorporation of tools that use both static analysis and dynamic analysis techniques, our proposed technique overcomes weak points at each stage and improves the accuracy of vulnerability detection. Existing vulnerability risk evaluation system only evaluate self risks; while our proposed vulnerability risk evaluation system reflects vulnerability self-risk and detection accuracy in a complex fashion to evaluate relative. Our proposed technique compares and analyzes existing analysis tools, such as lists for detections and detection accuracy based on the top 10 items of SANS at CWE. Quantitative evaluation systems for existing vulnerability risks and proposed application vulnerability risks are compared and analyzed. Through incorporation of tools that use both static analysis and dynamic analysis techniques. We developed prototype analysis tool using our technique to test the application’s vulnerability–detection ability, and show our proposed technique is superior to existing ones.