IRIS

Writing exploits for security assessment is a challenging task. The writer needs to master programming and obfuscation techniques to develop a successful exploit. To make the task easier, we propose an approach (EVIL) to automatically generate exploits in assembly/Python language from descriptions in natural language. The approach leverages Neural Machine Translation (NMT) techniques and a dataset that we developed for this work. We present an extensive experimental study to evaluate the feasibility of EVIL, using both automatic and manual analysis, and both at generating individual statements and entire exploits. The generated code achieved high accuracy in terms of syntactic and semantic correctness.

EVIL: Exploiting Software via Natural Language / Liguori, P.; Al-Hossami, E.; Orbinato, V.; Natella, R.; Shaikh, S.; Cotroneo, D.; Cukic, B.. - (2021), pp. 321-332. (Intervento presentato al convegno 32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021 nel 2021) [10.1109/ISSRE52982.2021.00042].

EVIL: Exploiting Software via Natural Language

Liguori P.
Primo
;Orbinato V.;Natella R.;Cotroneo D.;
2021

Abstract

Writing exploits for security assessment is a challenging task. The writer needs to master programming and obfuscation techniques to develop a successful exploit. To make the task easier, we propose an approach (EVIL) to automatically generate exploits in assembly/Python language from descriptions in natural language. The approach leverages Neural Machine Translation (NMT) techniques and a dataset that we developed for this work. We present an extensive experimental study to evaluate the feasibility of EVIL, using both automatic and manual analysis, and both at generating individual statements and entire exploits. The generated code achieved high accuracy in terms of syntactic and semantic correctness.
2021
978-1-6654-2587-2
EVIL: Exploiting Software via Natural Language / Liguori, P.; Al-Hossami, E.; Orbinato, V.; Natella, R.; Shaikh, S.; Cotroneo, D.; Cukic, B.. - (2021), pp. 321-332. (Intervento presentato al convegno 32nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2021 nel 2021) [10.1109/ISSRE52982.2021.00042].
4.1 Articoli in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
EVIL_Exploiting_Software_via_Natural_Language.pdf

accesso aperto

Licenza: Copyright dell'editore
Dimensione 645.03 kB
Formato Adobe PDF
Visualizza/Apri
645.03 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/890803
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 7
social impact