Glitch prediction boosted
Local experts say they have improved the ability to predict software vulnerabilities.
New research from Monash University presents a highly effective approach to predict vulnerabilities in software code and strengthen cybersecurity.
Software vulnerabilities are possible across all systems that are built using source codes, causing a variety of problems including deadlock, hacking or even system failures. Thus, early predictions of vulnerabilities are critical for security software systems.
To help combat this, Monash researchers have developed the ‘LineVul’ approach, which can increase accuracy in predicting software vulnerabilities by more than 300 percent while spending only half the usual amount of time and effort, when compared to current best-in-class prediction tools.
LineVul is also able to guard against the top 25 most dangerous and common weaknesses in source codes, and can be applied broadly to strengthen cybersecurity across any application built with source code.
Researcher Dr Chakkrit Tantithamthavorn says standard software programs contain millions to billions of lines of code and often take a significant amount of time to identify and rectify vulnerabilities.
“Current state-of-the-art machine learning-based vulnerability prediction tools are still inaccurate and are only able to identify general areas of weakness in the source codes,” Dr Tantithamthavorn said.
“With the proposed LineVul approach we are not only able to predict the most critical areas of vulnerability but also are able to specifically identify the location of vulnerabilities down to the exact line of code.”
Research co-author PhD candidate Michael Fu said the LineVul approach was tested against large-scale real-world datasets with more than 188 thousand lines of software code.
“Software developers normally spend a substantial amount of time trying to identify vulnerabilities in code either during the development process or after the program has been implemented. The existence of vulnerabilities, especially after the implementation of the program, can potentially expose software systems to dangerous cyberattacks,” he said.
“The LineVul approach can be broadly applied across any software system to strengthen applications against cyberattacks and can be a significant tool for developers especially in safety-critical areas like software used by the Australian government, defence, finance sectors etc.”
Future research building on the LineVul approach includes the development of new methods to automatically suggest corrections for vulnerabilities in software code.