Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Machine Learning to Detect Software Vulnerabilities

posted by takyon on Wednesday January 09 2019, @02:52PM   Printer-friendly
from the starving-programmers dept.

fliptop writes:

Bruce Schneier thinks the problem of finding software vulnerabilities seems well-suited for machine-learning (ML) systems:

Going through code line by line is just the sort of tedious problem that computers excel at, if we can only teach them what a vulnerability looks like. There are challenges with that, of course, but there is already a healthy amount of academic literature on the topic -- and research is continuing. There's every reason to expect ML systems to get better at this as time goes on, and some reason to expect them to eventually become very good at it.

Finding vulnerabilities can benefit both attackers and defenders, but it's not a fair fight. When an attacker's ML system finds a vulnerability in software, the attacker can use it to compromise systems. When a defender's ML system finds the same vulnerability, he or she can try to patch the system or program network defenses to watch for and block code that tries to exploit it.

But when the same system is in the hands of a software developer who uses it to find the vulnerability before the software is ever released, the developer fixes it so it can never be used in the first place. The ML system will probably be part of his or her software design tools and will automatically find and fix vulnerabilities while the code is still in development.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Machine Learning to Detect Software Vulnerabilities | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by DannyB on Wednesday January 09 2019, @09:25PM

    by DannyB (5839) Subscriber Badge on Wednesday January 09 2019, @09:25PM (#784280) Journal

    Machine Learning that identifies patterns unique to tech-illiterate, gullible, naive, and highly exploitable USERS.

    Wouldn't those targets be just as valuable, perhaps more so, than software vulnerabilities.

    You can protect against an implementation error or a design flaw. But can you really protect from an idiot? (yes. Yes. I said Yes. Ooops, I didn't mean to delete that! It must be the vendor's fault! Blame Canada! Etc)

    By looking at enough social media data it might be possible to spot (1) suckers who can be conned out of money sent to nigeria, and (2) walking security exploits that will send their password to "the IT guy" who called them to help fix a problem they didn't know existed.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2