SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Machine Learning to Detect Software Vulnerabilities
Date    Wednesday January 09 2019, @02:52PM
Author    takyon
Topic   
from the starving-programmers dept.
https://soylentnews.org/article.pl?sid=19/01/09/1332241

fliptop writes:

Bruce Schneier thinks the problem of finding software vulnerabilities seems well-suited for machine-learning (ML) systems:

Going through code line by line is just the sort of tedious problem that computers excel at, if we can only teach them what a vulnerability looks like. There are challenges with that, of course, but there is already a healthy amount of academic literature on the topic -- and research is continuing. There's every reason to expect ML systems to get better at this as time goes on, and some reason to expect them to eventually become very good at it.

Finding vulnerabilities can benefit both attackers and defenders, but it's not a fair fight. When an attacker's ML system finds a vulnerability in software, the attacker can use it to compromise systems. When a defender's ML system finds the same vulnerability, he or she can try to patch the system or program network defenses to watch for and block code that tries to exploit it.

But when the same system is in the hands of a software developer who uses it to find the vulnerability before the software is ever released, the developer fixes it so it can never be used in the first place. The ML system will probably be part of his or her software design tools and will automatically find and fix vulnerabilities while the code is still in development.


Original Submission

Links

  1. "fliptop" - https://soylentnews.org/~fliptop/
  2. "well-suited for machine-learning (ML) systems" - https://www.schneier.com/blog/archives/2019/01/machine_learnin.html
  3. "already" - https://arxiv.org/pdf/1807.04320.pdf
  4. "a" - https://arxiv.org/abs/1803.04497
  5. "healthy" - https://dl.acm.org/citation.cfm?id=3180453
  6. "amount" - https://aip.scitation.org/doi/pdf/10.1063/1.5033718
  7. "of" - https://www.ndss-symposium.org/wp-content/uploads/sites/25/2018/02/ndss2018_03A-2_Li_paper.pdf
  8. "academic" - http://www.mdpi.com/2071-1050/10/5/1652/pdf
  9. "literature" - https://dspace.ou.nl/bitstream/1820/9725/1/Kronjee%20J%20IM9906%20AF%20scriptie.pdf
  10. "and" - https://www.oreilly.com/ideas/how-machine-learning-can-be-used-to-write-more-secure-computer-programs
  11. "research" - http://www.vdiscover.org/
  12. "is" - https://techxplore.com/news/2018-07-machine-software-vulnerabilities.html
  13. "continuing" - https://sdtimes.com/deep-neural-networks/microsoft-uses-machine-learning-combat-security-vulnerabilities/
  14. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=31055

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Machine Learning to Detect Software Vulnerabilities on 2024-03-29 01:15:52