中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

2 records (took 0.055 seconds)

    DIRECTED FUZZING FOR VULNERABILITY DETECTION
    1.
    发明公开
    DIRECTED FUZZING FOR VULNERABILITY DETECTION 审中-公开

    公开(公告)号:US20240184892A1

    公开(公告)日:2024-06-06

    申请号:US18079665

    申请日:2022-12-12

    Applicant: SAP SE

    Inventor: Tom Ganz Martin Haerterich Philipp Rall

    IPC: G06F21/57 G06F11/36 G06F21/56

    CPC classification number: G06F21/577 G06F11/3664 G06F21/563 G06F2221/033

    Abstract: Applications may contain vulnerabilities to attack via malicious inputs. Machine-learning models may be trained to detect these vulnerabilities by accepting source code as input and outputting a probability that each of a set of vulnerabilities exists in the source code. Explanation methods may identify one or more locations within the source code that are likely to cause the vulnerability. Directed fuzzing provides a range of inputs to source code. The inputs that cause the source code to fail are detected and the portions of the source code that were vulnerable are identified. The results of the directed fuzzing are used to select between explanations generated by multiple explanation methods, to provide additional training data to a machine-learning model, to provide additional training data to an explanation method, or any suitable combination thereof.

    DIRECTED FUZZING FOR VULNERABILITY DETECTION
    2.
    发明公开
    DIRECTED FUZZING FOR VULNERABILITY DETECTION 审中-公开

    公开(公告)号:US20240184891A1

    公开(公告)日:2024-06-06

    申请号:US18079611

    申请日:2022-12-12

    Applicant: SAP SE

    Inventor: Tom Ganz Martin Haerterich Philipp Rall

    IPC: G06F21/57

    CPC classification number: G06F21/577 G06F2221/033

    Abstract: Applications may contain vulnerabilities to attack via malicious inputs. Machine-learning models may be trained to detect these vulnerabilities by accepting source code as input and outputting a probability that each of a set of vulnerabilities exists in the source code. Explanation methods may identify one or more locations within the source code that are likely to cause the vulnerability. Directed fuzzing provides a range of inputs to source code. The inputs that cause the source code to fail are detected and the portions of the source code that were vulnerable are identified. The results of the directed fuzzing are used to select between explanations generated by multiple explanation methods, to provide additional training data to a machine-learning model, to provide additional training data to an explanation method, or any suitable combination thereof.

Patent Agency Ranking