通信学报 ›› 2018, Vol. 39 ›› Issue (8): 1-17.doi: 10.11959/j.issn.1000-436x.2018137

• 论文Ⅰ:人工智能与网络安全 •    下一篇

人工智能技术在安全漏洞领域的应用

孙鸿宇1,2,何远2,王基策2,董颖2,朱立鹏1,2,王鹤1,2,张玉清1,2   

  1. 1 西安电子科技大学网络与信息安全学院,陕西 西安 710071
    2 中国科学院大学国家计算机网络入侵防范中心,北京 101408
  • 修回日期:2018-07-20 出版日期:2018-08-01 发布日期:2018-09-13
  • 作者简介:孙鸿宇(1993-),男,陕西渭南人,西安电子科技大学博士生,主要研究方向为信息安全与机器学习。|何远(1977-),男,云南大理人,中国科学院大学博士生,主要研究方向为计算机信息安全与漏洞挖掘。|王基策(1992-),男,河南襄城人,中国科学院大学博士生,主要研究方向为移动安全、软件安全等。|董颖(1991-),女,陕西渭南人,中国科学院大学博士生,主要研究方向为网络安全和机器学习。|朱立鹏(1994-),男,河北秦皇岛人,西安电子科技大学硕士生,主要研究方向为物联网安全和漏洞挖掘。|王鹤(1987-),女,河南安阳人,博士,西安电子科技大学讲师,主要研究方向为量子密码协议。|张玉清(1966-),男,陕西宝鸡人,博士,中国科学院大学教授、博士生导师,主要研究方向为网路与信息系统安全。
  • 基金资助:
    国家重点研发计划基金资助项目(2016YFB0800700);国家自然科学基金资助项目(61572460);国家自然科学基金资助项目(61272481);信息安全国家重点实验室开放课题基金资助项目(2017-ZD-0);国家发改委信息安全专项基金资助项目((2012)1424)

Application of artificial intelligence technology in the field of security vulnerability

Hongyu SUN1,2,Yuan HE2,Jice WANG2,Ying DONG2,Lipeng ZHU1,2,He WANG1,2,Yuqing ZHANG1,2   

  1. 1 School of Cyber Engineering,Xidian University,Xi’an 710071,China
    2 National Computer Network Intrusion Protection Center,University of Chinese Academy of Sciences,Beijing 101408,China
  • Revised:2018-07-20 Online:2018-08-01 Published:2018-09-13
  • Supported by:
    The National Key Research and Development Program of China(2016YFB0800700);The National Natural Science Foundation of China(61572460);The National Natural Science Foundation of China(61272481);The Open Project Program of the State Key Laboratory of Information Security(2017-ZD-0);The National Information Security Special Project of National Development and Reform Commission of China((2012)1424)

摘要:

软件数量的大规模增长以及复杂性的增强给软件安全漏洞的研究带来了严峻的挑战,以人工的方式进行安全漏洞研究的效率较低,无法满足网络空间安全的需要。因此,如何将机器学习、自然语言处理等人工智能技术应用于安全漏洞的研究已成为新的热点,人工智能技术能够智能化地处理漏洞信息来辅助安全漏洞研究,同时提高安全漏洞挖掘的效率。首先分析了安全漏洞的自动化挖掘、自动化评估、自动化利用和自动化修补等关键技术,指出安全漏洞挖掘的自动化是人工智能在安全漏洞领域应用的重点,然后分析和归纳了近年来提出的将人工智能技术应用于安全漏洞研究的最新研究成果,指出了应用中的一些问题,给出了相应的解决方案,最后展望了安全漏洞智能研究的发展趋势。

关键词: 漏洞挖掘, 机器学习, 人工智能

Abstract:

The large number of software and the enhancement of complexity have brought severe challenges to the research of software security vulnerabilities.The efficiency of manual research on security vulnerabilities is low and cannot meet the needs of cyberspace security.Therefore,how to apply artificial intelligence techniques such as machine learning and natural language processing to the study of security vulnerabilities has become a new hot spot.Artificial intelligence technology can intelligently process vulnerability information,which can assist in the research of security vulnerabilities and improve the efficiency of research on security vulnerabilities such as vulnerability mining.Firstly,the key technologies of automatic mining,automatic assessment,automatic exploitation and automatic repair of security vulnerabilities were analyzed,which pointed out that the automation of security vulnerability mining was the key of the application of artificial intelligence in the field of security vulnerability.Then,the latest research results of applying artificial intelligence technology to the research on security vulnerabilities was analyzed and summarized in recent years,which pointed out some problems in the application and gave corresponding solutions.Finally,the development trend of intelligent research on security vulnerabilities was prospected.

Key words: vulnerability mining, machine learning, artificial intelligence

中图分类号: 

No Suggested Reading articles found!