Automated Risk Detection and Mitigation for Real-World Software
Abstract
Real-world software systems are plagued with errors and susceptible to cyber-crimes. Software vulnerabilities and malicious programs have been spreading to all aspects of the society, ranging from people's daily lives, corporate operation to critical infrastructures. As modern software systems grow large, diverse and complex, automated risk detection mechanisms are highly desired to defend against these emerging threats. In this talk, I will present a unique approach that combines program analysis with machine learning and data mining to automatically detect or mitigate security problems in different software domains. To demonstrate this approach, I will introduce two of its applications that aim to address Android malware: 1) automated generation of security-centric app descriptions and 2) semantics-based Android malware classification. In the end of this talk, I will also introduce my recent application of this approach in the new context of Industrial Control Systems, which enables automated safety vetting of programmable logic controller (PLC) code on the factory floor.