Machine Learning vs Software Vulnerability Detection: Applicability Analysis and Conceptual System Synthesis

Proceedings of Telecommunication Universities Pub Date : 2023-12-25 DOI:10.31854/1813-324x-2023-9-6-83-94

N. Leonov, M. Buinevich

{"title":"Machine Learning vs Software Vulnerability Detection: Applicability Analysis and Conceptual System Synthesis","authors":"N. Leonov, M. Buinevich","doi":"10.31854/1813-324x-2023-9-6-83-94","DOIUrl":null,"url":null,"abstract":"The article is devoted to the searching for vulnerabilities in software problem, as well as the possibilities of application of such a promising area in information technology as machine learning. For this purpose, a review of scientific publications in this area from Russian and foreign citation databases is made. A comparative analysis of the review's results was made according to the following criteria: publication year, application field, idea, solved problem of machine learning, degree of realization of its models and methods; for each criterion basic conclusions were drawn. As a result, 7 principles of building a new conceptual system of searching for vulnerabilities in software with the help of machine learning are proposed, the short meaning of which is as follows: program's multilateral study, combination of known methods, the use of machine learning in each method and algorithm of its management, the possibility of correcting the expert's work, storing information in a database and its synchronization with external, advisory nature of the found vulnerabilities; single software application usage. Based on the stated principles, a graphical scheme of such a system has been developed.","PeriodicalId":298883,"journal":{"name":"Proceedings of Telecommunication Universities","volume":"20 17","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-12-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of Telecommunication Universities","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.31854/1813-324x-2023-9-6-83-94","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The article is devoted to the searching for vulnerabilities in software problem, as well as the possibilities of application of such a promising area in information technology as machine learning. For this purpose, a review of scientific publications in this area from Russian and foreign citation databases is made. A comparative analysis of the review's results was made according to the following criteria: publication year, application field, idea, solved problem of machine learning, degree of realization of its models and methods; for each criterion basic conclusions were drawn. As a result, 7 principles of building a new conceptual system of searching for vulnerabilities in software with the help of machine learning are proposed, the short meaning of which is as follows: program's multilateral study, combination of known methods, the use of machine learning in each method and algorithm of its management, the possibility of correcting the expert's work, storing information in a database and its synchronization with external, advisory nature of the found vulnerabilities; single software application usage. Based on the stated principles, a graphical scheme of such a system has been developed.

查看原文本刊更多论文

机器学习与软件漏洞检测：适用性分析和概念系统综合

这篇文章专门讨论软件问题中的漏洞搜索，以及应用机器学习这一信息技术中前景广阔的领域的可能性。为此，我们查阅了俄罗斯和国外引文数据库中该领域的科学出版物。根据以下标准对审查结果进行了比较分析：出版年份、应用领域、想法、机器学习已解决的问题、其模型和方法的实现程度；针对每个标准得出了基本结论。因此，提出了在机器学习的帮助下构建软件漏洞搜索新概念系统的 7 项原则，其简要含义如下：程序的多边研究、已知方法的组合、在每种方法中使用机器学习及其管理算法、修正专家工作的可能性、将信息存储在数据库中并与外部同步、所发现漏洞的咨询性质、单一软件应用程序的使用。基于上述原则，我们开发了这样一个系统的图形方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of Telecommunication Universities

自引率

0.00%

发文量