DIRECTED FUZZING FOR VULNERABILITY DETECTION

Organization Name

SAP SE

Inventor(s)

Tom Ganz of Karlsruhe (DE)

Martin Haerterich of Wiesloch (DE)

Philipp Rall of Darmstadt (DE)

DIRECTED FUZZING FOR VULNERABILITY DETECTION - A simplified explanation of the abstract

This abstract first appeared for US patent application 18079611 titled 'DIRECTED FUZZING FOR VULNERABILITY DETECTION

Simplified Explanation: The patent application discusses using machine-learning models to detect vulnerabilities in applications by analyzing source code and utilizing directed fuzzing to identify potential weaknesses.

Key Features and Innovation:

• Machine-learning models trained to detect vulnerabilities in applications.
• Source code analysis to identify potential vulnerabilities.
• Directed fuzzing to provide a range of inputs to source code.
• Integration of multiple explanation methods to identify vulnerable code segments.

Potential Applications: This technology can be applied in software development, cybersecurity, and quality assurance processes to enhance the security and reliability of applications.

Problems Solved: This technology addresses the challenge of identifying and mitigating vulnerabilities in applications that could be exploited by malicious actors.

Benefits:

• Improved application security.
• Enhanced detection of potential vulnerabilities.
• Streamlined software development processes.

Commercial Applications: The technology can be utilized by software development companies, cybersecurity firms, and quality assurance teams to enhance the security and reliability of their applications, potentially leading to increased customer trust and satisfaction.

Prior Art: Researchers and developers in the fields of cybersecurity, software development, and machine learning may have explored similar techniques for vulnerability detection in applications.

Frequently Updated Research: Ongoing research in the fields of machine learning, cybersecurity, and software development may provide further advancements and insights into the application of this technology.

Questions about Vulnerability Detection Technology: 1. How does machine learning play a role in detecting vulnerabilities in applications? 2. What are the potential implications of not addressing vulnerabilities in software applications?

Original Abstract Submitted

Applications may contain vulnerabilities to attack via malicious inputs. Machine-learning models may be trained to detect these vulnerabilities by accepting source code as input and outputting a probability that each of a set of vulnerabilities exists in the source code. Explanation methods may identify one or more locations within the source code that are likely to cause the vulnerability. Directed fuzzing provides a range of inputs to source code. The inputs that cause the source code to fail are detected and the portions of the source code that were vulnerable are identified. The results of the directed fuzzing are used to select between explanations generated by multiple explanation methods, to provide additional training data to a machine-learning model, to provide additional training data to an explanation method, or any suitable combination thereof.