Method-Level Software Security Vulnerability Prediction
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
Software professionals are well aware of the dangers of software vulnerabilities and understand the need for effective mitigation strategies.
One cutting-edge approach to tackle this challenge is utilizing machine learning to automatically and granularly predict the locations of vulnerabilities within a software system.
This approach streamlines security testing by enabling testers to prioritize their efforts and resources on the most vulnerability-prone components. Despite the immense potential of this AI-driven vulnerability prediction approach, it has not yet gained widespread adoption beyond the research community, likely due to several technical and organizational factors.
However, with conscious efforts from software professionals and other associates, this technique can potentially revolutionize the field of software security and safeguard our digital world.
To spotlight contemporary ML-driven vulnerability prediction capabilities, I am working on a novel information retrieval-driven method-level vulnerability prediction approach that uses source code representations of software artefacts to generate custom metrics for machine learning-driven vulnerability prediction
One cutting-edge approach to tackle this challenge is utilizing machine learning to automatically and granularly predict the locations of vulnerabilities within a software system.
This approach streamlines security testing by enabling testers to prioritize their efforts and resources on the most vulnerability-prone components. Despite the immense potential of this AI-driven vulnerability prediction approach, it has not yet gained widespread adoption beyond the research community, likely due to several technical and organizational factors.
However, with conscious efforts from software professionals and other associates, this technique can potentially revolutionize the field of software security and safeguard our digital world.
To spotlight contemporary ML-driven vulnerability prediction capabilities, I am working on a novel information retrieval-driven method-level vulnerability prediction approach that uses source code representations of software artefacts to generate custom metrics for machine learning-driven vulnerability prediction
Planned Impact
The EPSRC Centre for Doctoral Training in Cybersecurity will train over 55 experts in multi-disciplinary aspects of cybersecurity, from engineering to crime science and public policy.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Organisations
People |
ORCID iD |
| Jens Krinke (Primary Supervisor) | |
| Chizzy Meka (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/S022503/1 | 01/04/2019 | 23/11/2028 | |||
| 2394532 | Studentship | EP/S022503/1 | 01/10/2020 | 30/09/2024 | Chizzy Meka |