Show simple item record

dc.contributor.advisorGarcía Bedoya, Olmer
dc.coverage.spatialColombiaspa
dc.creatorBallestas, Rafael
dc.date.accessioned2021-02-12T14:33:32Z
dc.date.available2021-02-12T14:33:32Z
dc.date.created2021-02-09
dc.identifier.urihttp://hdl.handle.net/20.500.12010/17241
dc.description.abstractProponemos una solución para guíar las auditorías de seguridad de código basada en aprendizaje de máquina, que no reemplaza al auditor sino que da indicaciones al mismo sobre dónde buscar vulnerabilidades primero. Sostenemos que este es un mejor enfoque que las auditorías automáticas y las herramientas tradicionales de análisis estático en términos de falsos positivos y negativos.spa
dc.format.extent58 páginasspa
dc.format.mimetypeapplication/pdfspa
dc.language.isoenmspa
dc.publisherUniversidad de Bogotá Jorge Tadeo Lozanospa
dc.sourceinstname:Universidad de Bogotá Jorge Tadeo Lozanospa
dc.sourcereponame:Expeditio Repositorio Institucional UJTLspa
dc.subjectIngenieríaspa
dc.subjectMáquinasspa
dc.subjectAutomatizaciónspa
dc.titleMachine learning for prioritizing security code-based Vulnerability discoveryspa
dc.type.localTrabajo de grado de maestríaspa
dc.subject.lembAuditoríasspa
dc.subject.lembSeguridadspa
dc.rights.accessrightsinfo:eu-repo/semantics/openAccessspa
dc.type.hasversioninfo:eu-repo/semantics/acceptedVersionspa
dc.rights.localAbierto (Texto Completo)spa
dc.subject.keywordSecurity auditingspa
dc.identifier.repourlhttp://expeditio.utadeo.edu.cospa
dc.creator.degreeMagíster en Ingeniería y Analítica de Datosspa
dc.publisher.programMaestría en Ingeniería y Analítica de Datosspa
dc.relation.referencesAlon, U., Zilberstein, M., Levy, O., and Yahav, E. (2019). code2vec: learning distributed representations of code. Proc. ACM Program. Lang., 3(POPL):1– 29.spa
dc.relation.referencesAntunes, N. and Vieira, M. (2009). Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services. In 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing, pages 301–306, Shanghai, China. IEEE.spa
dc.relation.referencesChang, Y., Liu, B., Cong, L., Deng, H., Li, J., and Chen, Y. (2019). Vulnerability Parser: A Static Vulnerability Analysis System for Android Applications. J. Phys.: Conf. Ser., 1288:012053.spa
dc.relation.referencesChong, S., Guttman, J., Datta, A., Myers, A., Pierce, B., Schaumont, P., Sherwood, T., and Zeldovich, N. (2016). Report on the NSF Workshop on Formal Methods for Security. arXiv:1608.00678 [cs]. arXiv: 1608.00678.spa
dc.relation.referencesDauber, E., Caliskan, A., Harang, R., Shearer, G., Weisman, M., Nelson, F., and Greenstadt, R. (2019). Git Blame Who?: Stylistic Authorship Attribution of Small, Incomplete Source Code Fragments. Proceedings on Privacy Enhancing Technologies, 2019(3):389–408. arXiv: 1701.05681spa
dc.relation.referencesFerreira, A. M. and Kleppe, H. (2011). Effectiveness of Automated Application Penetration Testing Tools. Technical report, OS3 University of Amsterdam.spa
dc.relation.referencesFluidAttacks (2020). Integrates.spa
dc.relation.referencesFree Software Foundation (2020). GNU diffutilsspa
dc.relation.referencesGhaffarian, S. M. and Shahriari, H. R. (2017). Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey. ACM Computing Surveys, 50(4):1–36.spa
dc.relation.referencesLi, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., and Chen, Z. (2018a). SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities. arXiv:1807.06756 [cs, stat]. arXiv: 1807.06756.spa
dc.relation.referencesLi, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., and Zhong, Y. (2018b). VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. Proceedings 2018 Network and Distributed System Security Symposium. arXiv: 1801.01681.spa
dc.relation.referencesMoor, O. d., Verbaere, M., Hajiyev, E., Avgustinov, P., Ekman, T., Ongkingco, N., Sereni, D., and Tibble, J. (2007). Keynote Address: .QL for Source Code Analysis. In Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007), pages 3–16, Paris, France. IEEEspa
dc.relation.referencesNg, A. (2016). What Artificial Intelligence Can and Can’t Do Right Now. Harvard Business Review. Section: Analytics.spa
dc.relation.referencesPedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.spa
dc.relation.referencesRice, H. G. (1953). Classes of recursively enumerable sets and their decision problems. Trans. Amer. Math. Soc., 74(2):358–366.spa
dc.relation.referencesSchwartz, E. J., Avgerinos, T., and Brumley, D. (2010). All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In 2010 IEEE Symposium on Security and Privacy, pages 317–331, Oakland, CA, USA. IEEE.spa
dc.relation.referencesSommer, R. and Paxson, V. (2010). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316, Oakland, CA, USA. IEEE.spa
dc.relation.referencesStefinko, Y., Piskozub, A., and Banakh, R. (2016). Manual and automated penetration testing. Benefits and drawbacks. Modern tendency. In 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), pages 488–491, Lviv, Ukraine. IEEE.spa
dc.relation.referencesYamaguchi, F., Wressnegger, C., Gascon, H., and Rieck, K. (2013). Chucky: exposing missing checks in source code for vulnerability discovery. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS ’13, pages 499–510, Berlin, Germany. ACM Press.spa
dc.description.hashtag#Auditoriasspa
dc.description.hashtag#Máquinasspa
dc.description.abstractenglishResumen en idioma extranjero We propose a solution to guide manual code security auditing, based on machine learning techniques, which does not replace the former, but instead gives pointers to the pentester as to where to look for vulnerabilities first. We claim this is a better approach than fully automated scanners and traditional static analysis tools in terms of false positives and negatives.spa
dc.type.driverinfo:eu-repo/semantics/masterThesisspa
dc.type.coarhttp://purl.org/coar/resource_type/c_bdccspa


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record