Treffer: On the Resilience of Traditional AI Algorithms Toward Poisoning Attacks for Vulnerability Detection.

The complexity of implementations and the interconnection of assorted systems and devices facilitate the emergence of vulnerabilities. Detection systems are developed to fight against this security issue, being the use of artificial intelligence (AI) a common practice. However, the use of AI is not without its problems, especially those affecting the training phase. This article tackles this issue by characterizing the resilience against poisoning attacks using a benchmark for vulnerability detection, extracting simple code features while applying traditional AI algorithms. These choices are beneficial for the fast processing of vulnerabilities required in a triage process. The study is carried out in C#, C/C++, and PHP. Results show that the vulnerability detection process is specially affected beyond 20% of false data. Remarkably, detecting some of the most frequent common weakness enumeration (CWE) is altered even with lower poison rates. Overall, K‐nearest‐neighbor (KNN) and support vector machine (SVM) are the most resilient in C# and C/C++, while multilayer perceptron (MLP) in PHP. Indeed, vulnerability detection in PHP is less affected by attacks, while C# and C/C++ present comparable results. [ABSTRACT FROM AUTHOR]

Copyright of IET Information Security (Wiley-Blackwell) is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)