alt text




VDiscover makes large-scale vulnerability discovery possible
using state-of-the-art Machine Learning techniques.










Why

With sustained growth of software complexity, finding security vulnerabilities in operating systems has become an important necessity. Very well known vulnerability detection techniques like static analysis, symbolic execution or fuzzing are very costly to be used in a large amount of test cases.

That is why we present a predictive approach to vulnerability discovery that:

  • Uses lightweight feature extraction to be scalable.
  • Is fully automatic and adaptive to be trained using different vulnerability detection techniques.
  • Works directly on test cases without source code.
  • It is open-source.
How

Given a vulnerability discovery procedure and a large amount of test cases to analyze,




alt text




VDiscover is trained to predict the result of a costly analysis extracting different sets of features. This procedure was designed to be fully automatic and very lightweight. Features are directly extracted from executable files without the source code using lightweight dynamic or static analysis.




alt text




Later, our tool can predict the outcome of the vulnerability discover procedure previously used.




alt text




For further details, a technical report is available as well as an open-source prototype.

Where

VDiscover is open-source, you can test it here:

git clone https://github.com/CIFASIS/VDiscover.git
cd VDiscover
python setup.py install --user

A practical example of VDiscover:

(Sort of) documentation is available:

Who

VDiscover was researched and developed by:



For general enquiries and feedback, contact us here.