| dc.contributor.advisor | García Bedoya, Olmer | |
| dc.coverage.spatial | Colombia | spa |
| dc.creator | Ballestas, Rafael | |
| dc.date.accessioned | 2021-02-12T14:33:32Z | |
| dc.date.available | 2021-02-12T14:33:32Z | |
| dc.date.created | 2021-02-09 | |
| dc.identifier.uri | http://hdl.handle.net/20.500.12010/17241 | |
| dc.description.abstract | Proponemos una solución para guíar las auditorías de seguridad de código basada en aprendizaje de máquina, que no reemplaza al auditor sino que da indicaciones al mismo sobre dónde buscar vulnerabilidades primero. Sostenemos que este es un mejor enfoque que las auditorías automáticas y las herramientas tradicionales de análisis estático en términos de falsos positivos y negativos. | spa |
| dc.format.extent | 58 páginas | spa |
| dc.format.mimetype | application/pdf | spa |
| dc.language.iso | enm | spa |
| dc.publisher | Universidad de Bogotá Jorge Tadeo Lozano | spa |
| dc.source | instname:Universidad de Bogotá Jorge Tadeo Lozano | spa |
| dc.source | reponame:Expeditio Repositorio Institucional UJTL | spa |
| dc.subject | Ingeniería | spa |
| dc.subject | Máquinas | spa |
| dc.subject | Automatización | spa |
| dc.title | Machine learning for prioritizing security code-based Vulnerability discovery | spa |
| dc.type.local | Trabajo de grado de maestría | spa |
| dc.subject.lemb | Auditorías | spa |
| dc.subject.lemb | Seguridad | spa |
| dc.rights.accessrights | info:eu-repo/semantics/openAccess | spa |
| dc.type.hasversion | info:eu-repo/semantics/acceptedVersion | spa |
| dc.rights.local | Abierto (Texto Completo) | spa |
| dc.subject.keyword | Security auditing | spa |
| dc.identifier.repourl | http://expeditio.utadeo.edu.co | spa |
| dc.creator.degree | Magíster en Ingeniería y Analítica de Datos | spa |
| dc.publisher.program | Maestría en Ingeniería y Analítica de Datos | spa |
| dc.relation.references | Alon, U., Zilberstein, M., Levy, O., and Yahav, E. (2019). code2vec: learning distributed representations of code. Proc. ACM Program. Lang., 3(POPL):1– 29. | spa |
| dc.relation.references | Antunes, N. and Vieira, M. (2009). Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services. In 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing, pages 301–306, Shanghai, China. IEEE. | spa |
| dc.relation.references | Chang, Y., Liu, B., Cong, L., Deng, H., Li, J., and Chen, Y. (2019). Vulnerability Parser: A Static Vulnerability Analysis System for Android Applications. J. Phys.: Conf. Ser., 1288:012053. | spa |
| dc.relation.references | Chong, S., Guttman, J., Datta, A., Myers, A., Pierce, B., Schaumont, P., Sherwood, T., and Zeldovich, N. (2016). Report on the NSF Workshop on Formal Methods for Security. arXiv:1608.00678 [cs]. arXiv: 1608.00678. | spa |
| dc.relation.references | Dauber, E., Caliskan, A., Harang, R., Shearer, G., Weisman, M., Nelson, F., and Greenstadt, R. (2019). Git Blame Who?: Stylistic Authorship Attribution of Small, Incomplete Source Code Fragments. Proceedings on Privacy Enhancing Technologies, 2019(3):389–408. arXiv: 1701.05681 | spa |
| dc.relation.references | Ferreira, A. M. and Kleppe, H. (2011). Effectiveness of Automated Application Penetration Testing Tools. Technical report, OS3 University of Amsterdam. | spa |
| dc.relation.references | FluidAttacks (2020). Integrates. | spa |
| dc.relation.references | Free Software Foundation (2020). GNU diffutils | spa |
| dc.relation.references | Ghaffarian, S. M. and Shahriari, H. R. (2017). Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey. ACM Computing Surveys, 50(4):1–36. | spa |
| dc.relation.references | Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., and Chen, Z. (2018a). SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities. arXiv:1807.06756 [cs, stat]. arXiv: 1807.06756. | spa |
| dc.relation.references | Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., and Zhong, Y. (2018b). VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. Proceedings 2018 Network and Distributed System Security Symposium. arXiv: 1801.01681. | spa |
| dc.relation.references | Moor, O. d., Verbaere, M., Hajiyev, E., Avgustinov, P., Ekman, T., Ongkingco, N., Sereni, D., and Tibble, J. (2007). Keynote Address: .QL for Source Code Analysis. In Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007), pages 3–16, Paris, France. IEEE | spa |
| dc.relation.references | Ng, A. (2016). What Artificial Intelligence Can and Can’t Do Right Now. Harvard Business Review. Section: Analytics. | spa |
| dc.relation.references | Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830. | spa |
| dc.relation.references | Rice, H. G. (1953). Classes of recursively enumerable sets and their decision problems. Trans. Amer. Math. Soc., 74(2):358–366. | spa |
| dc.relation.references | Schwartz, E. J., Avgerinos, T., and Brumley, D. (2010). All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In 2010 IEEE Symposium on Security and Privacy, pages 317–331, Oakland, CA, USA. IEEE. | spa |
| dc.relation.references | Sommer, R. and Paxson, V. (2010). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316, Oakland, CA, USA. IEEE. | spa |
| dc.relation.references | Stefinko, Y., Piskozub, A., and Banakh, R. (2016). Manual and automated penetration testing. Benefits and drawbacks. Modern tendency. In 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), pages 488–491, Lviv, Ukraine. IEEE. | spa |
| dc.relation.references | Yamaguchi, F., Wressnegger, C., Gascon, H., and Rieck, K. (2013). Chucky: exposing missing checks in source code for vulnerability discovery. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS ’13, pages 499–510, Berlin, Germany. ACM Press. | spa |
| dc.description.hashtag | #Auditorias | spa |
| dc.description.hashtag | #Máquinas | spa |
| dc.description.abstractenglish | Resumen en idioma extranjero
We propose a solution to guide manual code security auditing, based on machine learning techniques, which does not replace the former, but instead gives pointers to the pentester as to where to look for vulnerabilities first. We claim this is a better approach than fully automated scanners and traditional static analysis tools in terms of false positives and negatives. | spa |
| dc.type.driver | info:eu-repo/semantics/masterThesis | spa |
| dc.type.coar | http://purl.org/coar/resource_type/c_bdcc | spa |
