AIBugHunter: A Practical tool for predicting, classifying and repairing software vulnerabilities

Fu, Michael; Tantithamthavorn, Chakkrit; Le, Trung; Kume, Yuki; Nguyen, Van; Phung, Dinh; Grundy, John

doi:10.1007/s10664-023-10346-3

Cited by 9 publications

(7 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach aims to bridge the gap between industry and academia, enhancing the development and effectiveness of Ethical Hacking tools. [56], DFBC [69], ESASCF [73], ESRFuzzer [74], Firmaster [76], IoTFuzzer [83], LTESniffer [88], Lore [87], MaliceScript [92], Owfuzz [108], Pyciuti [118], RT-RCT [124], SVED [133], Scanner++ [125], ShoVAT [128], SuperEye [132], TOR-PEDO [136], UE Security Reloaded [137], Vulcan [142], Vulnsloit [146] Threat Modelling Cairis [60], ESSecA [75], HARMer [81], MAL [91], PenQuest [112], TAMELESS [134] Vulnerability Analysis AIBugHunter [52], ARMONY [53], AVAIN [55], Autosploit [54], Bbuzz [56], Black…”

Section: Discussionmentioning

confidence: 99%

“…AIBugHunter [52], ARMONY [53], AVAIN [55], AVAIN [55], Autosploit [54], Bbuzz [56], Black Ostrich [57], Black Widow [58], Bleem [59], Cairis [60], Censys [61], Chainsaw [62], Chucky [63], Commix [64], CryptoGuard [65], CuPerFuzzer [66], DFBC [69], Deemon [67], Delta [68], Delta [68], Diane [70], EBF [71], ELAID [72], ESASCF [73], ESRFuzzer [74], ESSecA [75], FUGIO [77], FUSE [78], Firmaster [76], Gail-PT [79], Gail-PT [79], HILTI [82], HILTI [82], IoTFuzzer [83], JCOMIX [84], LAID [85], LTESniffer [88], Link [86], Lore [87], Mace [89], MaliceScript [92], MaliceScript [92], Masat [93], Mirage [94], Mirage [94], Mitch [95], MoScan …”

Section: Reconnaissancementioning

confidence: 99%

See 1 more Smart Citation

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Reconnaissancementioning

confidence: 99%

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

“…The purpose of the study was to examine VulRepair and improve the model. We gained a perspective by reviewing AIBughunter at [1], LineVul at [4], and VulRepair at [7]. In the VulRepair project, there are threats to their internal validity.…”

Section: Methodsmentioning

confidence: 99%

“…We specifically examined and reviewed the work of Mike Fu, as referenced earlier [1,4]. To find additional research related to VulRepair, we conducted searches on the Internet and Google Scholar, yielding over 100 articles.…”

Section: Related Workmentioning

confidence: 99%

“…AIBughunter is a tool that scans C / C++ programs, finds code that is vulnerable or susceptible to attack, identifies the CWE (Common Weakness Enumeration) type of vulnerability, estimates the CVSS (Common Vulnerability Scoring System) vulnerable severity score, explains the vulnerability, and suggests the proper repair. It was developed by the ASWM research group as reported by Fu et al, who stated that most vulnerabilities are found in C compared to other programming languages [1]. Although there are many Integrated Development Environments (IDEs), the tool can be found and installed in Visual Studio Code as an extension.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Improving VulRepair’s Perfect Prediction by Leveraging the LION Optimizer

Kishiyama,

Lee,

Yang

2024

Preprint

View full text Add to dashboard Cite

In many of the current software applications, numerous vulnerabilities may be present.1 Attackers attempt to exploit existing vulnerabilities that lead to security breaches, unauthorized entry,2 data theft, or incapacitation of a computer system. Rather than addressing software or hardware3 vulnerabilities at a later stage, it is better to address them immediately. DevSecOps, when utilized4 in application development, tackles these vulnerabilities at an early stage. AIBughunter is a tool5 that addresses this problem in software and was developed by the ASWM research group to predict,6 classify, and repair software vulnerabilities. AIBughunter integrates LineVul to find vulnerable7 code lines and returns information about the type of vulnerability and its severity to developers.8 It also includes a tool, VulRepair, which detects and repairs vulnerabilities. VulRepair currently9 predicts patches for vulnerable functions at 44%. In order to become truly effective, this number 10 needs to be increased. This study examines VulRepair to see whether the 44% Perfect Prediction 11 can be increased. VulRepair is a T5 based model that uses Natural Language and Programming 12 Languages for pre-training along with Byte Pair Encoding. It outperforms other existing models, 13 such as VRepair and CodeBERT. However, the hyperparameters may not be optimized due to the 14 development of new optimizers. We review a Deep Neural Network (DNN) optimizer developed by 15 Google in 2023. This optimizer called Evolved Sign Momentum (LION) is available in PyTorch. We 16 applied this optimizer to VulRepair and tested its influence on hyperparameters. After adjusting the 17 hyperparameters, we obtained a 56% Perfect Prediction, which exceeds the value of the VulRepair 18 report of 44%. This means that VulRepair can repair more vulnerabilities and avoid more attacks. As 19 far as we know, our approach of utilizing an alternative to AdamW, the standard optimizer, has not 20 been previously applied to enhance VulRepair and similar models. 21

show abstract

ChatGPT for Vulnerability Detection, Classification, and Repair: How Far Are We?

Fu,

Tantithamthavorn,

Nguyen

et al. 2023

2023 30th Asia-Pacific Software Engineering Conference (APSEC)

View full text Add to dashboard Cite

AIBugHunter: A Practical tool for predicting, classifying and repairing software vulnerabilities

Cited by 9 publications

References 46 publications

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Improving VulRepair’s Perfect Prediction by Leveraging the LION Optimizer

ChatGPT for Vulnerability Detection, Classification, and Repair: How Far Are We?

Contact Info

Product

Resources

About