18079665. DIRECTED FUZZING FOR VULNERABILITY DETECTION simplified abstract (SAP SE)
Contents
DIRECTED FUZZING FOR VULNERABILITY DETECTION
Organization Name
Inventor(s)
Martin Haerterich of Wiesloch (DE)
Philipp Rall of Darmstadt (DE)
DIRECTED FUZZING FOR VULNERABILITY DETECTION - A simplified explanation of the abstract
This abstract first appeared for US patent application 18079665 titled 'DIRECTED FUZZING FOR VULNERABILITY DETECTION
Abstract: Applications may contain vulnerabilities to attack via malicious inputs. Machine-learning models may be trained to detect these vulnerabilities by accepting source code as input and outputting a probability that each of a set of vulnerabilities exists in the source code. Explanation methods may identify one or more locations within the source code that are likely to cause the vulnerability. Directed fuzzing provides a range of inputs to source code. The inputs that cause the source code to fail are detected and the portions of the source code that were vulnerable are identified. The results of the directed fuzzing are used to select between explanations generated by multiple explanation methods, to provide additional training data to a machine-learning model, to provide additional training data to an explanation method, or any suitable combination thereof.
Key Features and Innovation:
- Machine-learning models trained to detect vulnerabilities in source code
- Explanation methods to identify vulnerable locations within the source code
- Directed fuzzing technique to provide a range of inputs and identify vulnerable portions of the source code
- Integration of results from directed fuzzing into training data for machine-learning models and explanation methods
Potential Applications: This technology can be applied in software development, cybersecurity, and quality assurance processes to identify and mitigate vulnerabilities in applications.
Problems Solved:
- Detection of vulnerabilities in source code
- Identification of specific locations within the source code that may cause vulnerabilities
- Improving the security and reliability of applications
Benefits:
- Enhanced security measures in software development
- Early detection and mitigation of vulnerabilities
- Improved quality assurance processes
Commercial Applications: Title: Vulnerability Detection and Mitigation Technology in Software Development This technology can be utilized by software development companies, cybersecurity firms, and quality assurance teams to enhance the security and reliability of their applications. It can also be integrated into automated testing tools for continuous vulnerability assessment.
Prior Art: Researchers in the field of cybersecurity and software development have explored various techniques for vulnerability detection, including static code analysis, dynamic testing, and machine-learning approaches.
Frequently Updated Research: Stay updated on the latest advancements in vulnerability detection and mitigation techniques in software development to ensure the highest level of security for applications.
Questions about Vulnerability Detection and Mitigation Technology: 1. How does machine learning play a role in detecting vulnerabilities in source code? 2. What are the potential applications of directed fuzzing in software development and cybersecurity?
Original Abstract Submitted
Applications may contain vulnerabilities to attack via malicious inputs. Machine-learning models may be trained to detect these vulnerabilities by accepting source code as input and outputting a probability that each of a set of vulnerabilities exists in the source code. Explanation methods may identify one or more locations within the source code that are likely to cause the vulnerability. Directed fuzzing provides a range of inputs to source code. The inputs that cause the source code to fail are detected and the portions of the source code that were vulnerable are identified. The results of the directed fuzzing are used to select between explanations generated by multiple explanation methods, to provide additional training data to a machine-learning model, to provide additional training data to an explanation method, or any suitable combination thereof.
