Identifying vulnerabilities in real-world applications is challenging. Currently, static analysis tools are concerned with false positives; runtime detection tools are free of false positives but inefficient to achieve a full spectrum examination. A generic, scalable and effective vulnerability detection platform, taking advantage of both static and dynamic techniques, is desirable. To further overcome the shortcomings of these techniques, deep learning is more and more involved in static vulnerability localization and improving fuzzing efficiency. This project aims to deliver a smart software vulnerability detection platform boosted with artificial intelligence. Moreover, due to the intrinsic black-box nature of deep learning systems, how to explain their decisions is also worth investigating.
program analysis, fuzzing, software testing, natural language processing