A Machine Learning Approach to Detecting Security Vulnerabilities in Software.

检测软件中安全漏洞的机器学习方法。

• 批准号: RGPIN-2018-05931
• 负责人: Lie, David
• 金额: $ 2.04万
• 依托单位: University of Toronto
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=751620
• 关键词: Machine; Learning; Approach; Detecting; Security

This proposal aims to explore a new way of detecting software vulnerabilities using a novel combination of program analysis, dynamic test generation and machine learning. Currently, one of the most reliable methods for detecting software vulnerabilities is source code audits, where a developer manually inspects the source code of a program to see if vulnerabilities are present. Unfortunately, software systems are large, commonly containing tens of millions of lines of code, making it an impossible task to secure all software through manual code audits. In this proposal, we explore a better way to detect software vulnerabilities--by developing machine learning methods that will identify software vulnerabilities.The key to enabling machine learning to outperform existing vulnerability detection tools is to recognize that there are common programming patterns, embedded in the structure of code, as well as in the names of variables and functions, that can indicate the presence of a vulnerability, but for which there exists no explicit specification. Current solutions that try to mechanize the scanning of code for vulnerabilities all rely only on what is explicitly specified by the programming language or application binary interface (ABI), and do not take these implicit code patterns into account. Some tools do allow a human to hand-specify vulnerability patterns to overcome this limitation, but the huge variation in vulnerability patterns means that even with these specifications, many vulnerabilities will be missed by automated vulnerability detection tools. The key novel approach in this proposal is to use machine learning to automatically learn and utilize programming patterns, embedded in code structure and variable names, that indicate the presence of a vulnerability and use this to automatically detect vulnerabilities in software with high accuracy.We acknowledge that the capabilities of such machine-learning inference may not be completely accurate, and more likely will just indicate code that is very likely vulnerable. To make ensure the identified vulnerabilities are real, we propose combining the inference results with fuzzing, a dynamic testing method that searches for inputs that trigger vulnerabilities. Fuzzers are very effective at triggering vulnerabilities, but they have a critical weakness, which is that they must execute the vulnerable code to detect it, and without a guide to where that code might be, they are forced to generate inputs to execute every code path in a program, which is not only inefficient, but often intractable. We propose the development of new targeted fuzzers, which use hints from our machine learning to select sections of code to focus on, thus increasing the efficiency of fuzzing. Triggering the vulnerability gives unequivocal proof that the vulnerability exists, complementing the inherent imprecision of machine learning

该建议旨在使用程序分析，动态测试生成和机器学习的新型组合来探索一种检测软件漏洞的新方法。 当前，检测软件漏洞的最可靠的方法之一是源代码审核，在该方法中，开发人员手动检查程序的源代码以查看是否存在漏洞。 不幸的是，软件系统很大，通常包含数千万的代码行，这使得通过手动代码审核确保所有软件是不可能的任务。 在该建议中，我们通过开发机器学习方法来探索一种更好的方法来检测软件漏洞，这些方法将识别软件漏洞。使机器学习能够优于现有漏洞检测工具的关键是要认识到常见的编程模式，这些模式嵌入了代码结构中，在代码结构中嵌入了漏洞和漏洞的范围，这些漏洞都可以识别出来，并且能够实现范围，并且能够符合范围的范围。 试图对漏洞进行机械化扫描的当前解决方案仅依赖于编程语言或应用程序二进制界面（ABI）明确指定的问题，并且不考虑这些隐式代码模式。 某些工具确实使人可以手动指定脆弱性模式来克服这一限制，但是脆弱性模式的巨大差异意味着即使有了这些规格，自动漏洞检测工具也会错过许多漏洞。 该提案中的关键新方法是使用机器学习自动学习和利用编程模式，这些模式嵌入了代码结构和可变名称中，这表明存在脆弱性并使用它来自动检测具有高准确性的软件中的脆弱性。我们承认，这种机器核心的功能可能完全准确，并且很可能完全准确，并且可能完全是准确的。 为了确保确定的漏洞是真实的，我们建议将推理结果与模糊结果组合，这是一种动态测试方法，搜索触发漏洞的输入。 模糊器在触发漏洞方面非常有效，但是它们具有关键的弱点，也就是说，他们必须执行脆弱的代码来检测它，并且如果没有指导该代码的位置，则他们被迫生成输入以在程序中执行每个代码路径，这不仅是效率高效，而且是可行的。我们建议开发新的靶向模糊器，这些模糊器使用我们的机器学习中的提示来选择代码部分以关注，从而提高了模糊的效率。 触发脆弱性提供了脆弱性存在的明确证明，并补充了机器学习的固有不精确