Spotlight on Lablet Research #36 - Coordinated Machine Learning-Based Vulnerability and Security Patching for Resilient Virtual Computing Infrastructure

Spotlight on Lablet Research #36 -

Coordinated Machine Learning-Based Vulnerability and Security Patching for Resilient Virtual Computing Infrastructure

Lablet: North Carolina State University

This research aims to assist administrators of virtualized computing infrastructures in making services more resilient to security attacks. This is done by applying Machine Learning (ML) to reduce both security and functionality risks in software patching by continually monitoring patched and unpatched software to discover vulnerabilities and triggering proper security updates.

The existing approach to making services more resilient to security attacks is static security analysis and scheduled patching. North Carolina State University (NCSU) researchers, led by Principal Investigator (PI) Xiaohui (Helen) Gu, determined in their experiments that this approach fails to detect 90% of vulnerabilities, displays high false alarms, and shows memory inflation caused by unnecessary security patching. This research project focuses on runtime vulnerability detection using online ML methods and just-in-time security patching. Just-in-time security patching includes applying patches intentionally after attacks are detected, enforcing update validation, making intelligent decisions on update vice rebuild, and adhering to system operational constraints.

The research team continued to study a hybrid learning framework that combines their previous Classified Distributed Learning (CDL) solution with a supervised learning model to further improve attack detection accuracy. The team further studied how to identify vulnerable code patterns automatically by analyzing code control flows to extract call paths that can reach vulnerable Java library functions or infinite loops.

Researchers developed a Hybrid Machine Learning (HML) approach to detecting security attacks in containerized applications and performed a comprehensive study on real-world security vulnerability code patterns. They later completed a study on the self-supervised hybrid learning framework, including newly discovered log4j vulnerability results and started the initial design and implementation of an automatic software vulnerability detector. Their work on both the self-supervised HML work and software security vulnerability work has been accepted for conference publication.

The research team continued to refine their security bug detection work using new static program analysis and pattern extraction techniques. Initial results show that they can detect the culprit code block with sufficiently low false positives. They have recently been focusing on developing security bug detection work using integrated dataflow and control flow analysis to automatically identify root cause functions for different security vulnerabilities.