Sciweavers

Share
CODASPY
2016

Toward Large-Scale Vulnerability Discovery using Machine Learning

3 years 24 days ago
Toward Large-Scale Vulnerability Discovery using Machine Learning
With sustained growth of software complexity, finding security vulnerabilities in operating systems has become an important necessity. Nowadays, OS are shipped with thousands of binary executables. Unfortunately, methodologies and tools for an OS scale program testing within a limited time budget are still missing. In this paper we present an approach that uses lightweight static and dynamic features to predict if a test case is likely to contain a software vulnerability using machine learning techniques. To show the effectiveness of our approach, we set up a large experiment to detect easily exploitable memory corruptions using 1039 Debian programs obtained from its bug tracker, collected 138,308 unique execution traces and statically explored 76,083 different subsequences of function calls. We managed to predict with reasonable accuracy which programs contained dangerous memory corruptions. We also developed and implemented VDiscover, a tool that uses state-of-the-art Machine Lea...
Gustavo Grieco, Guillermo Luis Grinblat, Lucas C.
Added 31 Mar 2016
Updated 31 Mar 2016
Type Journal
Year 2016
Where CODASPY
Authors Gustavo Grieco, Guillermo Luis Grinblat, Lucas C. Uzal, Sanjay Rawat, Josselin Feist, Laurent Mounier
Comments (0)
books