VDiscover makes large-scale vulnerability discovery possible
using state-of-the-art Machine Learning techniques.
Why
With sustained growth of software complexity, finding security vulnerabilities in operating systems has become an important necessity. Very well known vulnerability detection techniques like static analysis, symbolic execution or fuzzing are very costly to be used in a large amount of test cases.
That is why we present a predictive approach to vulnerability discovery that:
- Uses lightweight feature extraction to be scalable.
- Is fully automatic and adaptive to be trained using different vulnerability detection techniques.
- Works directly on test cases without source code.
- It is open-source.
How
Given a vulnerability discovery procedure and a large amount of test cases to analyze,
VDiscover is trained to predict the result of a costly analysis extracting different sets of features. This procedure was designed to be fully automatic and very lightweight. Features are directly extracted from executable files without the source code using lightweight dynamic or static analysis.
Later, our tool can predict the outcome of the vulnerability discover procedure previously used.
For further details, a technical report is available as well as an open-source prototype.
Where
VDiscover is open-source, you can test it here:
git clone https://github.com/CIFASIS/VDiscover.git
cd VDiscover
python setup.py install --user
