Login
 Forum


 Doctoral program 

 Theses defended 

 Naturalized degrees 

 Habilitation presentations 

 Documents (all in Hung.) 

 Contacts 
 
 
Thesis topic proposal
 
Rudolf Ferenc
Péter Hegedűs
Machine learning aided vulnerability detection and automated mitigation techniques

THESIS TOPIC PROPOSAL

Institute: University of Szeged
computer sciences
Doctoral School of Computer Science

Thesis supervisor: Péter Hegedűs
co-supervisor: Rudolf Ferenc
Location of studies (in Hungarian): SZTE
Abbreviation of location of studies: SZTE


Description of the research topic:

Even though the rapid rise of cyber-crime activities and the growing number of software systems and devices threatened by them place software security issues in the spotlight, security concerns of programs are still neglected from time to time. According to past studies, around 90% of all attacks exploit known types of security issues. Therefore, finding vulnerable components for applying existing mitigation techniques on them might be a viable practical approach for fighting against cyber-crime.
Security vulnerabilities are very similar to bugs (i.e. most of them can be seen as special types of bugs, though not necessarily functional), however, many studies show that bug prediction models cannot be applied for finding vulnerabilities as is. This research topic focuses on finding specialized machine learning (with a special focus on deep learning) based models that are capable of predicting vulnerable code parts with high precision. This can be achieved by applying novel feature engineering methods, like applying word embedding to source code. The performance of such models should overcome the general bug prediction models and basic, rule matching based static vulnerability checkers. Nonetheless, the new contribution in this research project is not limited to enhanced model precision, but to develop models that provide predictions in an explainable way, so we can reason about why our methods predict a code part to be vulnerable. We further improve the state-of-the-art in the level of granularity of the predictions. While there is a relatively large number of prediction models that predict buggy or vulnerable components at the level of files, classes or even methods, models highlighting exact vulnerable code lines or even statements are very immature. Building such models are extremely hard but would be essential in giving proper reasoning of the predictions, which would be the foundation of practical adoption.
Most of the existing research projects in this topic stop after predicting possibly vulnerable code parts. However, a large amount of vulnerability fixing code changes are simple and can be automated. In this research topic, we give a special emphasis on finding techniques with which the predicted vulnerable code parts can be automatically fixed. Therefore, developers would not only get a list of code parts they need to check, but we could provide also the reasoning why our model thinks these code parts are vulnerable and we also show a possible solution for the issue.

Number of students who can be accepted: 1

Deadline for application: 2022-03-15


2024. IV. 17.
ODT ülés
Az ODT következő ülésére 2024. június 14-én, pénteken 10.00 órakor kerül sor a Semmelweis Egyetem Szenátusi termében (Bp. Üllői út 26. I. emelet).
 
All rights reserved © 2007, Hungarian Doctoral Council. Doctoral Council registration number at commissioner for data protection: 02003/0001. Program version: 2.2358 ( 2017. X. 31. )