Vulnerability and Attack Injection Guided by Artificial Intelligence

Method Purpose Short description of the method's purpose and main benefits

Method description A detailed description of the method

Vulnerability and Attack Injection Guided by Artificial Intelligence, like its base method, consists in injecting realistic vulnerabilities in a component exposed to the Internet and subsequently exploiting such vulnerabilities to launch attacks automatically in order to evaluate existing security mechanisms in the entire system. Vulnerability and Attack Injection Guided by Artificial Intelligence resorts to artificial intelligence to automate the process of defining where to inject vulnerabilities and which attacks to perform as to maximize coverage and reduce execution time when compared to a naïve approach (such as using static code analysis and regex pattern matching). Among the many existing artificial intelligence algorithms, Recurrent Neural Networks (RRNs) and Long Short Term Memory (LSTM) are the most promising techniques for learning the code modifications that are needed to inject a vulnerability (trained using the patches that have been used to fix real-world vulnerabilities) and then to attack these vulnerabilities.

Method Strengths A listof the strengths of the method

Injects realistic vulnerabilities
Attacks the vulnerabilities based on the characteristics of the vulnerabilities, like an attacker would do
Allows testing security mechanisms in place
Allows training security teams
Vulnerabilities and attacks are chosen using artificial intelligence

Method Limitations The limitations of the method

Needs to access the source code of the application or system
Heavily dependent on the programming language of the target application

Method References Bibliography references to papers about the method.

Method Dimensions

Evaluation Environment Type Type of environment where the method is applied. It can be more than one type of environment. (Dimension 1)

Evaluation Type Type of evaluation performed with that method. If a method is hybrid, more than one type can be selected. (Dimension 2)

Type of Component Under Evaluation Type of components that can be evaluated with that method. It can be more than one type. (Dimension 3)

Evaluation Stage The evaluation stage where the method is used. (Dimension 5)

Purpose of the Component Under Evaluation The type of purpose that can be evaluated by a method. It can be more than one type. (Dimension 6)

Type of Requirement Under Evaluation The type of requirements that a method is able to evaluate. It can be more than one type. (Dimension 7)

Evaluation Performance Indicator The type of evaluation criteria or KPI that a method is able to improve. It can be more than one type. (Dimension 8)

Relations

Related Methods A method could be related to other methods.

Tools A method can use zero or more tools.

Part Method A method (when it is a combination: Combination of method artefact that is a specialization of a V&V Method) could be composed of a set of V&V Methods.

Test Case or Verification and Validation activity Test Case or V&V activity performed in a Use Case. We will link to the method to the test cases where the method is used.

Standards A method can be linked with standards.

Context

Workflow

Contents

There are currently no items in this folder.