Monash researchers develop new code security tool
Monash University researchers have developed a new approach to predicting software vulnerabilities that promises to improve accuracy by more than 300%.
The new technique, developed at the university’s Faculty of Information Technology, could also potentially halve time and effort needed compared to current leading prediction tools.
The proposed LineVul approach is able to safeguard against the top 25 most dangerous and common weaknesses in source codes, and can be applied broadly to strengthen cybersecurity across any application built with source code.
Research co-author Dr Chakkrit Tantithamthavorn said modern software programs contain millions to billions of lines of code and it often takes a significant amount of time to identify and rectify vulnerabilities.
“Current state-of-the-art machine learning-based vulnerability prediction tools are still inaccurate and are only able to identify general areas of weakness in the source codes,” he said.
“With the proposed LineVul approach, we are not only able to predict the most critical areas of vulnerability but also are able to specifically identify the location of vulnerabilities down to the exact line of code.”
The approach has been tested against large-scale real-world datasets with more than 188,000 lines of software code, according to co-author and PhD candidate Michael Fu.
“The LineVul approach can be broadly applied across any software system to strengthen applications against cyber attacks and can be a significant tool for developers especially in safety-critical areas like software used by the Australian Government, defence, finance [and other key] sectors,” Fu said.
The researchers are now working on developing new methods to automatically suggest corrections for vulnerabilities in software code.
ISACA identifies gaps in AI knowledge, training and policies
85% of digital trust professionals say they will need to increase their AI skills and knowledge...
VNC accounts for nearly all remote desktop attacks
Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...
Vectra AI expands platform to combat GenAI threats
Vectra AI has announced new enhancements to its AI-driven platform aimed at protecting businesses...