Can machine learning be used to identify code vulnerabilities?

Software security is granted by the absence of bugs and weaknesses in code. As software becomes increasingly complex, often consisting of millions of lines of code, checking the code for errors becomes very costly. Despite existing static analysis tools, a high false-positive rate means this has a large manual overhead, since it is difficult to demonstrate the absence of a bug in code.

This project investigated how to use machine learning algorithms to improve on existing automated vulnerability discovery tools. This could be used to inform the development of new tools to be used alongside existing static analysis methods and formal verification where appropriate.

Citation information

Data Study Group team. (2018, September 13). Data Study Group Final Report: Dstl. Zenodo. http://doi.org/10.5281/zenodo.1418379

Additional information

Ada Elamrani-Raoult, Institut Jean Nicod, ENS, Paris
Janis Klaise, University of Warwick
Grace Lindsay, Columbia University
Miguel Morin, The Alan Turing Institute
Francisco Vargas, University of Cambridge

Turing affiliated authors