Toward Smarter Vulnerability Discovery Using Machine Learning
| Title | Toward Smarter Vulnerability Discovery Using Machine Learning |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Grieco, Gustavo, Dinaburg, Artem |
| Conference Name | Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6004-3 |
| Keywords | artificial intelligence security, composability, Human Behavior, machine learning, Metrics, pubcrawl, Resiliency, Security Heuristics, Vulnerability Management |
| Abstract | A Cyber Reasoning System (CRS) is designed to automatically find and exploit software vulnerabilities in complex software. To be effective, CRSs integrate multiple vulnerability detection tools (VDTs), such as symbolic executors and fuzzers. Determining which VDTs can best find bugs in a large set of target programs, and how to optimally configure those VDTs, remains an open and challenging problem. Current solutions are based on heuristics created by security analysts that rely on experience, intuition and luck. In this paper, we present Central Exploit Organizer (CEO), a proof-of-concept tool to optimize VDT selection. CEO uses machine learning to optimize the selection and configuration of the most suitable vulnerability detection tool. We show that CEO can predict the relative effectiveness of a given vulnerability detection tool, configuration, and initial input. The estimation accuracy presents an improvement between \$11%\$ and \$21%\$ over random selection. We are releasing CEO and our dataset as open source to encourage further research. |
| URL | https://dl.acm.org/citation.cfm?doid=3270101.3270107 |
| DOI | 10.1145/3270101.3270107 |
| Citation Key | grieco_toward_2018 |