Neural networks are a set of algorithms, modeled loosely after the human brain, that are designed to recognize patterns. They interpret sensory data through a kind of machine perception, labeling or clustering raw input. The patterns they recognize are numerical, contained in vectors, into which all real-world data, be it images, sound, text or time series, must be translated.
deeplearning4j.org… a great resource for concepts, architectures, and tools.
Neural networks (also referred to as deep neural networks or deep learning) are actively researched and deployed for recognizing patterns in several technological use cases. Some examples are Image recognition, speech recognition, recommendation systems (think search or shopping suggestions), machine translation (think Google translate), and mobile advertising.
So we know neural networks understand patterns, but how does that help us build secure software? The answer, or at least one answer, is the use of neural networks to improve Fuzz testing.
Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for software flaws that could allow cyber attackers to exploit the software or its host system.
Researchers at Microsoft have discovered that neural networks can also be used to recognize patterns in the code paths that a software takes when it processes a given input. They made use of what is referred to as a greybox fuzzer; a fuzzer that has no knowledge of the structure of the target program, but make use of a feedback loop to guide their search based on observed behavior from previous executions of the program. Their goal was to see what a machine learning model could learn if we were to insert a deep neural network into the feedback loop of a greybox fuzzer.
The “Neural fuzzer” they came up with was pretty good at detecting and exploring new and unique code paths, leading to an increased discovery of coding flaws as inputs were processed.
Their results were quite impressive, as their fuzzer which was based on a popular greybox fuzzer , AFL, outperformed AFL significantly in almost all tests. The exciting question then becomes… how else can we leverage deep learning for securing software, using approaches related or unrelated to fuzz testing?
Read more about Neural Fuzzing in Microsoft’s article.
If you enjoyed this short post, you can subscribe to receive our weekly newsletter via email.