On the Resilience of Traditional AI Algorithms Toward Poisoning Attacks for Vulnerability Detection

IF 2.6 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

IET Information Security Pub Date : 2025-10-11 DOI:10.1049/ise2/9997989

Lorena González-Manzano, Joaquin Garcia-Alfaro

{"title":"On the Resilience of Traditional AI Algorithms Toward Poisoning Attacks for Vulnerability Detection","authors":"Lorena González-Manzano, Joaquin Garcia-Alfaro","doi":"10.1049/ise2/9997989","DOIUrl":null,"url":null,"abstract":"<p>The complexity of implementations and the interconnection of assorted systems and devices facilitate the emergence of vulnerabilities. Detection systems are developed to fight against this security issue, being the use of artificial intelligence (AI) a common practice. However, the use of AI is not without its problems, especially those affecting the training phase. This article tackles this issue by characterizing the resilience against poisoning attacks using a benchmark for vulnerability detection, extracting simple code features while applying traditional AI algorithms. These choices are beneficial for the fast processing of vulnerabilities required in a triage process. The study is carried out in C#, C/C++, and PHP. Results show that the vulnerability detection process is specially affected beyond 20% of false data. Remarkably, detecting some of the most frequent common weakness enumeration (CWE) is altered even with lower poison rates. Overall, <i>K</i>-nearest-neighbor (KNN) and support vector machine (SVM) are the most resilient in C# and C/C++, while multilayer perceptron (MLP) in PHP. Indeed, vulnerability detection in PHP is less affected by attacks, while C# and C/C++ present comparable results.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6000,"publicationDate":"2025-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9997989","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ise2/9997989","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The complexity of implementations and the interconnection of assorted systems and devices facilitate the emergence of vulnerabilities. Detection systems are developed to fight against this security issue, being the use of artificial intelligence (AI) a common practice. However, the use of AI is not without its problems, especially those affecting the training phase. This article tackles this issue by characterizing the resilience against poisoning attacks using a benchmark for vulnerability detection, extracting simple code features while applying traditional AI algorithms. These choices are beneficial for the fast processing of vulnerabilities required in a triage process. The study is carried out in C#, C/C++, and PHP. Results show that the vulnerability detection process is specially affected beyond 20% of false data. Remarkably, detecting some of the most frequent common weakness enumeration (CWE) is altered even with lower poison rates. Overall, K-nearest-neighbor (KNN) and support vector machine (SVM) are the most resilient in C# and C/C++, while multilayer perceptron (MLP) in PHP. Indeed, vulnerability detection in PHP is less affected by attacks, while C# and C/C++ present comparable results.

Abstract Image

查看原文本刊更多论文

基于漏洞检测的传统AI算法对投毒攻击的弹性研究

实现的复杂性和各种系统和设备的互连促进了漏洞的出现。检测系统的开发是为了解决这一安全问题，使用人工智能（AI）是一种常见的做法。然而，人工智能的使用也不是没有问题，尤其是那些影响训练阶段的问题。本文通过使用漏洞检测基准描述针对中毒攻击的弹性来解决这个问题，在应用传统AI算法的同时提取简单的代码特征。这些选择有利于快速处理分类过程中所需的漏洞。该研究是在c#， C/ c++和PHP中进行的。结果表明，漏洞检测过程特别受影响的虚假数据超过20%。值得注意的是，即使中毒率较低，检测一些最常见的常见弱点枚举（CWE）也会发生变化。总体而言，k -近邻（KNN）和支持向量机（SVM）在c#和C/ c++中最具弹性，而多层感知机（MLP）在PHP中最具弹性。实际上，PHP中的漏洞检测受攻击的影响较小，而c#和C/ c++的结果与之相当。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Information Security 工程技术-计算机：理论方法

CiteScore

3.80

自引率

7.10%

发文量

审稿时长

8.6 months

期刊介绍： IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls. Scope: Access Control and Database Security Ad-Hoc Network Aspects Anonymity and E-Voting Authentication Block Ciphers and Hash Functions Blockchain, Bitcoin (Technical aspects only) Broadcast Encryption and Traitor Tracing Combinatorial Aspects Covert Channels and Information Flow Critical Infrastructures Cryptanalysis Dependability Digital Rights Management Digital Signature Schemes Digital Steganography Economic Aspects of Information Security Elliptic Curve Cryptography and Number Theory Embedded Systems Aspects Embedded Systems Security and Forensics Financial Cryptography Firewall Security Formal Methods and Security Verification Human Aspects Information Warfare and Survivability Intrusion Detection Java and XML Security Key Distribution Key Management Malware Multi-Party Computation and Threshold Cryptography Peer-to-peer Security PKIs Public-Key and Hybrid Encryption Quantum Cryptography Risks of using Computers Robust Networks Secret Sharing Secure Electronic Commerce Software Obfuscation Stream Ciphers Trust Models Watermarking and Fingerprinting Special Issues. Current Call for Papers: Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf