Nowadays, there is a fundamental imbalance between attackers and defenders. Crowdsourced tests level the playing field. However, the concern about vulnerability leaks severely limits the widespread of crowdsourced tests. Existing crowdsourced test platforms have adopt various technical or management approaches to protect applications or systems under test, but none of them is able to remove the concerns about vulnerability leaks. This paper provides a generic architecture to discover the white hat who finds a vulnerability but conceals it. The architecture is not only valid for public vulnerabilities, but also valid for unknown vulnerabilities. Finally, the proposed architecture is tested by real vulnerabilities. The results show that, with proper rules, most of the concealing behaviors can be detected.
[1]
Kim-Kwang Raymond Choo,et al.
Shellshock Vulnerability Exploitation and Mitigation: A Demonstration
,
2017
.
[2]
Mark Harman,et al.
A survey of the use of crowdsourcing in software engineering
,
2017,
J. Syst. Softw..
[3]
Jan Marco Leimeister,et al.
Managing crowdsourced software testing: a case study based insight on the challenges of a crowdsourcing intermediary
,
2014
.
[4]
Yuan Yu,et al.
TensorFlow: A system for large-scale machine learning
,
2016,
OSDI.
[5]
Jan Marco Leimeister,et al.
Leveraging the Power of the Crowd for Software Testing
,
2017,
IEEE Software.
[6]
Jeffrey Posluns,et al.
Snort 2.0 Intrusion Detection
,
2003
.