With the increase in the number of devices connected to the internet and the emergence of 'internet of things' along with benefits many security issues have also risen. DARPA it seems have have come upon a solution to the ever increasing security vulnerabilities. Their latest project codenamed DeepCode can automatically find and fix security issues. This is a more proactive approach to counter security issues than the usual 'fix after attack approach' or 'defend when attacked approach'. However, as with all military research you shouldn't expect these technologies to be released to public anytime soon but the distant future appears to be a bit more safe. I have pasted an abstract and a link for the complete article below.
Original Article by Robert Lemos of eweek.com
Researchers involved in a project funded by the U.S. Air Force Research Laboratory and the Defense Advanced Research Projects Agency are describing a machine-learning system as a fundamentally new approach to cybersecurity. DeepCode is designed to analyze terabytes of software code to find security flaws and fix them. Draper Laboratory, formerly part of the Massachusetts Institute of Technology, and a group from Stanford University led by machine-learning pioneer Andrew Ng, are behind the project. The researchers are using machine-learning and pattern-analysis techniques to teach the system what good code and bad code look like. Once DeepCode is trained to recognize vulnerabilities, it will be able to identify flawed code and recommend repairs. The team already has used the system to detect vulnerabilities such as the Heartbleed bug in OpenSSL, and is now working to increase the magnitude of data for making decisions by a factor of 1,000. "The system collects and ingests massive amounts of software, makes this software searchable, indexes the known bugs and security vulnerabilities, and identifies--in new or existing code--matches to any previously identified flaws," says Draper Lab's Brad Gaynor.
For the complete article please click on the following link: DeepCode
No comments:
Post a Comment