Vulnerability detection using data-flow graphs and SMT solvers

Abstract

Vulnerabilities in software need identified quickly and correctly. Developers rarely develop with consideration for eliminating vulnerabilities in source code. Source code is not always available for analysis; the code may be closed-source or contain market secrets. We introduce a framework for vulnerability detection of binaries to address these concerns. The framework is modular and pipelined to allow scalable analysis on distributed systems. Our vulnerability detection framework employs machine learning techniques. By using machine learning, the framework is quickly able to predict and identify vulnerabilities with not only existing vulnerabilities, but also with new vulnerabilities. Many machine learning algorithms are also resistant to obfuscation and noise. When considering binary files, this allows the framework to process optimized and non-optimized code, as well as ignore dead code contained in the binary file.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 31, 2016
Accession Number
AD1051526

Entities

Organizations

  • University of Delaware

Tags

Communities of Interest

  • Autonomy

DTIC Thesaurus Topics

  • Algorithms
  • Artificial Intelligence Software
  • Assembly
  • Classification
  • Computer Programs
  • Detection
  • Dimensionality Reduction
  • Feature Extraction
  • Graphs
  • Information Science
  • Instructions
  • Learning
  • Machine Learning
  • Military Research
  • Neural Networks
  • Pattern Recognition
  • Supervised Machine Learning

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Neural Network Machine Learning.
  • Software Engineering.

Technology Areas

  • AI & ML
  • AI & ML - Neural Networks