Titulo Estágio
Machine Learning Assisted Vulnerability Scanning
Local do Estágio
Vila Nova de Gaia
Enquadramento
Celfocus has a strong focus in cybersecurity issues and testing /scanning for vulnerabilities for all its solutions. Several tools exist in the market that provide this type of functionality.
This project intends to apply active learning and reinforcement learning techniques normally used in Machine Learning applications so that the scan for specific Security vulnerabilities becomes more efficient and easily triggered in continuous delivery pipelines.
Development teams can this way get quick feedback on security issues while also eliminating false positives.
Objetivo
Obtain a tool that can be used to scan applications for their vulnerabilities integrated in a development pipeline. Th tool should take advantage of ML techniques to become more efficient.
Normally the tools in the market for this type of application use a brute-force approach or simple static rules for vulnerability assessment
It is not common to take advantage of ML techniques for optimization.
Plano de Trabalhos - Semestre 1
Research State of the art
Prepare an MVP (Minimum Viable Product) development plan
Define roadmap for iterative development (backlog)
Define User Scenarios and comparisons to use for final validation of tool effectiveness
Present results of work and retrospective as well as future work plan
Plano de Trabalhos - Semestre 2
Research State of the art
Prepare an MVP (Minimum Viable Product) development plan
Define roadmap for iterative development (backlog)
Define User Scenarios and comparisons to use for final validation of tool effectiveness
Present results of work and retrospective as well as future work plan
Condições
- Laptop to work with us
- Remuneratory internship
After the project, there’s the possibility of the candidate to join the company.
Observações
Reference Articles:
- Maghrebi, Houssem & Portigliatti, Thibault & Prouff, Emmanuel. (2016). Breaking Cryptographic Implementations Using Deep Learning Techniques. 3-26. 10.1007/978-3-319-49445-6_1.
- Nguyen, Khoi & Dinh Thai, Hoang & Niyato, Dusit & Wang, Ping & Nguyen, Diep & Dutkiewicz, Eryk. (2018). Cyberattack detection in mobile cloud computing: A deep learning approach. 1-6. 10.1109/WCNC.2018.8376973.
- Hitaj, Briland & Ateniese, Giuseppe & Perez-Cruz, Fernando. (2017). Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning. 603-618. 10.1145/3133956.3134012.
- Hitaj, Briland & Gasti, Paolo & Ateniese, Giuseppe & Perez-Cruz, Fernando. (2019). PassGAN: A Deep Learning Approach for Password Guessing. 10.1007/978-3-030-21568-2_11.
Orientador
Igor Terroso
igor.terroso@celfocus.com 📩