DETECTING APPLICATION ANOMALIES: MACHINE LEARNING APPROACH

In the modern era, world has completely relied on software technology. As software applications became highly demanded, security concerns have arrived. Application security has become one of the chief concerns where companies have to protect their systems from vulnerabilities. Various other securities include mobile or end-point security, operation system security and network security. All these security categories are intended to protect their users and clients from the malicious intents and hackers. Application security became a prime requirement. Security risks of the applications are enveloped and lead to direct threat to the available business. All the application vulnerabilities take the advantage to compromise the software application security. Once a flaw is been found and private data access is determined, attacker will have capability to exploit the software application vulnerability to facilitate cyber crimes. The confidentiality of the data, availability and integrity of resources are targeted by the cyber crimes (“What is Application Security?” 2019). Overall, more than 13% of the reviewed sites were compromised with the web application security vulnerabilities and they are not completely extinct even with the traditional security methodologies (Application Security Vulnerability, 2014). In order to resolve these numerous common security issues, few of the detection, remediation and prevention techniques are to be used which includes defensive programming, sophisticated input validation, dynamic checks, and static source code analysis. In this paper, runtime environment framework is been introduced. This research study extracted few publications. All the publications considered various approaches to resolve the issue. In this research paper framework, machine learning is utilized to train and predict the output. Firstly, a sample java code is executed in various CPU cores and the generated output files are collected. These output files are then used to train machine learning. Machine learning results are then compared with actual output for decision statement

A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

This paper presents DeepTective, a deep learning approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective achieves near perfect classification on the synthetic dataset, and an F1 score of 88.12% on the realistic dataset, outperforming related approaches. We validate DeepTective in the wild by discovering 4 novel vulnerabilities in established WordPress plugins.Comment: A poster version of this paper appeared as https://doi.org/10.1145/3412841.344213

Finding and Exploiting Vulnerabilities in Embedded TCP/IP Stacks

In the context of the rapid development of IoT technology, cyber-attacks are becoming more frequent, and the damage caused by cyber-attacks is remaining obstinately high. How to take the initiative in the rivalry with attackers is a major problem in today's era of the Internet. Vulnerability research is of great importance in this contest, especially the study of vulnerability detection and exploitation methodologies. The objective of the thesis is to examine vulnerabilities in DNS client implementations of embedded TCP/IP stacks, specifically in terms of vulnerability detection and vulnerability exploitation research. In the thesis, a detection method is developed for some anti-patterns in DNS client implementations using a static analysis platform. We tested it against 10 embedded TCP/IP stacks, the result shows that the developed detection method has high precision for detecting the vulnerabilities found by the Forescout research labs with a total of 88% accuracy. For different anti-patterns, the method has different detection precision and it is closely related to the implementation of the detection queries. The thesis also conducted vulnerability exploitation research for a heap overflow vulnerability that exists in a DNS client implementation of a popular TCP/IP stack. A proof-of-concept of this exploitation is developed. Though there are many constraints for successful exploitations, the ability to conduct remote code execution attacks still makes exploitation of heap overflow vulnerability dangerous. In addition, attacks against TCP/IP stacks can take advantage of the stacks and make it possible for an attacker to exploit vulnerabilities in other devices. Often it takes a huge amount of time for researchers to have deep knowledge of a codebase and to find vulnerabilities in it. But with the developed detection method, we can automate the process of locating vulnerable code patterns to add support for detecting relevant vulnerabilities. Research on the exploitation of vulnerabilities can allow us to discover the potential impact of a vulnerability from the perspective of an attacker and implement targeted defences

Discovering Software Vulnerabilities Using Data-flow Analysis and Machine Learning

We present a novel method for static analysis in which we combine data-flow analysis with machine learning to detect SQL injection (SQLi) and Cross-Site Scripting (XSS) vulnerabilities in PHP applications. We assembled a dataset from the National Vulnerability Database and the SAMATE project, containing vulnerable PHP code samples and their patched versions in which the vulnerability is solved. We extracted features from the code samples by applying data-flow analysis techniques, including reaching definitions analysis, taint analysis, and reaching constants analysis. We used these features in machine learning to train various probabilistic classifiers. To demonstrate the effectiveness of our approach, we built a tool called WIRECAML, and compared our tool to other tools for vulnerability detection in PHP code. Our tool performed best for detecting both SQLi and XSS vulnerabilities. We also tried our approach on a number of open-source software applications, and found a previously unknown vulnerability in a photo-sharing web application