Applicability of Neural Networks to Software Security. Authors Adebiyi, Adetunji B. Permalink -. Neural Networks are regulating some key sectors including finance, healthcare, and automotive. As these artificial neurons function in a way similar to the human brain. They can be used for image recognition, character recognition and stock market predictions.
Facial Recognition Systems are serving as robust systems of surveillance. Recognition Systems matches the human face and compares it with the digital images. They are used in offices for selective entries. The systems thus authenticate a human face and match it up with the list of IDs that are present in its database. Large number of pictures are fed into the database for training a neural network. The collected images are further processed for training. Sampling layers in CNN are used for proper evaluations.
Models are optimized for accurate recognition results. Investments are subject to market risks. It is nearly impossible to predict the upcoming changes in the highly volatile stock market. The forever changing bullish and bearish phases were unpredictable before the advent of neural networks. But well what changed it all? Neural Networks of course…. To make a successful stock prediction in real time a Multilayer Perceptron MLP class of feedforward artificial intelligence algorithm is employed.
MLP comprises multiple layers of nodes, each of these layers is fully connected to the succeeding nodes. Check out this video to know how the LTSM model is built for making predictions in the stock market. No matter how cliche it may sound, social media has altered the normal boring course of life. Artificial Neural Networks are used to study the behaviours of social media users. Data shared everyday via virtual conversations is tacked up and analyzed for competitive analysis.
Neural networks duplicate the behaviours of social media users. Therefore, while network security aims at protecting networks and its resources such as the software applications running within it, software security aims at integrating security into software during development in order to produce secured software applications that can withstand attack proactively in a hostile environment.
Thus, network security could be viewed as providing security in depth to software applications through the use of network security tools to establish many layers of protection in the network environment whereby software security helps in providing security within software applications itself. Hence, network security and software security can both work together to provide an overall protection against malicious attackers within networks and software applications.
Application security uses a combination of system engineering security practices, such as defence-in-depth DiD measures e. Application Security protection measures are mostly defined at network and system architectural level instead of the individual software architectural level and these are implemented when the software application is deployed and fully operational McGraw, One of the benefits of application security is that it minimizes the exposure of vulnerable software to threats that could exploit them by using security practices such as patch management to reduce the number of vulnerabilities in the software application.
Another benefit of application security is that it helps to specify trust boundaries which controls access to vulnerable software application and also provide safe execution environment through the use of boundary protection technologies e. This subsequently constrains interactions with the vulnerable software application, thus reducing its exposure to attackers. In analogy to band aid that offers protection against the wound but does not remove the disease, some authors have been referred to application security as band aid security based on the benefits highlighted above.
These authors argue that these benefits are in favour of application security as many software developers do not have the skill to integrate security into software during development. Furthermore, as banks and many other companies through mergers and acquisition take over software applications often infested with various vulnerabilities, it has been argued that application security provides the cheapest way of maintaining the application because most of these companies do not have the money or time to rebuild the applications Hogland, In a contrary view, application security has been described as protecting software applications in a reactive way by finding and fixing security problem only after they have been exploited.
While application security deal with security problems under the band —aid security approach, i. An artificial neural network consists of very large highly interconnected simple processing elements called artificial neurons which can demonstrate complex overall behaviour depending on the interconnected neurons and element parameters.
The interconnected processing elements work together to solve specific problems through a learning process just like biological systems. A typical neuron in the human brain that neural networks model, collects signals from others through a fine structure of projections called the dendrites.
The neuron uses an axon a long, thin stand which also splits into many branches to send out spikes of electrical activity when it receives an excitatory input that is suitably larger than the input. Another structure, called a synapse, at the end of each branch of the axon converts the activity of the axon into electrical effects that either excite or inhibit connecting neurons. However, some network capabilities may be retained even with major network damage.
The reason for this is because conventional computers resolve problems using an algorithm approach that follows a set of instructions as specified by the programmer. Without these instructions, the computer will not be able to solve the problem. This factor restricts the problem-solving capability of conventional computers to well-understood problems and the methods of resolving them. Unlike conventional computers, neural networks cannot be programmed to carry out specific tasks.
They learn by example. Information is processed similarly to the way the human brain processes information through its large number of highly interconnected network of processing elements that work in parallel to resolve specific tasks.
Up till now neural networks have been used successfully in many disciplines for different applications. They have been used in the area of forecasting, predicting, data validation, marketing, risk management in many business organizations and also in the medical field. The area most relevant to this research where neural networks have been used is in the area of network security and application security. This is discussed below.
In the supervised architecture the neural network is trained to give desired outputs when inputs are fed into the network. It is a straightforward network associating inputs with outputs.
They are commonly used for pattern recognition, prediction and non-linear function fitting Stergiou and Siganos, MathWorks, Examples of feed-forward networks include perceptron networks, feed-forward back- propagation, linear networks, feed-forward input delay back-propagation and cascade- forward back-propagation. These networks allow signals to travel in both directions, thereby introducing loops in the network.
This makes the networks dynamic as their state keeps changing continuously until it reaches an equilibrium point. They are usually used for nonlinear dynamic modelling, control system application and time-series prediction. The hidden layer has a receptive field with a centre in which outputs tails off as the input moves away from it.
Class boundaries and granularity of classification can be specified with LVQ. In unsupervised architecture neural networks, no external teacher is involved. The neural network self-organises the data presented to it and detects their emergent collective properties Stergiou and Siganos, This eventually allows for the inputs to be automatically sorted into categories. Competitive layers are usually used for pattern and classification recognition. In this area, neural networks are being used to decide when an attack is taking place against a computer system and this has offered possible solutions to some of the problems experienced by other present approaches to intrusion detection, which are rule-based systems Cannady, , Ahmad, Swati and Mohsin, Neural networks were proposed to recognize the distinctive characteristics of users of software systems and point out statistically significant variations from their recognized behaviour using data from the network environment even if the data is flawed or distorted.
Since a network can come under several coordinated multiple attacks, neural networks have also helped to identify such attacks because of their ability to process data from a number of sources in a non-linear fashion Ahmad, Swati and Mohsin, Furthermore, a neural network has the ability to detect novel attacks it has never been exposed to during its learning process.
Ahmad, Swati and Mohsin proposed a neural network trained using a Resilient Back Propagation RPROP algorithm and this was tested against different types of network attack such as DOS and probing and the result gave an overall detection rate of However, it equally demonstrates the ability of neural networks to detect network attacks to a very reasonable degree.
Also, neural networks have been proposed for detecting computer viruses using statistical analysis approaches. The proposed neural network was designed to study the features of normal system activity and recognize statistical variations from the normal activity that may indicate the presence of a virus Cannady, In the area of software quality, neural networks have also been proposed for predicting the reliability of a software application by using the failure history of the software as their raw data to develop their own internal model of the failure process to predict the total number of faults to be detected at the end of a future test session of the software Malaiya Y.
Similarly, Tamura, Yamada, and Kimura , having noted the difficulty of assessing software reliability due to the increase in software complexity especially in a distributed environment proposed a software reliability assessment method based on a neural network model that takes into consideration the interactions of software components in the distributed environment.
This method was compared to other software reliability growth models SRGMs using real software fault data to conduct a goodness of fit comparison and the result showed that this method gave the best fit to the data. Owing to the positive performance of neural networks in this area, it has been suggested as an alternative in modelling software reliability data Ho, Xie and Goh, Neural networks have also been applied in the area of cryptography.
Karras and Zorkadis used neural networks for strengthening the existing traditional generators of random numbers used in many cryptographic protocols for secure communication systems. The use of the Overfitting Multilayer Perceptron MPL type of neural networks and recurrent ANN of the Hopfield type for generating pseudorandom numbers were the two types of neural network- based mechanisms proposed.
Their performance was compared to the traditional generators and the results showed that ANN-based generators performed better in the statistical and non- predictability tests than the traditional generators. In another approach by Lian , a neural network is used to construct a block cipher that has the ability to encrypt data with the control of its key. The neural network consists of the chaotic neuron layer and the linear neuron layer which helps it to realize data diffusion and confusion functionalities respectively and these are the essential properties for the operation of a secure cipher.
As a result, it offers a higher security against select cipher attacks when compared to other existing ciphers and it is more suiTable for encrypting images. This approach was proposed by Lin, Ou and Hwang using the characteristic memory of a back-propagation network to recall the password information generated and memorized during its training.
This proposed method was tested using pairs of usernames and passwords consisting of eight characters. In terms of the accuracy, the result of this proposed method showed that the output of the trained neural network was close to the expected output and, with regards to its performance, its time complexity was found to be 0.
This is because it uses simple multiplication and addition to produce its results unlike the methods using encryption to store password information on the verification Table requiring exponential computing, which is more time consuming. However, it is noted that it takes a long time to train the network and that the proposed method does not protect against guess attacks in which an attacker can try all possible passwords until a match is found. Summary of Chapter Two Creating software applications that work and at the same time will continue to function correctly under malicious attack remain a very great challenge to the software industry.
Many of the approaches used to integrate security into software application during the design phase SDLC has been explored in this chapter. While these approaches help towards developing a secure software application, the need for involvement of security experts and developers lack of experience in security was noted as factors affecting their effectiveness. The use of formal methods and security tools were also explored and their draw backs such as lack of adoption were highlighted.
Network security and application security protects software applications by embracing standard approaches such as penetrate and patch, input filtering i. While network security and application security offers protection to software applications after development, it was established that it is better to integrate security during software development.
The background to neural networks was presented in this chapter and its applications especially in the area of network security and application security in technologies such as IDS, cryptography, anti-virus and user authentication techniques.
In the next chapter the proposed neural network approach is presented and neural network model overview will be discussed. Software Design Evaluation by Neural Network 3. Introduction Neural network is proposed as an evaluation tool in this research for evaluating software designs for security flaws.
The evaluation by the proposed neural network tool is based on two previous research works by Michael Gegick and Laurie Williams and Wiesauer and Sametinger See chapter 2 for further discussion.
In the first research work, Gegick and Williams created regular expression based attack patterns which show sequence of events that could occur during an attack. These attack patterns are based on software components involved in attacks and are tailored towards identifying security flaws in system design.
Their motivation for this approach is to enable software developers identify vulnerabilities in their system design before coding start as this is seen as a cheaper way of integrating security into software compared to when it is been retrofitted after development.
In the second research work, Wiesauer and Sametinger proposed a new a new taxonomy for security design patterns based on attack patterns. The authors argue that there is a need for a selection criterion because software developers who are not experienced in security are unable to select and apply security pattern in a correct and effective manner.
Therefore by using their proposed taxonomy the authors state that software developers can match identified attack patterns in their software designs to corresponding security design patterns that would provide the appropriate mitigation. One of the limitations with some of the current approaches for integrating security into software design is the difficulty of getting software developers to think like attackers during the threat modelling process as this mind-set is not native to them Swigart and Campbell, It has been suggested that software developers can instead look at the attack surface of their software design and think of how to build defences into their application Swigart and Campbell, The proposed neural network tool achieves this by associating components in the design with attacks that can be performed on them when possible attack patterns are matched to the software design.
This subsequently assists the software developers in addressing security defences needed to be put in place. In this chapter, the model overview of this research work is presented. The components of the research model show the way through which the proposed neural network tool would be evaluating software design for security flaws based on the previous research works highlighted above.
As a result, each of the components of the research model would also be discussed. Model Overview The figure below shows the model overview. This includes the input module, the neural network module and the output module. The input module consists of the system design, which is in form of scenarios that has been abstracted from a software design. The scenarios consist of the participating software components and actors in the design during each scenario.
The neural network module consists of two neural networks. The first neural network is trained to recognise possible attacks from the set of scenarios presented to it by matching it to corresponding attack patterns proposed by Gegick and Williams The second neural network accepts the output of the first neural network i.
The output module simply shows the attack identified by the first neural network and the security pattern suggested by the second neural network that has been mapped to deal with the attack.
For the purpose of this research work, data was abstracted from the attack scenarios in the reported attacks in online vulnerability databases.
As all the attacks considered were mainly caused by security flaws in the design of the reported software application, the abstracted attack scenarios were used as the software design in the input module of the research model because this provided information on the software design of the reported vulnerable software application.
In the following sections, the source of the attack scenarios and the attributes used to abstract the information needed to train the neural network are discussed.
Data of attack scenarios from the following online vulnerability databases were used in this research. CVE Details 2. Security Tracker 3. Secunia 4. Security Focus 5. IBM Internet Security Systems For each of the attack scenarios, the online vulnerability databases gave various types of information. The variety of information given on the same attack scenarios provided comprehensive information about the attacks.
Most of the online vulnerability databases gave a brief description of the attack as seen in the figure below. NoTable among other information provided is information about source of the attack i. The figure below shows the information provided on the attack on webmail server from CVE details, security focus and security tracker online databases.
This examines what level of access possessed when carrying out the attack. The following levels of the access were examined for each of the attack scenario. No access: This shows the attacker has no access when carrying out the attack. The attacker could escalate his privilege during the course of the attack.
In some attack scenarios, no access is required by the attacker for carrying out the attack. Read access: This indicate where the attacker has a form of user account with access limited to reading or viewing information in an application 3. In this case, the attacker is able to read and write. He is able to make changes or modify the data that he is able to access. Admin access: For this level of access, the attacker is able to read, write, make changes to data, create and delete user accounts.
With this access, the attacker has full administrative right. In particular, the attack scenarios are examined under this attribute to find out whether the attack was carried locally i.
This could be a system resource such as memory, buffer or data that is stored in a database. For instance, the webmail attack scenario in the figure above, the attacker uses a long Get Request to cause buffer overflow and also execute arbitrary code. The security property under attack could be: 1. Confidentiality: This is when privacy in the application is compromised. For example, when information is disclosed to users who are not authorized to have access to it.
Availability: This is when the attack is aimed at making services provided by the software system unavailable to valid users. For instance, in denial of service attack 3. Integrity: Attack against this security property includes attacks where the data stored or processed by the targeted software application is maliciously modified. Attack scenarios are categorized into the following groups using this attributes 1.
No Validation: where no input validation was carried out on inputs 2. Partial Validation: Where insufficient input validation was done on the inputs 3. All inputs validated: Where all input was properly validated or where the attack was not associated to this security flaw.
The intention here is find out whether any measure is implemented in the software application to make sure its dependency on users or other software system is secured. With this attributes, attack scenarios are examined under the following categories 1. None: This is where no security measure is implemented before accepting any form of interaction from users or other software system. For example, attack scenarios where visitors to a website are allowed to post messages without any form of authentication 2.
Authentication: This examines whether authentication was carried out before interacting with users and other software system 3. Trust Boundary Defined: This examines whether the targeted software application define a trust boundary between itself and other users or software system it is interacting with 5.
For instance, in SQL injection attacks, the targeted web application is checked for failure in sanitizing user supplied query before passing this to the database. Therefore, under this attributes, attack scenarios are examined to see if the flaws exploited in the attack is due to failure of the targeted software application to verify untrusted data using techniques such as escaping all inputs, use of parameterized interface or prepared statements.
Attack scenarios are examined under this attributes to see of the flaw is associated to any of the issues below include: 1. Use of plaintext password 2. Use of salted or harsh password 3. Lack of account lock outs and time outs 4. Session Management 5.
Credential management 6. Lack of re-authentication for assessing sensitive data 7. The attacked scenarios are analysed with flaws associated to the following: 1.
Data access authorization 2. URL access authorization 3. Service access authorization 4. Function access authorization 5. File access authorization 6. Server side enforcement of access control 7.
Lack of validation when redirecting data 2. Lack of defined HTTP request methods 3. Failure to validate HTTP request and response 4. Use of weak random token when processing or accessing sensitive data 5. Security flaws examined with this attributes include 1. Display of sensitive data in error messages 2. Lack of server side controlled logging 3. Access not denied by default by the error handing logic 4. Failure to log success or failure of security relevant log 5.
Failure to control access to log 6. Lack of validation of untrusted data used in event logged 3. The Neural Network Module The neural network module contains two neural networks. The first neural network is trained using the information from the input module to match possible attack pattern.
The second neural network uses the information about the identified attack pattern to match possible security design patterns that can mitigate the threat in the attack. During the implementation of the two networks in this research, the neural networks were designed to work independently as two separate networks and not and not as a single system.
The neural network module as shown in Figure 3. Attack trees and other related techniques use these techniques see chapter 2 for further discussion to abstract known vulnerabilities to a high level representation in a generalized form so that software developer can match the abstracted vulnerabilities in the same or different software systems they have been found originally William and Gegick, Building on this approach, William and Gegick , proposed the regularly expressed attack patterns for representing vulnerabilities in software design in a generic way i.
Table 3. Figure 3. The output of the first neural network i. This approach builds on the proposed selection criterion by Wiesauer and Sametinger which matches attack patterns to security design patterns. To achieve this, data was abstracted from the 51 regularly expressed attack patterns by William and Gegick Also, using Microsoft threat classification scheme STRIDE the attack patterns were grouped into six groups in order to align the attack patterns to their corresponding threat category.
The data abstracted from the attack patterns formed the attributes of the attack patterns that were used in training the neural network. Attack Vector: This is method through which the attacker uses to attack the resource Attack Type: This state whether the attack is an attack against confidentiality, integrity or availability The second neural network is used to match attack patterns to security design patterns defined by Kienzle and Elder , Blakley, et.
The security design patterns defined by these authors are stated in the Table 3. The Output Module In the output module of the model overview, the result of the evaluation of the two neural networks in the neural network module is presented i.
If permitted, the log file may become large enough to fill the Authorization hard drive causing the system to Enforcer crash -- a denial- of-service attack DoS. This may also occur on servers that log errors. With the aid of the proposed neural network tool, this research found out that software design scenarios can be matched to attack patterns that identify the security flaws in the design scenarios.
Also, with the proposed neural network tool this research found out that the identified attack patterns can be matched to security patterns that can provide mitigation to the threat in the attack pattern. New search Advanced search Search results.
0コメント