November 18, 2022

About the speaker

Ms. Orune Aminul completed her primary education in Bangladesh, an underrepresented country where female higher education is often ignored. She graduated with a Bachelor's degree in Electrical and Electronics Engineering in the year 2019. At present, she is pursuing her master's degree at the University of Texas Rio Grande Valley by receiving the Presidential Research Fellowship award from the university. Her current research focus includes building machine learning algorithms that contribute to critical decision making applications. With applications in healthcare, business, cybersecurity, and optimization, the main goal of her current study is to create Bayesian deep learning networks for sequential datasets. Typically, her duties involve developing deep neural network models and training them on diverse datasets. Using a dataset with more than a million functions written in C/C++ source code, she has constructed a software vulnerability detection network. The Bayesian recurrent neural network is implemented using the Tensorflow package in Python and is quite similar to natural language processing. In the beginning, she ran the simulations on a local Lambda workstation equipped with NVIDIA RTX A6000 GPUs. But recently she is mostly depending on The Texas Advanced Computing Center (TACC) HPC cluster for running the experiments.

Robust And Uncertainty-Aware Software Vulnerability Detection Using Bayesian Sequence Models

The frequency and severity of cyberattacks targeting critical infrastructures have increased in recent years. Software systems are prone to code defects or vulnerabilities, resulting in several problems such as deadlock, hacking, information leakage, and system failure. There are some code elements that can be responsible for such security threats which we can think of as weakness of the system. So, it is crucial for any software to spot the security holes to identify the vulnerable software components from the source codes written in c/c++ or JavaScript. Deep neural networks (DNNs) are used as anomaly detection methods and learn features directly from source code to detect a variety of vulnerabilities and deal with cyber threats. However, DNNs are unreliable and lack uncertainty quantification, which is essential in high-stake applications, such as healthcare, economy, and cyberinfrastructures. This research aims to build a Bayesian recurrent neural network that detects source code vulnerability and estimates uncertainty in the output. We propose a reliable and robust vulnerability detection framework using Bayesian sequential models. At the output we have the mean and covariance matrix of the predictive distribution, where the mean detects the vulnerability, and the covariance reflects the uncertainty in the predicted vulnerability. The model behavior was evaluated on a dataset containing over a million source code examples that are classified into five different types of common vulnerabilities found in source code. A comparative analysis was then made between the proposed model and the state-of-the-art models to see the performance under different noise conditions. We confirmed that the proposed model accuracy not only outperforms other baseline models, it also remains immune to increasing noise levels proving its robustness against noisy environment. Moreover, with increasing noise level, the model becomes more uncertain about the predicted output. That is, it can monitor its own performance and alert the user about its performance degradation. Such behavior can be used by the model to assess its own performance and alert the user about performance degradation linked to noise or adversarial attacks in high-stake applications.