Abstract
Security vulnerability research is the core content of information security research. Faced with the increasing scale of software, security vulnerabilities have brought unprecedented severe challenges, artificial methods have been unable to meet the demand of the research. How to apply artificial intelligence technology such as machine learning and natural language processing to security vulnerability research has become an urgent issue. This paper summarizes the common research methods of vulnerability, expounds the key technology of intelligent vulnerability research, points out that intelligent vulnerability mining is the focus of research on security vulnerability based on artificial intelligence, analyzes and summarizes the latest research results in related fields in recent years, puts forward the existing problems, and gives the corresponding solutions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Zhang, Y.Q., Gong, Y.F., Wang, H.: Vulnerability identification and description specification. National Information Security Standardization Technical Committee
Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85–95 (2006)
Chowdhury, I., Zulkernine, M.: Using complexity, coupling and cohesion metrics as early indicators of vulnerabilities. J. Syst. Arch. 57(3), 294–313 (2011)
Chowdhury, I., Zulkernine, M.: Can complexity, coupling and cohesion metrics be used as early indicators of vulnerabilities, pp. 1963–1969 (2010)
Meng, Q., Wen, S., Zhang, B.: Automatically discover vulnerability through similar functions, pp. 3657–3661 (2016)
Medeiros, I., Neves, N., Correia, M.: Detecting and removing web application vulnerabilities with static analysis and data mining. IEEE Trans. Reliab. 65(1), 54–69 (2016)
Yamaguchi, F., Maier, A., Gascon, H.: Automatic inference of search patterns for taint-style vulnerabilities. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 797–812 (2015)
Wang, D., Lin, M., Zhang, H.: Detect related bugs from source code using bug information. Computer Software and Applications Conference (COMPSAC), pp. 228–237 (2010)
Yamaguchi, F., Lottmann, M., Rieck, K.: Generalized vulnerability extrapolation using abstract syntax trees. In: The 28th Annual Computer Security Applications Conference, pp. 359–368 (2012)
Yamaguchi, F., Wressnegger, C., Gascon, H.: Chucky: exposing missing checks in source code for vulnerability discovery. In: The 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 499–510 (2013)
Meng, Q., Wen, S., Zhang, B.: Automatically discover vulnerability through similar functions. In: Progress in Electromagnetic Research Symposium (PIERS), pp. 3657–3661 (2016)
Meng, Q., Zhang, B., Feng, C.: Detecting buffer boundary violations based on SVM. In: 3rd International Conference on Information Science and Control Engineering (ICISCE), pp. 313–316 (2016)
Heo, K., Oh, H., Yi, K.: Machine-learning-guided selectively unsound static analysis. In: The 39th International Conference on Software Engineering, pp. 519–529 (2017)
Grieco, G., Grinblat, G.L., Uzal, L.: Toward large-scale vulnerability discovery using machine learning. In: The Sixth ACM Conference on Data and Application Security and Privacy, pp. 85–96 (2016)
Godefroid, P., Peleg, H., Singh, R.: Learn&Fuzz: machine learning for input fuzzing. In: The 32nd IEEE/ACM International Conference on Automated Software Engineering, pp. 50–59 (2017)
Pang, Y., Xue, X., Wang, H.: Predicting vulnerable software components through deep neural network. In: The 2017 International Conference on Deep Learning Technologies, pp. 6–10. (2017)
Wu, F., Wang, J., Liu, J.: Vulnerability detection with deep learning. In: 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1298–1302 (2017)
Li, Z., Zou, D., Xu, S.: VulDeePecker: a deep learning-based system for vulnerability detection (2018)
Younis, A., Malaiya, Y., Anderson, C.: To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In: The Sixth ACM Conference on Data and Application Security and Privacy, pp. 97–104 (2016)
Allodi, L., Massacci, F.: A preliminary analysis of vulnerability scores for attacks in wild: the EKITS and SYM datasets. In: The 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 17–24 (2012)
Shin, Y., Meneely, A., Williams, L.: Evaluating complexity, code churn and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Softw. Eng. 37(6), 772–787 (2011)
Ben, O.L., Chehrazi, G., Bodden, E.: Factors impacting the effort required to fix security vulnerabilities. In: International Information Security Conference, pp. 102–119 (2015)
Acknowledgement
This paper is supported by Hubei Provincial Education Department of Scientific Research Project of B2017420.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhu, Q., Liang, L. (2019). Research on Security Vulnerabilities Based on Artificial Intelligence. In: Huang, DS., Bevilacqua, V., Premaratne, P. (eds) Intelligent Computing Theories and Application. ICIC 2019. Lecture Notes in Computer Science(), vol 11643. Springer, Cham. https://doi.org/10.1007/978-3-030-26763-6_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-26763-6_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26762-9
Online ISBN: 978-3-030-26763-6
eBook Packages: Computer ScienceComputer Science (R0)