Machine Learning-Based Efficient Discovery of Software Vulnerability for Internet of Things

With the development of the 5th generation of mobile communi-cation(5G)networks and artificial intelligence(AI)technologies,the use of the Internet of Things(IoT)has expanded throughout industry.Although IoT networks have improved industrial productivity and convenience,they are highly dependent on nonstandard protocol stacks and open-source-based,poorly validated software,resulting in several security vulnerabilities.How-ever,conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and com-puting power.This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy.Experimental results using a software vulnerability classification dataset showed that different optimal data sizes did not affect the learning performance of the learning models.Moreover,the minimal data size required to train a model without performance degradation could be determined in advance.For example,the random forest model saved 85.18%of memory and improved latency by 97.82%while maintaining a learning accuracy similar to that achieved when using 100%of data,despite using only 1%.

SwordDTA： A Dynamic Taint Analysis Tool for Software Vulnerability Detection

Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to detect software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible that it can work with commodity software and hardware. It can be used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number of commonly used real-world applications. The experimental results show that SwordDTA is capable of detecting at least four kinds of softavare vulnerabilities including buffer overflow, integer overflow, division by zero and use-after-free, and is applicable for a wide range of software.

An Integration Testing Framework and Evaluation Metric for Vulnerability Mining Methods

Software an important way to vulnerability mining is detect whether there are some loopholes existing in the software, and also is an important way to ensure the secu- rity of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively de- tect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the common- ly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of eval- uation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Final- ly, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testingframework, with the results showing that the final test results will serve as a form of guid- ance to aid the selection of the most appropri- ate and effective method or tools in vulnera- bility detection activity.

Attacks and defences on intelligent connected vehicles:a survey

Intelligent vehicles are advancing at a fast speed with the improvement of automation and connectivity,which opens up new possibilities for different cyber-attacks,including in-vehicle attacks(e.g.,hijacking attacks)and vehicle-to-everything communicationattacks(e.g.,data theft).These problems are becoming increasingly serious with the development of 4G LTE and 5G communication technologies.Although many efforts are made to improve the resilience to cyber attacks,there are still many unsolved challenges.This paper first identifies some major security attacks on intelligent connected vehicles.Then,we investigate and summarize the available defences against these attacks and classify them into four categories:cryptography,network security,software vulnerability detection,and malware detection.Remaining challenges and future directions for preventing attacks on intelligent vehicle systems have been discussed as well.

A Novel Vulnerability Prediction Model to Predict Vulnerability Loss Based on Probit Regression

Software vulnerability is always an enormous threat to software security. Quantitative analysis of software vulnerabilities is necessary to the evaluation and improvement of software security. Current vulnerability prediction models mainly focus on predicting the number of vulnerabilities regardless of the seriousness of vulnerabilities, therefore these models are unable to reflect the security level of software accurately. Starting from this, we propose a vulnerability prediction model based on probit regression in this paper. Unlike traditional ones, we measure the seriousness of vulnerability by the loss it causes and aim at predicting the accumulative vulnerability loss rather than the number of vulnerabilities. To validate our model, experiment is carried out on two soft- ware -- OpenSSL and Xpdf, and the experimental result shows a good performance of our model.

Software Vulnerabilities Overview:A Descriptive Study

Computer security is a matter of great interest.In the last decade there have been numerous cases of cybercrime based on the exploitation of software vulnerabilities.This fact has generated a great social concern and a greater importance of computer security as a discipline.In this work,the most important vulnerabilities of recent years are identified,classified,and categorized individually.A measure of the impact of each vulnerability is used to carry out this classification,considering the number of products affected by each vulnerability,as well as its severity.In addition,the categories of vulnerabilities that have the greatest presence are identified.Based on the results obtained in this study,we can understand the consequences of the most common vulnerabilities,which software products are affected,how to counteract these vulnerabilities,and what their current trend is.

JFinder:A novel architecture for java vulnerability identification based quad self-attention and pre-training mechanism

Software vulnerabilities pose significant risks to computer systems,impacting our daily lives,productivity,and even our health.Identifying and addressing security vulnerabilities in a timely manner is crucial to prevent hacking and data breaches.Unfortunately,current vulnerability identification methods,including classical and deep learning-based approaches,exhibit critical drawbacks that prevent them from meeting the demands of the contemporary software industry.To tackle these issues,we present JFinder,a novel architecture for Java vulnerability identification that leverages quad self-attention and pre-training mechanisms to combine structural information and semantic representations.Experimental results demonstrate that JFinder outperforms all baseline methods,achieving an accuracy of 0.97 on the CWE dataset and an F1 score of 0.84 on the PROMISE dataset.Furthermore,a case study reveals that JFinder can accurately identify four cases of vulnerabilities after patching.

A Vulnerability Model Construction Method Based on Chemical Abstract Machine

It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine（CHAM） is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.