Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system compromise, information leaks, or denial of service. We leveraged the wealth of C and C++ open-source code available to develop a large-scale function-level vulnerability detection system using machine learning. To supplement existing labeled vulnerability datasets, we compiled a vast dataset of millions of open-source functions and labeled it with carefully-selected findings from three different static analyzers that indicate potential exploits. The labeled dataset is available at: this https URL. Using these datasets, we developed a fast and scalable vulnerability detection tool based on deep feature representation learning that directly interprets lexed source code. We evaluated our tool on code from both real software packages and the NIST SATE IV benchmark dataset. Our results demonstrate that deep feature representation learning on source code is a promising approach for automated software vulnerability detection.

Automated Vulnerability Detection in Source Code Using Deep Representation Learning

Natural hazards have the potential to cause catastrophic damage and significant socioeconomic loss. The actual damage and loss observed in the recent decades has shown an increasing trend. As a result, disaster managers need to take a growing responsibility to proactively protect their communities by developing efficient management strategies. A number of research studies apply artificial intelligence (AI) techniques to process disaster-related data for supporting informed disaster management. This study provides an overview of current applications of AI in disaster management during its four phases: mitigation, preparedness, response, and recovery. It presents example applications of different AI techniques and their benefits for supporting disaster management at different phases, as well as some practical AI-based decision support tools. We find that the majority of AI applications focus on the disaster response phase. This study also identifies challenges to inspire the professional community to advance AI techniques for addressing them in future research.

Applications of artificial intelligence for disaster management

The article is devoted to cybersecurity risk assessment of the dynamic device-to-device networks of a smart city. Analysis of the modern security threats at the IoT/IIoT, VANET, and WSN inter-device infrastructures demonstrates that the main concern is a set of network security threats targeted at the functional sustainability of smart urban infrastructure, the most common use case of smart networks. As a result of our study, systematization of the existing cybersecurity risk assessment methods has been provided. Expert-based risk assessment and active human participation cannot be provided for the huge, complex, and permanently changing digital environment of the smart city. The methods of scenario analysis and functional analysis are specific to industrial risk management and are hardly adaptable to solving cybersecurity tasks. The statistical risk evaluation methods force us to collect statistical data for the calculation of the security indicators for the self-organizing networks, and the accuracy of this method depends on the number of calculating iterations. In our work, we have proposed a new approach for cybersecurity risk management based on object typing, data mining, and quantitative risk assessment for the smart city infrastructure. The experimental study has shown us that the artificial neural network allows us to automatically, unambiguously, and reasonably assess the cyber risk for various object types in the dynamic digital infrastructures of the smart city.

Cybersecurity Risk Assessment in Smart City Infrastructures

In recent years, with the breakthrough of big data and deep learning technology in various fields, many scholars have begun to study the stock market time series by using deep learning technology. In the process of model training, the selection of training samples, model structure and optimization methods are often subjective. Therefore, studying these influencing factors is beneficial to provide scientific suggestions for the training of recurrent neural networks and is beneficial to improve the prediction accuracy of the model. In this paper, the LSTM deep neural network is used to model and predict the financial transaction data of Shanghai, and the three types of factors affecting the prediction accuracy of the model are systematically studied. Finally, a high-precision short-term prediction model of financial market time series based on LSTM deep neural network is constructed. In addition, this paper compares BP neural network, traditional RNN and RNN improved LSTM deep neural network. It proves that the LSTM deep neural network has higher prediction accuracy and can effectively predict the stock market time series.

Research on financial assets transaction prediction model based on LSTM neural network

The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches

The article discusses the problem of analysis of cybersecurity threats in wireless ad hoc networks—VANET, FANET, MARINET, MANET, WSN. The problem of neural network approximation of the function of cyber threat existence in the system is formulated. The parameters of the neural network model were optimized according to the likelihood maximization criterion on the training data set. A hybrid neural network based on recurrent and graph convolutional neural networks is proposed as a solution architecture.

Threat Analysis of Cyber Security in Wireless Adhoc Networks Using Hybrid Neural Network Model

In this work considered the problem of safety analysis of control mechanisms in modern information systems, including control software systems of cyberphysical and industrial facilities, digital control systems for distributed cyber environments VANET, FANET, MARINET, industrial Internet of things and sensor networks. The representation of security violation as a property of the system described by a complex function is proposed, in which the method of finding violations is described in the form of approximation of that function and the calculation of its values for specific systems. Various approaches to the interpolation of such function are considered in the work, it is shown that the most promising option is the use of deep neural networks.

Application Model of Modern Artificial Neural Network Methods for the Analysis of Information Systems Security

The paper considers a combination of modern artificial neural networks (ANN) that solves the security relative task of intrusion prevention and vulnerabilities detection in cybernetic infrastructure with dynamic network topology. Self-organizing networks, WSN, m2m networks, IIoT, mesh networks are faced with the cyberthreats of specific character: dynamic routing failures, node isolation, DDoS attacks, traffic lack, etc. Most of them are caused by cybersecurity weaknesses: the software vulnerabilities and architectural features of dynamically reconfigured network. The existing methods of binary code analysis and intrusion detection can work with a small number of data sets, are designed for either code inspection or network checking, and are targeted for static networks with regular topology. The proposed neural model demonstrates an universal approach that deals with the cybersecurity weakness as a systems genuine property and attempts to approximate it using a hybrid deep ANN. The new ANN detects both the network security defects and binary code vulnerabilities at once with high accuracy (more than 0.97). It also shows good performance capacity processing big data of the undercontrolled network.

Hybrid Neural Network Model for Protection of Dynamic Cyber Infrastructure

This paper 1 addresses a problem of vulnerability detection in software represented as assembly code. An extended approach to the vulnerability detection problem is proposed. This work concentrates on improvement of neural network-based approach described in previous works of authors. The authors propose to include the morphology of instructions in vector representations. The bidirectional recurrent neural network is used with access to the execution traces of the program. This has significantly improved the vulnerability detecting accuracy.

Applying Deep Learning and Vector Representation for Software Vulnerabilities Detection

In this paper1 we propose a new approach to detect integer overflow vulnerabilities in executable x86-architecture code. The approach is based on symbolic execution of the code and the dual representation of memory. We build truncated control flow graph, based on the machine code. Layers in that graph are checked for the feasibility of vulnerability conditions. The proposed methods were implemented and experimentally tested on executable code.

https://dl.acm.org/doi/pdf/10.1145/3136825.3136872

Roman Demidov

Papers

Threat Analysis of Cyber Security in Wireless Adhoc Networks Using Hybrid Neural Network Model

Application Model of Modern Artificial Neural Network Methods for the Analysis of Information Systems Security

Hybrid Neural Network Model for Protection of Dynamic Cyber Infrastructure

Applying Deep Learning and Vector Representation for Software Vulnerabilities Detection

Integer overflow vulnerabilities detection in software binary code