Fri, Apr 28, 2017 | updated 10:03 AM IST

Adding bugs to build better computer bug-finder

Updated: Jul 10, 2016 12:12 IST      
Adding bugs to build better computer bug-finder

Washington D.C, Jul 10 (ANI): A team of researchers has come up with a new strategy that can help train bug-finding tools to catch more vulnerabilities.

Researchers at the New York University Tandon School of Engineering, in collaboration with the MIT Lincoln Laboratory and Northeastern University, are taking an unorthodox approach: Instead of finding and remediating bugs, they're adding them by the hundreds of thousands.

Brendan Dolan-Gavitt is a co-creator of LAVA, or Large-Scale Automated Vulnerability Addition, a technique of intentionally adding vulnerabilities to a program's source code to test the limits of bug-finding tools and ultimately help developers improve them. In experiments using LAVA, they showed that many popular bug finders detect merely 2 percent of vulnerabilities.

Dolan-Gavitt explained that the efficacy of bug-finding programs is based on two metrics: the false positive rate and the false negative rate, both of which are notoriously difficult to calculate. It is not unusual for a program to detect a bug that later proves not to be there - a false positive, and to miss vulnerabilities that are actually present - a false negative. Without knowing the total number of real bugs, there is no way to gauge how well these tools perform.

"The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA," said Dolan-Gavitt. The automated system inserts known quantities of novel vulnerabilities that are synthetic yet possess many of the same attributes as computer bugs in the wild.

Dolan-Gavitt and his colleagues dodged the typical five-figure price tag for manual, custom-designed vulnerabilities and instead created an automated system that makes judicious edits in real programs' source code.

The result: hundreds of thousands of unstudied, highly realistic vulnerabilities that are inexpensive, span the execution lifetime of a program, are embedded in normal control and data flow, and manifest only for a small fraction of inputs lest they shut the entire program down. The researchers had to create novel bugs, and in significant numbers, in order to have a large enough body to study the strengths and shortcomings of bug-finding software. Previously identified vulnerabilities would easily trip current bug finders, skewing the results.

The team tested existing bug-finding software and found that just 2 percent of bugs created by LAVA were detected. Dolan-Gavitt explained that automated bug identification is an extremely complex task that developers are constantly improving. The researchers will share their results to assist these efforts.

The research was presented at the IEEE Symposium on Security and Privacy and was published in the conference proceedings. (ANI)

Now, engage well through Facebook Live!

Updated: Apr 28, 2017 02:49 IST     

New Delhi [India], April 28 (ANI): Ever since we realized, human tendency is inclined towards finding the easy way out, we knew that majority of all future innovations would have these three as their major pillars of thought- comfort, technology and time conservation.

Full Story >>

New Delhi [India], Apr 27 (ANI): Kaspersky Lab has published the results of its investigation into the activity of Hajime - a mysterious evolving Internet of Things (IoT) malware that builds a huge peer-to-peer botnet.

Full Story >>

MuveAcoustics rolls out wireless Bluetooth headphone 'Evoke'

Updated: Apr 27, 2017 18:04 IST     

New Delhi [India], Apr 27 (ANI): Gear yourself up for an overhaul of your musical experience as MuveAcoustics one of India's leading lifestyle audio solutions provider has launched its premium over-ear wireless Bluetooth headphone series - 'Evoke'.

Full Story >>

New Delhi [India], Apr 27 (ANI): Chinese technology company Vivo on Thursday took its initiative of the selfie revolution a notch higher by launching Vivo V5s in matte black and crown gold colors at Rs. Rs.18,990.

Full Story >>

Facebook hosts interactive session for users in Delhi

Updated: Apr 27, 2017 14:48 IST     

New Delhi [India], Apr 27 (ANI): Social media giant Facebook on Wednesday hosted an interactive product showcase, 'Facebook: A place to connect' for the Facebook community to experience in Delhi on April 26.

Full Story >>

Pinwi upgrades its parenting app, introduces Pinwi 2.0

Updated: Apr 27, 2017 10:53 IST     

New Delhi [India], Apr 27 (ANI): The data-driven app for child development and parenting, Pinwi (Play-Interest-Wise) on Thursday introduced a new version 2.0 for both on iOS and Android platforms.

Full Story >>

New Delhi [India], Apr 27 (ANI): IT services provider Infosys Ltd. on Thursday announced the launch of Infosys Nia, the next-generation Artificial Intelligence (AI) platform building on the success of the Company's first-generation AI platform, Infosys Mana, and its Robotic Process Automation (RPA) solution, AssistEdge.

Full Story >>

New Delhi [India], Apr 27 (ANI): Aiming to deliver more long-term and impactful changes to Search, Google on Wednesday announced key updates to its algorithms and introduced additional features to address the challenges with locating relevant from the most reliable sources available.

Full Story >>

New Delhi [India], Apr 26 (ANI): Tata Motors have announced readiness of SCR (Selective Catalytic Reduction) and EGR (Exhaust Gas Recirculation) technologies for BSIV compliant engines, powering its range of commercial vehicles.

Full Story >>

HCL Infosystems becomes Oracle platinum level partner

Updated: Apr 26, 2017 15:35 IST     

New Delhi [India], Apr 26 (ANI): HCL Infosystems Ltd. on Wednesday announced that it has achieved the Oracle Platinum Partner status in Oracle Partner Network (OPN).

Full Story >>

Ericsson, MTS evaluates radio network features

Updated: Apr 26, 2017 15:04 IST     

New Delhi [India], Apr 26 (ANI): Ericsson and MTS, the largest mobile operator in Russia on Wednesday built a prototype 5G network and completed a successful test of new radio network features.

Full Story >>

New Delhi [India], Apr 26 (ANI): UCWeb has outlined detailed guidelines for writers and content creators to join the 'Super 1000' Program launched in March 2017.

Full Story >>

New Delhi [India], Apr 25 (ANI): SaaS cloud platform to manage hotels sales, revenue, operations and online reputation DJUBO on Tuesday announced a rapid adoption among hoteliers with a four-fold increase in its revenues, doubling occupancy, boosting ARRs by over 50 percent, and more.

Full Story >>

New Delhi [India], Apr 25 (ANI): Mobile application that allows users to personalize conversation in real-time on any platform Bobble Keyboard on Tuesday announced that it has partnered with Zen Mobile.

Full Story >>

Google's new features empower Indian language consumer base

Updated: Apr 25, 2017 14:13 IST     

New Delhi [India], Apr 25 (ANI): Aiming to cater to the needs of one and all, Google on Tuesday announced the launch of a range of new features to empower Indian language users to adapt to latest technology within the comfort zone provided by the language of their choice.

Full Story >>

New Delhi [India], Apr 24 (ANI): Accenture on Monday announced the launch of its new platform for automated, analytics-driven software testing, after successfully completing pilots with 10 clients around the world.

Full Story >>

HTC announces VIVE product launch in India

Updated: Apr 22, 2017 12:23 IST     

New Delhi [India], Apr 22 (ANI-NewsVoir): Pioneer in innovative, smart mobile and virtual reality technologies HTC Corporation has announced the launch of their virtual reality system, HTC VIVE™ making it the first complete VR system available to customers in the India market. VIVE will be available exclusively on Amazon.in via pre-order from April 22nd, 2017.

Full Story >>

Google marks Earth Day with its Doodle

Updated: Apr 22, 2017 08:59 IST     

New Delhi [India], Apr. 22 (ANI): The Earth is more than 4.543 billion years old, home to more than 8.7 million species, and still the only known planet in the universe known to harbour life, reads Google's blog today.

Full Story >>

Softbank to deploy Ericsson Radio Dot System across Japan

Updated: Apr 22, 2017 02:09 IST     

New Delhi [India], Apr 22 (ANI): Following more than two years of verification and testing, SoftBank Corp., a subsidiary of SoftBank Group Corp. on Friday announced its decision to deploy the Ericsson Radio Dot System across Japan to deliver premium indoor connectivity to its subscribers.

Full Story >>

New Delhi [India], Apr 21 (ANI): The mobile division of Magicon Impex Jivi Mobiles on Friday announced its portfolio expansion of feature phones as it launched 'Sumo T3000' at Rs. 1490 in India.

Full Story >>