IBM developed a new technology to patch security holes

The leading security researchers at IBM have recently developed a technique to overcome almost the impact of security vulnerabilities before they are actually found. Presented at the International Information and Operation Information Technology Conference, IBM researchers said the approach used here is in conjunction with RAID18 to promote implementation of testing techniques. to create data based on supervised learning.

"While studying security vulnerability detection solutions in popular software, we stopped for a moment to think about the following issue: Everyone knows the fact that, theoretically, we It is almost impossible to find all the holes in the application manually, and the security community must always race to explore and keep up with new hacking techniques in the hope of finding them before the bad guys catch up. Exploiting, leading to efficiency in both prevention and overcoming security consequences are not high.To overcome this situation, we think that the most effective method is nothing else to enforce regulations and constantly deploying new security patches for the system '. Mr. Fady Copty, expert responsible for construction work Save sharing.

IBM developed a new technology to patch security holes Picture 1

1. New phishing attacks appear to use Google Translate as a disguise

Deploying each security patch on the application is a tedious and time-consuming task. It includes a series of steps such as determining which version of the application is vulnerable, managing this security hole, providing the patch, then deploying the patch and restart the application. Typically, patches will be deployed gradually along the route rather than overnight, so the application may still be vulnerable to vulnerability in the period after the vulnerability was discovered and preceded. when the patch is deployed. To speed up the deployment of security patches, researchers have recently introduced what is called virtual patches, distributed and deployed using intrusion detection and prevention systems. .

"Virtual patching is based on semi-manual techniques for threat analysis (application-input) showing information about vulnerabilities, and extracting signals to help identify vulnerabilities. ", Mr. Fady Copty explained. "This is a useful technique, but still requires the identification of the gap, which is not a simple problem, we all know there is an 'industry' created around the detection cycle. and patch this vulnerability, but if we can create a virtual patch with the ability to predict vulnerabilities, everything will be resolved neatly At first, this idea sounds like a task of The future, but in fact, with some insights from security testing techniques, one can find a way to develop virtual patches'.

IBM developed a new technology to patch security holes Picture 2

In general, security vulnerabilities are often discovered by looking at input data that an application error has previously appeared. This is because error handling is often considered to be less important than developing the basic functionality of the application, so that error correction work is done at a later stage. If we can do a good job of automatically creating a virtual patch, providing maximum support for SW developers in handling errors, we can take the initiative in front of security threats. honey.

1. New USB cable type allows hackers to perform remote attacks

Fady Copty and colleagues decided to solve this problem using machine learning techniques. They conducted various testing tools on the same application to create data, then used this data to train their DNN machine learning model.

"We have used test techniques to create millions of sample input results for the application, and then run the application with these inputs to identify and classify them according to the characteristics. such as: Benign, error or malicious Because we are considering handling errors, we have incorporated the error and malicious results into one class, which helps us build a model of learning setup. with classic-style monitoring, ie training a machine learning model to predict whether this new result pattern is benign or toxic, 'Copty explained.

IBM developed a new technology to patch security holes Picture 3

Instead of directly creating virtual patches against threats that may appear on an application, researchers want to set up an automated system, which can be used to patch many types of vulnerabilities, in many different types of applications to bring more efficiency. In addition, to enhance the generality of the model, researchers did not use manual feature extraction methods.

"We also want to implement this model in a complete intrusion detection system. It means that predictions must be close to real-time. A great solution to this requirement can be found in DNN. DNN's predictions are very fast, and many experts believe that DNN does not require any feature extraction. "

Fady Copty and colleagues trained a DNN model based on the data they created earlier. The model that the Copty team uses, combined with the convolutional neural network (CNN) and recurrent neural network (RNN), has achieved remarkable results in predicting the vulnerabilities before they actually cause problems.

"How can you test the ability to patch and detect a threat before it can cause any consequences? The answer is simple: We have to rewind time. We have use the old version of the applications during the data creation phase, training the machine learning model using these data, as well as giving practical tests of the many found threats. The following year was recorded in the CVE database, which gave us great results in creating a pre-patch for a threat, in particular, predictable machine learning models. before the threat found only a few years later, of course, this work is in the research stage and we can only handle it. it works on a few applications, but it has the potential to become a 'game changer', especially in the context of the current situation of cybersecurity being complicated, helping Security experts take the initiative and can even go ahead of the attackers'.

IBM developed a new technology to patch security holes Picture 4

1. The Internet is experiencing a huge problem with C / C ++, causing developers to "sweat"

In assessments conducted by various researchers, Fady Copty's model and colleagues successfully discovered LibXML2 and LibTIFF vulnerabilities before they could cause problems, with turn-based accuracy. are 91.3% and 93.7%. To improve the results of the project, the Copty team expanded its model by adding a path that included basic feature extraction, based on knowledge extracted automatically during the test phase and then is CNN.

In short, in the future, this new technology can completely help developers patch software vulnerabilities faster and more efficiently, before they are actually discovered and exploited by new hackers. In addition, Fady Copty and colleagues also plan to further promote the scale of the method, as well as explore the effectiveness of this method in patching a larger range of holes.

"Thanks to the help of Reda Igbaria, we have now expanded this study to more applications and have recently demonstrated the effectiveness of virtual patches against the threat of HeartBleed vulnerabilities. will continue to target more applications and enhance data creation techniques as well as its DNN structure, and the ability to automatically search for the best DNN structure is also one of the primary care". Mr. Fady Copty shared.