Titulo Estágio
Leveraging Long Short-Term Memory (LSTM) Networks for Controlled Vulnerability Injection in Python Scripts
Áreas de especialidade
Engenharia de Software
Engenharia de Software
Local do Estágio
DEI
Enquadramento
The proliferation of software vulnerabilities requires robust testing and validation of security analysis tools. This research project aims to investigate the application of advanced deep learning techniques, specifically Long Short-Term Memory (LSTM) networks, for the automated and controlled injection of common security vulnerabilities (e.g., SQL Injection, Cross-Site Scripting, Command Injection) into benign Python source code. The goal is to generate realistic vulnerable code samples that can be used to benchmark static/dynamic analysis tools, train security professionals, or augment datasets for vulnerability detection models.
Objetivo
Conduct a literature review on vulnerability injection techniques and the use of sequence models (such as LSTMs) in code generation and modification.
Develop and train an LSTM-based model capable of understanding the structure and semantics of Python code. This model will be trained using the VAITP dataset, available at https://netpack.pt/vaitp/dataset/.
Define and implement transformation rules for injecting specific classes of vulnerabilities into Python code segments.
Integrate these transformation rules with the LSTM model to enable controlled and context-aware vulnerability injection.
Evaluate the realism and effectiveness of the generated vulnerable code snippets using a regex-based vulnerability detection tool, which has been implemented based on the known vulnerabilities in the VAITP dataset. Moreover, an exploit for each vulnerability should be implemented to prove the correct injection of the vulnerability.
Document the methodology, implementation details, and experimental results comprehensively.
Plano de Trabalhos - Semestre 1
Conduct a literature review on vulnerability injection techniques and the application of sequence models (like LSTMs) in code generation and modification.
Develop and train an LSTM-based model capable of understanding Python code structure and semantics.
Plano de Trabalhos - Semestre 2
Define and implement transformation rules for injecting specific classes of vulnerabilities into Python code segments.
Integrate these rules with the LSTM model to achieve controlled and context-aware vulnerability injection.
Evaluate the realism and effectiveness of the generated vulnerable code snippets.
Document the methodology, implementation, and experimental results comprehensively.
Condições
The secondary area for this proposal is Intelligent Systems; therefore, the student interested in this proposal will also have a supervisor with expertise in AI.
Candidate Profile:
- Strong background in programming, particularly Python.
- Solid understanding of Machine Learning and Deep Learning concepts; specific experience with LSTMs/RNNs is highly advantageous.
- Demonstrable interest in Cybersecurity and Software Security principles.
- Excellent analytical and problem-solving skills.
- Proficiency in English (reading and writing).
The selected student will be integrated into the Software and Systems Engineering (SSE) group of CISUC, and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - SSE and IS Groups), where a work place and necessary computer resources will be provided.
Observações
Please contact the advisors for any questions or clarification needed.
Orientador
Naghmeh Ivaki
naghmeh@dei.uc.pt 📩