Search results for: software vulnerability detection

Authors: Wenqing Fan, Yixuan Cheng, Wei Huang

Abstract:

The diversity and complexity of modern IT systems make it almost impossible for internal teams to find vulnerabilities in all software before the software is officially released. The emergence of threat intelligence and vulnerability reporting policy has greatly reduced the burden on software vendors and organizations to find vulnerabilities. However, to prove the existence of the reported vulnerability, it is necessary but difficult for security incident response team to build a deliberated vulnerable environment from the vulnerability report with limited and incomplete information. This paper presents a structured, standardized, machine-oriented vulnerability intelligence format, that can be used to automate the orchestration of Deliberated Vulnerable Environment (DVE). This paper highlights the important role of software configuration and proof of vulnerable specifications in vulnerability intelligence, and proposes a triad model, which is called DIR (Dependency Configuration, Installation Configuration, Runtime Configuration), to define software configuration. Finally, this paper has also implemented a prototype system to demonstrate that the orchestration of DVE can be automated with the intelligence.

Keywords: DIR triad model, DVE, vulnerability intelligence, vulnerability recurrence

Procedia PDF Downloads 89

Authors: Hongmei Chi

Abstract:

The Blockchain has become a necessity for many different societal industries and ordinary lives including cryptocurrency technology, supply chain, health care, public safety, education, etc. Therefore, training our future blockchain developers to know blockchain programming vulnerability and I.T. students' cyber security is in high demand. In this work, we propose a framework including learning modules and hands-on labs to guide future I.T. professionals towards developing secure blockchain programming habits and mitigating source code vulnerabilities at the early stages of the software development lifecycle following the concept of Secure Software Development Life Cycle (SSDLC). In this research, our goal is to make blockchain programmers and I.T. students aware of the vulnerabilities of blockchains. In summary, we develop a framework that will (1) improve students' skills and awareness of blockchain source code vulnerabilities, detection tools, and mitigation techniques (2) integrate concepts of blockchain vulnerabilities for IT students, (3) improve future IT workers’ ability to master the concepts of blockchain attacks.

Keywords: software vulnerability detection, hands-on lab, static analysis tools, vulnerabilities, blockchain, active learning

Procedia PDF Downloads 50

Authors: Abdullah M. Algarni, Yashwant K. Malaiya

Abstract:

Some of the key aspects of vulnerability-discovery, dissemination, and disclosure-have received some attention recently. However, the role of interaction among the vulnerability discoverers and vulnerability acquirers has not yet been adequately addressed. Our study suggests that a major percentage of discoverers, a majority in some cases, are unaffiliated with the software developers and thus are free to disseminate the vulnerabilities they discover in any way they like. As a result, multiple vulnerability markets have emerged. In some of these markets, the exchange is regulated, but in others, there is little or no regulation. In recent vulnerability discovery literature, the vulnerability discoverers have remained anonymous individuals. Although there has been an attempt to model the level of their efforts, information regarding their identities, modes of operation, and what they are doing with the discovered vulnerabilities has not been explored. Reports of buying and selling of the vulnerabilities are now appearing in the press; however, the existence of such markets requires validation, and the natures of the markets need to be analysed. To address this need, we have attempted to collect detailed information. We have identified the most prolific vulnerability discoverers throughout the past decade and examined their motivation and methods. A large percentage of these discoverers are located in Eastern and Western Europe and in the Far East. We have contacted several of them in order to collect first-hand information regarding their techniques, motivations, and involvement in the vulnerability markets. We examine why many of the discoverers appear to retire after a highly successful vulnerability-finding career. The paper identifies the actual vulnerability markets, rather than the hypothetical ideal markets that are often examined. The emergence of worldwide government agencies as vulnerability buyers has significant implications. We discuss potential factors that can impact the risk to society and the need for detailed exploration.

Keywords: risk management, software security, vulnerability discoverers, vulnerability markets

Procedia PDF Downloads 219

Authors: Tshegofatso Rambau, Tonderai Muchenje

Abstract:

Zero-day attacks (ZDA) are increasing day by day; there are many vulnerabilities in systems and software that date back decades. Companies keep discovering vulnerabilities in their systems and software and work to release patches and updates. A zero-day vulnerability is a software fault that is not widely known and is unknown to the vendor; attackers work very quickly to exploit these vulnerabilities. These are major security threats with a high success rate because businesses lack the essential safeguards to detect and prevent them. This study focuses on the factors and techniques that can help us detect zero-day attacks. There are various methods and techniques for detecting vulnerabilities. Various companies like edges can offer penetration testing and smart vulnerability management solutions. We will undertake literature studies on zero-day attacks and detection methods, as well as modeling approaches and simulations, as part of the study process.

Keywords: zero-day attacks, exploitation, vulnerabilities

Procedia PDF Downloads 66

Authors: Mst Shapna Akter, Hossain Shahriar

Abstract:

One of the most important challenges in the field of software code audit is the presence of vulnerabilities in software source code. Every year, more and more software flaws are found, either internally in proprietary code or revealed publicly. These flaws are highly likely exploited and lead to system compromise, data leakage, or denial of service. C and C++ open-source code are now available in order to create a largescale, machine-learning system for function-level vulnerability identification. We assembled a sizable dataset of millions of opensource functions that point to potential exploits. We developed an efficient and scalable vulnerability detection method based on deep neural network models that learn features extracted from the source codes. The source code is first converted into a minimal intermediate representation to remove the pointless components and shorten the dependency. Moreover, we keep the semantic and syntactic information using state-of-the-art word embedding algorithms such as glove and fastText. The embedded vectors are subsequently fed into deep learning networks such as LSTM, BilSTM, LSTM-Autoencoder, word2vec, BERT, and GPT-2 to classify the possible vulnerabilities. Furthermore, we proposed a neural network model which can overcome issues associated with traditional neural networks. Evaluation metrics such as f1 score, precision, recall, accuracy, and total execution time have been used to measure the performance. We made a comparative analysis between results derived from features containing a minimal text representation and semantic and syntactic information. We found that all of the deep learning models provide comparatively higher accuracy when we use semantic and syntactic information as the features but require higher execution time as the word embedding the algorithm puts on a bit of complexity to the overall system.

Keywords: cyber security, vulnerability detection, neural networks, feature extraction

Procedia PDF Downloads 44

Authors: Xinghang Lv, Tao Peng, Jia Chen, Junping Liu, Xinrong Hu, Ruhan He, Minghua Jiang, Wenli Cao

Abstract:

As one of the most dangerous vulnerabilities, effective detection of buffer overflow vulnerabilities is extremely necessary. Traditional detection methods are not accurate enough and consume more resources to meet complex and enormous code environment at present. In order to resolve the above problems, we propose the method for Buffer overflow detection based on Abstract syntax tree, Control flow graph, and Data dependency graph (BodeACD) in C/C++ programs with source code. Firstly, BodeACD constructs the function samples of buffer overflow that are available on Github, then represents them as code representation sequences, which fuse control flow, data dependency, and syntax structure of source code to reduce information loss during code representation. Finally, BodeACD learns vulnerability patterns for vulnerability detection through deep learning. The results of the experiments show that BodeACD has increased the precision and recall by 6.3% and 8.5% respectively compared with the latest methods, which can effectively improve vulnerability detection and reduce False-positive rate and False-negative rate.

Keywords: vulnerability detection, abstract syntax tree, control flow graph, data dependency graph, code representation, deep learning

Procedia PDF Downloads 133

Authors: R. Nagarani

Abstract:

An intrinsic property of software in a real-world environment is its need to evolve, which is usually accompanied by the increase of software complexity and deterioration of software quality, making software maintenance a tough problem. Refactoring is regarded as an effective way to address this problem. Many refactoring approaches at the method and class level have been proposed. But the extent of research on software refactoring at the package level is less. This work presents a novel approach to refactor the package structures of object oriented software using genetic algorithm based community detection. It uses software networks to represent classes and their dependencies. It uses a constrained community detection algorithm to obtain the optimized community structures in software networks, which also correspond to the optimized package structures. It finally provides a list of classes as refactoring candidates by comparing the optimized package structures with the real package structures.

Keywords: community detection, complex network, genetic algorithm, package, refactoring

Procedia PDF Downloads 385

Authors: Nadjah Chergui, Narhimene Boustia

Abstract:

Intrusion Detection Systems are an essential tool for network security infrastructure. However, IDSs have a serious problem which is the generating of massive number of alerts, most of them are false positive ones which can hide true alerts and make the analyst confused to analyze the right alerts for report the true attacks. The purpose behind this paper is to present a formalism model to perform correlation engine by the reduction of false positive alerts basing on vulnerability contextual information. For that, we propose a formalism model based on non-monotonic JClassicδє description logic augmented with a default (δ) and an exception (є) operator that allows a dynamic inference according to contextual information.

Keywords: context, default, exception, vulnerability

Procedia PDF Downloads 234

Authors: Joseph Gear, Yue Xu, Ernest Foo, Praveen Gauravaran, Zahra Jadidi, Leonie Simpson

Abstract:

Deep learning methods have been seeing an increasing application to the long-standing security research goal of automatic vulnerability detection for source code. Attention, however, must still be paid to the task of producing vector representations for source code (code embeddings) as input for these deep learning models. Graphical representations of code, most predominantly Abstract Syntax Trees and Code Property Graphs, have received some use in this task of late; however, for very large graphs representing very large code snip- pets, learning becomes prohibitively computationally expensive. This expense may be reduced by intelligently pruning this input to only vulnerability-relevant information; however, little research in this area has been performed. Additionally, most existing work comprehends code based solely on the structure of the graph at the expense of the information contained by the node in the graph. This paper proposes Semantic-enhanced Code Embedding for Vulnerability Discovery (SCEVD), a deep learning model which uses semantic-based feature selection for its vulnerability classification model. It uses information from the nodes as well as the structure of the code graph in order to select features which are most indicative of the presence or absence of vulnerabilities. This model is implemented and experimentally tested using the SARD Juliet vulnerability test suite to determine its efficacy. It is able to improve on existing code graph feature selection methods, as demonstrated by its improved ability to discover vulnerabilities.

Keywords: code representation, deep learning, source code semantics, vulnerability discovery

Procedia PDF Downloads 125

Authors: Ji-Hoon Hong, Dong-Hee Kim, Nam-Uk Kim, Tai-Myoung Chung

Abstract:

Smartphone users are increasing rapidly. Accordingly, many companies are running BYOD (Bring Your Own Device: Policies to bring private-smartphones to the company) policy to increase work efficiency. However, smartphones are always under the threat of malware, thus the company network that is connected smartphone is exposed to serious risks. Most smartphone malware detection techniques are to perform an independent detection (perform the detection of a single target application). In this paper, we analyzed a variety of intrusion detection techniques. Based on the results of analysis propose an agent using the network IDS.

Keywords: android malware detection, software-defined network, interaction environment, android malware detection, software-defined network, interaction environment

Procedia PDF Downloads 401

Authors: Anjli Pathak, Harshit Sosan Lakra, Smriti Mishra

Abstract:

The increasing urbanization affects the external environment in which people exist and imposes livelihood vulnerability to shocks and stresses. Although research on the linkages between urbanization and vulnerability has been increasing, only a few studies have examined the caste/ethnicity in livelihood vulnerability. In this study, we explore how physical capital influences vulnerability among indigenous people in the context of livelihood. The study identifies the dimensions and indicators of physical capital that influence the profile of household vulnerability in the livelihood-building process. The result identified five dimensions and 19 indicators of livelihood vulnerability. The study also visualizes the inter-relationship between physical capital and other livelihood capital in formulating the livelihood vulnerability framework.

Keywords: urbanization, livelihood vulnerability, indigenous people, physical capital

Procedia PDF Downloads 34

Authors: Ravi Kumar, Dhrubajit Barman, Nomi Baruah

Abstract:

Software Cloning has grown an active area in software engineering research community yielding numerous techniques, various tools and other methods for clone detection and removal. The copying, modifying a block of code is identified as cloning as it is the most basic means of software reuse. Agile Software Development is an approach which is currently being used in various software projects, so that it helps to respond the unpredictability of building software through incremental, iterative, work cadences. Software Cloning has been introduced to Agile Environment and many Agile Software Development approaches are using the concept of Software Cloning. This paper discusses the various Agile Software Development approaches. It also discusses the degree to which the Software Cloning concept is being introduced in the Agile Software Development approaches.

Keywords: agile environment, refactoring, reuse, software cloning

Procedia PDF Downloads 496

Authors: Tao Feng, Wei-Wei Zhang, Chang-Ming Ding

Abstract:

Cross-site scripting (XSS) is one of the most popular WEB Attacking methods at present, and also one of the most risky web attacks. Because of the population of JavaScript, the scene of the cross site scripting attack is also gradually expanded. However, since the web application developers tend to only focus on functional testing and lack the awareness of the XSS, which has made the on-line web projects exist many XSS vulnerabilities. In this paper, different various techniques of XSS attack are analyzed, and a method automatically to detect it is proposed. It is easy to check the results of vulnerability detection when running it as a plug-in.

Keywords: XSS, no target attack platform, automatic detection，XSS detection

Procedia PDF Downloads 368

Authors: Saman Javadi, Mehdi Hashemy, Mohahammad Mahmoodi

Abstract:

Vulnerability maps are employed as an important solution in order to handle entrance of pollution into the aquifers. The common way to provide vulnerability map is DRASTIC. Meanwhile, application of the method is not easy to apply for any aquifer due to choosing appropriate constant values of weights and ranks. In this study, a new approach using k-means clustering is applied to make vulnerability maps. Four features of depth to groundwater, hydraulic conductivity, recharge value and vadose zone were considered at the same time as features of clustering. Five regions are recognized out of the case study represent zones with different level of vulnerability. The finding results show that clustering provides a realistic vulnerability map so that, Pearson’s correlation coefficients between nitrate concentrations and clustering vulnerability is obtained 61%.

Keywords: clustering, data mining, groundwater, vulnerability assessment

Procedia PDF Downloads 564

Authors: Adam Gorine, Faten Spondon

Abstract:

Python is considered the most popular programming language and offers its own ecosystem for archiving and maintaining open-source software packages. This system is called the python package index (PyPI), the repository of this programming language. Unfortunately, one-third of these software packages have vulnerabilities that allow attackers to execute code automatically when a vulnerable or malicious package is installed. This paper contributes to large-scale empirical studies investigating security issues in the python ecosystem by evaluating package vulnerabilities. These provide a series of implications that can help the security of software ecosystems by improving the process of discovering, fixing, and managing package vulnerabilities. The vulnerable dataset is generated using the NVD, the national vulnerability database, and the Snyk vulnerability dataset. In addition, we evaluated 807 vulnerability reports in the NVD and 3900 publicly known security vulnerabilities in Python Package Manager (pip) from the Snyk database from 2002 to 2022. As a result, many Python vulnerabilities appear in high severity, followed by medium severity. The most problematic areas have been improper input validation and denial of service attacks. A hybrid scanning tool that combines the three scanners bandit, snyk and dlint, which provide a clear report of the code vulnerability, is also described.

Keywords: Python vulnerabilities, bandit, Snyk, Dlint, Python package index, ecosystem, static analysis, malicious attacks

Procedia PDF Downloads 93

Authors: Neha Gupta

Abstract:

Landslide vulnerability is considered as the crucial parameter for the assessment of landslide risk. The term vulnerability defined as the damage or degree of elements at risk of different dimensions, i.e., physical, social, economic, and environmental dimensions. Himalaya region is very prone to multi-hazard such as floods, forest fires, earthquakes, and landslides. With the increases in fatalities rates, loss of infrastructure, and economy due to landslide in the Himalaya region, leads to the assessment of vulnerability. In this study, a methodology to measure the combination of vulnerability dimension, i.e., social vulnerability, physical vulnerability, and environmental vulnerability in one framework. A combined result of these vulnerabilities has rarely been carried out. But no such approach was applied in the Indian Scenario. The methodology was applied in an area of east Sikkim Himalaya, India. The physical vulnerability comprises of building footprint layer extracted from remote sensing data and Google Earth imaginary. The social vulnerability was assessed by using population density based on land use. The land use map was derived from a high-resolution satellite image, and for environment vulnerability assessment NDVI, forest, agriculture land, distance from the river were assessed from remote sensing and DEM. The classes of social vulnerability, physical vulnerability, and environment vulnerability were normalized at the scale of 0 (no loss) to 1 (loss) to get the homogenous dataset. Then the Multi-Criteria Analysis (MCA) was used to assign individual weights to each dimension and then integrate it into one frame. The final vulnerability was further classified into four classes from very low to very high.

Keywords: landslide, multi-criteria analysis, MCA, physical vulnerability, social vulnerability

Procedia PDF Downloads 274

Authors: Sundus Ayyaz, Saad Rehman, Usman Qamar

Abstract:

Software Architecture is the basic structure of software that states the development and advancement of a software system. Software architecture is also considered as a significant tool for the construction of high quality software systems. A clean design leads to the control, value and beauty of software resulting in its longer life while a bad design is the cause of architectural erosion where a software evolution completely fails. This paper discusses the occurrence of software architecture erosion and presents a set of methods for the detection, declaration and prevention of architecture erosion. The causes and symptoms of architecture erosion are observed with the examples of prescriptive and descriptive architectures and the practices used to stop this erosion are also discussed by considering different types of software erosion and their affects. Consequently finding and devising the most suitable approach for fighting software architecture erosion and in some way reducing its affect is evaluated and tested on different scenarios.

Keywords: software architecture, architecture erosion, prescriptive architecture, descriptive architecture

Procedia PDF Downloads 464

Authors: Lanja F. Rauf, Salahalddin S. Ali, Nadhir Al-Ansari

Abstract:

Evolving groundwater vulnerability from DRASTIC to modified DRASTIC methods helps choose the most accurate areas that are most delicate toward pollution. This study aims to modify DRASTIC with land use and water quality index for groundwater vulnerability assessment in the Halabja-Khurmal sub-basin, NE/Iraq. The Halabja- Khurmal sub-basin groundwater vulnerability index is calculated from nine hydrogeological parameters by the overlay weighting method. As a result, 1.3 % of the total area has a very high vulnerability value and 46.1 % with high vulnerability. The regions with high groundwater vulnerability have a high water table and groundwater recharge. Nitrate concentration was used to validate the result, and the Pearson correlation and recession analysis between the modified DRASTIC index and nitrate concentration depicted a strong relation with 0.76 and 0.7, respectively.

Keywords: groundwater vulnerability, modified DRASTIC, land-use, nitrate pollution, water quality index

Procedia PDF Downloads 62

Authors: Nadir A. Carreon, Christa Sonderer, Aakarsh Rao, Roman Lysecky

Abstract:

With the advent of complex software and increased connectivity, the security of life-critical medical devices is becoming an increasing concern, particularly with their direct impact on human safety. Security is essential, but it is impossible to develop completely secure and impenetrable systems at design time. Therefore, it is important to assess the potential impact on the security and safety of exploiting a vulnerability in such critical medical systems. The common vulnerability scoring system (CVSS) calculates the severity of exploitable vulnerabilities. However, for medical devices it does not consider the unique challenges of impacts to human health and privacy. Thus, the scoring of a medical device on which human life depends (e.g., pacemakers, insulin pumps) can score very low, while a system on which human life does not depend (e.g., hospital archiving systems) might score very high. In this paper, we propose a medical vulnerability scoring system (MVSS) that extends CVSS to address the health and privacy concerns of medical devices. We propose incorporating two new parameters, namely health impact, and sensitivity impact. Sensitivity refers to the type of information that can be stolen from the device, and health represents the impact on the safety of the patient if the vulnerability is exploited (e.g., potential harm, life-threatening). We evaluate fifteen different known vulnerabilities in medical devices and compare MVSS against two state-of-the-art medical device-oriented vulnerability scoring systems and the foundational CVSS.

Keywords: common vulnerability system, medical devices, medical device security, vulnerabilities

Procedia PDF Downloads 122

Authors: Cuong V Nguyen, Ralph Horne, John Fien, France Cheong

Abstract:

Social vulnerability to climate change is increasingly being acknowledged, and proposals to measure and manage it are emerging. Building upon this work, this paper proposes an approach to social vulnerability assessment using a new mechanism to aggregate and account for causal relationships among components of a Social Vulnerability Index (SVI). To operationalize this index, the authors propose a means to develop an appropriate primary dataset, through application of a specifically-designed household survey questionnaire. The data collection and analysis, including calibration and calculation of the SVI is demonstrated through application in case study city in central coastal Vietnam. The calculation of SVI at the fine-grained local neighbourhood scale provides high resolution in vulnerability assessment, and also obviates the need for secondary data, which may be unavailable or problematic, particularly at the local scale in developing countries. The SVI household survey is underpinned by the results of a Delphi survey, an in-depth interview and focus group discussions with local environmental professionals and community members. The research reveals inherent limitations of existing SVIs but also indicates the potential for their use in assessing social vulnerability and making decisions associated with responding to climate change at the local scale.

Keywords: climate change, local scale, social vulnerability, social vulnerability index

Procedia PDF Downloads 397

Authors: Hafida Bouarfa, Mohamed Abed

Abstract:

The main object of our work is the development and the validation of a system indicated Fuzzy Vulnerability. Fuzzy Vulnerability uses a fuzzy representation in order to tolerate the imprecision during the description of construction. At the the second phase, we evaluated the similarity between the vulnerability of a new construction and those of the whole of the historical cases. This similarity is evaluated on two levels: 1) individual similarity: bases on the fuzzy techniques of aggregation; 2) Global similarity: uses the increasing monotonous linguistic quantifiers (RIM) to combine the various individual similarities between two constructions. The third phase of the process of Fuzzy Vulnerability consists in using vulnerabilities of historical constructions narrowly similar to current construction to deduce its estimate vulnerability. We validated our system by using 50 cases. We evaluated the performances of Fuzzy Vulnerability on the basis of two basic criteria, the precision of the estimates and the tolerance of the imprecision along the process of estimation. The comparison was done with estimates made by tiresome and long models. The results are satisfactory.

Keywords: case based reasoning, fuzzy logic, fuzzy case based reasoning, seismic vulnerability

Procedia PDF Downloads 251

Authors: G. Sridevi, Amalendu Jyotishi, Sushanta Mahapatra, G. Jagadeesh, Satyasiba Bedamatta

Abstract:

Climate change is a main challenge for agriculture, food security and rural livelihoods for millions of people in India. Agriculture is the sector most vulnerable to climate change due to its high dependence on climate and weather conditions. Among India’s population of more than one billion people, about 68% are directly or indirectly involved in the agricultural sector. This sector is particularly vulnerable to present-day climate variability. In this contest this paper examines the Socio-economic and climate analytical study of the vulnerability index in Indian states of Andhra Pradesh and Karnataka. Using secondary data; it examines the vulnerability through five different sub-indicator of socio-demographic, agriculture, occupational, common property resource (CPR), and climate in respective states among different districts. Data used in this paper has taken from different sources, like census in India 2011, Directorate of Economics and Statistics of respective states governments. Rainfall data was collected from the India Meteorological Department (IMD). In order to capture the vulnerability from two different states the composite vulnerability index (CVI) was developed and used. This indicates the vulnerability situation of different districts under two states. The study finds that Adilabad district in Andhra Pradesh and Chamarajanagar in Karnataka had highest level of vulnerability while Hyderabad and Bangalore in respective states have least level of vulnerability.

Keywords: vulnerability, agriculture, climate change, global warming

Procedia PDF Downloads 429

Authors: Z. A. Ahmad, R. C. Omar, I. Z. Baharuddin, R. Roslan

Abstract:

Assessments of social vulnerability, carried out holistically, can provide an important guide to the planning process and to decisions on resource allocation at various levels, and can help to raise public awareness of geo-hazard risks. The assessments can help to provide answers for basic questions such as the human vulnerability at the geo-hazard prone or disaster areas causing health damage, economic loss, loss of natural heritage and vulnerability impact of extreme natural hazard event. To overcome these issues, integrated framework for assessing the increasing human vulnerability to environmental changes caused by geo-hazards will be introduced using an indicator from landslide risk map that is related to agent based modeling platform. The indicators represent the underlying factors, which influence a community’s ability to deal with and recover from the damage associated with geo-hazards. Scope of this paper is particularly limited to landslides.

Keywords: social, vulnerability, geo-hazard, methodology, indicators

Procedia PDF Downloads 250

Authors: H. Majour, L. Djabri

Abstract:

Many methods in the groundwater vulnerability have been developed in the world (methods like PRAST, DRIST, APRON/ARAA, PRASTCHIM, GOD). In this study, our choice dealt with two recent complementary methods using category mapping of index with weighting criteria (Point County Systems Model MSCP) namely the standard DRASTIC method and SI (Susceptibility Index). At present, these two methods are the most used for the mapping of the intrinsic vulnerability of groundwater. Two classes of groundwater vulnerability in the Biskra sandy aquifer were identified by the DRASTIC method (average and high) and the SI method (very high and high). Integrated analysis has revealed that the high class is predominant for the DRASTIC method whereas for that of SI the preponderance is for the very high class. Furthermore, we notice that the method SI estimates better the vulnerability for the pollution in nitrates, with a rate of 85 % between the concentrations in nitrates of groundwater and the various established classes of vulnerability, against 75 % for the DRASTIC method. By including the land use parameter, the SI method produced more realistic results.

Keywords: DRASTIC, SI, GIS, Biskra sandy aquifer, Algeria

Procedia PDF Downloads 457

Authors: Abida Haddouche, Ahmed Chrif Toubal

Abstract:

The Neogene basin of the Eastern Mitidja, object of the study area, represents potential water resources and especially groundwater reserves. This water is an important economic; this resource is highly sensitive which need protection and preservation. Unfortunately, these waters are exposed to various forms of pollution, whether from urban, agricultural, industrial or merely accidental. This pollution is a permanent risk of limiting resource. In this context, the work aims to evaluate the intrinsic vulnerability of the aquifer to protect and preserve the quality of this resource. It will focus on the disposal of water and land managers a cartographic document accessible to locate the areas where the water has a high vulnerability. Vulnerability mapping of the Easter Mitidja quaternary aquifer is performed by applying three methods (DRASTIC, DRIST, and GOD). Comparison and validation results show that the DRASTIC method is the most suitable method for aquifer vulnerability of the study area.

Keywords: Aquifer of Mitidja, DRASTIC method, geographic information system (GIS), vulnerability mapping

Procedia PDF Downloads 354

Authors: K. Shimola, M. Krishnaveni

Abstract:

This paper examines vulnerability assessment of water resources in a semi-arid basin using the 4-step approach. The vulnerability assessment framework is developed to study the water resources vulnerability which includes the creation of GIS-based vulnerability maps. These maps represent the spatial variability of the vulnerability index. This paper introduces the 4-step approach to assess vulnerability that incorporates a new set of indicators. The approach is demonstrated using a framework composed of a precipitation data for (1975–2010) period, temperature data for (1965–2010) period, hydrological model outputs and the water resources GIS data base. The vulnerability assessment is a function of three components such as exposure, sensitivity and adaptive capacity. The current water resources vulnerability is assessed using GIS based spatio-temporal information. Rainfall Coefficient of Variation, monsoon onset and end date, rainy days, seasonality indices, temperature are selected for the criterion ‘exposure’. Water yield, ground water recharge, evapotranspiration (ET) are selected for the criterion ‘sensitivity’. Type of irrigation and storage structures are selected for the criterion ‘Adaptive capacity’. These indicators were mapped and integrated in GIS environment using overlay analysis. The five sub-basins, namely Arjunanadhi, Kousiganadhi, Sindapalli-Uppodai and Vallampatti Odai, fall under medium vulnerability profile, which indicates that the basin is under moderate stress of water resources. The paper also explores prioritization of sub-basinwise adaptation strategies to climate change based on the vulnerability indices.

Keywords: adaptive capacity, exposure, overlay analysis, sensitivity, vulnerability

Procedia PDF Downloads 286

Authors: Doaa Wael, Naswa Abdelbaky

Abstract:

Malware is malicious software that is built to cause destructive actions and damage information systems and networks. Malware infections increase rapidly, and types of malware have become more sophisticated, which makes the malware detection process more difficult. On the other side, the Internet of Things IoT technology is vulnerable to malware attacks. These IoT devices are always connected to the internet and lack security. This makes them easy for hackers to access. These malware attacks are becoming the go-to attack for hackers. Thus, in order to deal with this challenge, new malware detection techniques are needed. Currently, building a blockchain solution that allows IoT devices to download any file from the internet and to verify/approve whether it is malicious or not is the need of the hour. In recent years, blockchain technology has stood as a solution to everything due to its features like decentralization, persistence, and anonymity. Moreover, using blockchain technology overcomes some difficulties in malware detection and improves the malware detection ratio over-than the techniques that do not utilize blockchain technology. In this paper, we study malware detection models which are based on blockchain technology. Furthermore, we elaborate on the effect of blockchain technology in malware detection, especially in the android environment.

Keywords: malware analysis, blockchain, malware attacks, malware detection approaches

Procedia PDF Downloads 39

Authors: Preston Nabors, Nasseh Tabrizi

Abstract:

Portable Document Format (PDF) files have gained significant popularity for sharing and distributing documents due to their universal compatibility. However, the widespread use of PDF files has made them attractive targets for cybercriminals, who exploit vulnerabilities to deliver malware and compromise the security of end-user systems. This paper reviews notable contributions in PDF malware detection, including static, dynamic, signature-based, and hybrid analysis. It presents a comprehensive examination of PDF malware detection techniques, focusing on the emerging threat of adversarial sampling and the need for robust defense mechanisms. The paper highlights the vulnerability of machine learning classifiers to evasion attacks. It explores adversarial sampling techniques in PDF malware detection to produce mimicry and reverse mimicry evasion attacks, which aim to bypass detection systems. Improvements for future research are identified, including accessible methods, applying adversarial sampling techniques to malicious payloads, evaluating other models, evaluating the importance of features to malware, implementing adversarial defense techniques, and conducting comprehensive examination across various scenarios. By addressing these opportunities, researchers can enhance PDF malware detection and develop more resilient defense mechanisms against adversarial attacks.

Keywords: adversarial attacks, adversarial defense, adversarial machine learning, intrusion detection, PDF malware, malware detection, malware detection evasion

Procedia PDF Downloads 11

Authors: Abduladim Maitieg

Abstract:

The oil manufacture is one of the main productive activities in Libya and has a massive infrastructure, including offshore drilling and exploration and wide oil export platform sites that located in coastal area. There is a threat to marine and coastal area of oil spills is greatest in those sites with a high spills comes from urban and industry, parallel to that, monitoring oil spills and risk emergency strategy is weakness, An approach for estimating a coastal resources vulnerability to oil spills is presented based on abundance, environmental and Scio-economic importance, distance to oil spill resources and oil risk likelihood. As many as 10 coastal resources were selected for oil spill assessment at the coast. This study aims to evaluate, determine and establish vulnerable coastal resource maps and estimating the rate of oil spill comes for different oil spill resources in Misratah marine environment. In the study area there are two type of oil spill resources, major oil resources come from offshore oil industries which are 96 km from the Coast and Loading/Uploading oil platform. However, the miner oil resources come from urban sewage pipes and fish ports. In order to analyse the collected database, the Geographic information system software has been used to identify oil spill location, to map oil tracks in front of study area, and developing seasonal vulnerable costal resources maps. This work shows that there is a differential distribution of the degree of vulnerability to oil spills along the coastline, with values ranging from high vulnerability and low vulnerability, and highlights the link between oil spill movement and coastal resources vulnerability. The results of assessment found most of costal freshwater spring sites are highly vulnerable to oil spill due to their location on the intertidal zone and their close to proximity to oil spills recourses such as Zreag coast. Furthermore, the Saltmarsh coastline is highly vulnerable to oil spill risk due to characterisation as it contains a nesting area of sea turtles and feeding places for migratory birds and the . Oil will reach the coast in winter season according to oil spill movement. Coastal tourist beaches in the north coast are considered as highly vulnerable to oil spill due to location and closeness to oil spill resources.

Keywords: coastal recourses vulnerability, oil spill trajectory, gnome software, Misratah coast- Libya, GIS

Procedia PDF Downloads 275

Authors: Sherry Ann Ganase, Sandra Sookram

Abstract:

In this paper, the vulnerability level to climate change is analysed using a comprehensive index, consisting of five pillars: human, social, natural, physical, and financial. A structural equation model is also applied to determine the indicators and relationships that exist between the observed environmental changes and the quality of life. Using survey data to model the results, a value of 0.382 is derived as the vulnerability level for San Pedro, where values closer to zero indicates lower vulnerability and values closer to one indicates higher vulnerability. The results showed the social pillar to be most vulnerable, with the indicator ‘participation’ ranked the highest in its cohort. Although, the environmental pillar is ranked as least vulnerable, the indicators ‘hazard’ and ‘biodiversity’ obtained scores closer to 0.4, suggesting that changes in the environment are occurring from natural and anthropogenic activities. These changes can negatively influence the quality of life as illustrated in the structural equation modelling. The study concludes by reporting on the need for collective action and participation by households in lowering vulnerability to ensure sustainable development and livelihood.

Keywords: climate change, participation, San Pedro, structural equation model, vulnerability index

Procedia PDF Downloads 581