Vulnerability Discovery using Machine Learning

Loading Map....

Date/Time
Date(s) - 09/10/2015
11:00 - 12:00

Location
IRISA / INRIA Rennes

Category(ies)


Orateur:
Konrad Rieck (Georg-August Universität Göttingen)
Lieu:
IRISA Rennes – Campus de Beaulieu, Salles Petri & Turing (entrée par bât. 12F)

Résumé/Abstract

The discovery of vulnerabilities in source code is a key for securing computer systems. While specific types of security flaws can be identified automatically, in the general case the process of finding vulnerabilities cannot be automated and vulnerabilities are mainly discovered by manual analysis. In this talk, we present two approaches that aim at assisting a security analyst during auditing of source code, instead of replacing her. These approaches combine concepts of program analysis and machine learning, which allows for spotting vulnerable code more effectively and efficiently. We first cover the extrapolation of vulnerabilities as a starting point for finding potentially vulnerable code and then proceed to the automatic identification of missing and incomplete security checks.

If you want to talk with Konrad on Friday, please contact: colas.le-guernic@inria.fr