Abstract
Developers use cryptographic primitives like block ciphers and message authenticate codes (MACs) to secure data and communications. Cryptographers know there is a right way and a wrong way to use these primitives, where the right way provides strong security guarantees and the wrong way invariably leads to trouble. This work analyzes cryptography misuse by software developers, from their contributions to online forums on cryptography-based security and cryptographic programming. Over the last few years, researchers proposed a multitude of automated bug-detection approaches that mine a class of bugs that we call API misuses. We also found that cryptographic bad practices frequently occur in pairs or triples. We related triple associations to use cases and tasks, characterizing worst case scenarios of cryptography misuse. In this paper, we proposed to design a modernized misuse detection System which consist method to find misuse detection. Our system proposed to find pattern of cryptography strength, which is profiled using an algorithm called Enhanced Apriori Algorithm.
Keywords: MACs; Cryptography; Apriori Algorithm; Bug-Detection; API Misuses;
References
Ye Changguo , “The Research on the Application of Association Rules Mining Algorithm in NetworkIntrusion Detection” Transactions on Software Engineering, IEEECommunicationMagazine.
2. Aly Ei-Semary, Janica Edmonds, Jesus Gonzalez-Pino, Mauricio Papa, “Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection”, in the Proceedings of Workshop on Information Assurance United States Military Academy 2006, IEEE Communication Magazine, West Point, Y,DOI:10.1109/IAW.2006/652083.
Amir Azimi, Alasti, Ahrabi, Ahmad Habibizad Navin, Hadi Bahrbegi, “A New System for Clustering &
Classification of Intrusion Detection System Alerts Using SOM”, International Journal of Computer
Science & Security, Vol: 4, Issue: 6, pp-589-597, 2011.Anderson.J.P, “Computer Security Threat Monitoring & Surveilance”, Technical Report, James P Anderson
co., Fort Washington, Pennsylvania, 1980.Denning .D.E, ”An Intrusion Detection Model”, Transactions on Software Engineering, IEEE Communication
Magazine, 1987,SE-13, PP-222232,DOI:10.1109/TSE.1987.232894.Dewan Md, Farid, Mohammed Zahidur Rahman, “Anomaly Network Intrusion Detection Based on Improved Self Adaptive Bayesian Algorithm”, Journal of Computers, Vol 5, pp-23-31, Jan 2010, DOI:10.4.304/jcp 5.1.
Jake Ryan, Meng - Jang Lin, Risto Miikkulainen,”Intrusion Detection With Neural Networks”, Advances in
Neural Information Processing System 10, Cambridge, MA:MIT Press,1998,DOI:10.1.1.31.3570.Jin-Ling Zhao, Jiu-fen Zhao ,Jian-Jun Li, “Intrusion Detection Based on Clustering Genetic Algorithm”, in
Proceedings of International Conference on Machine Learning & Cybernetics (ICML), 2005, IEEE Communication Magazine,ISBN:07803-9091DOI:10.1109/ICML.2005.1527621.Norouzian.M.R, Merati.S, “Classifying Attacks in a Network Intrusion Detection System Based on Artificial
Neural Networks”, in the Proceedings of 13th International Conference on
Advanced Communication Technology (ICACT), 2011, ISBN:978-1-42448830-8, pp-868-873.