The Coming Era of AlphaHacking? A Survey of Automatic Software Vulnerability Detection, Exploitation and Patching Techniques

TL;DR

This survey reviews the advancements in autonomous cyber reasoning systems, focusing on vulnerability detection, exploitation, patching, and the integration of machine learning to enhance future capabilities.

Contribution

It provides a comprehensive overview of existing techniques and highlights the potential of machine learning in advancing autonomous cybersecurity solutions.

Findings

Automated systems offer scalable and cost-effective vulnerability management.

Machine learning is increasingly integral to future CRS development.

The survey identifies key challenges and future directions in autonomous cybersecurity.

Abstract

With the success of the Cyber Grand Challenge (CGC) sponsored by DARPA, the topic of Autonomous Cyber Reasoning System (CRS) has recently attracted extensive attention from both industry and academia. Utilizing automated system to detect, exploit and patch software vulnerabilities seems so attractive because of its scalability and cost-efficiency compared with the human expert based solution. In this paper, we give an extensive survey of former representative works related to the underlying technologies of a CRS, including vulnerability detection, exploitation and patching. As an important supplement, we then review several pioneer studies that explore the potential of machine learning technologies in this field, and point out that the future development of Autonomous CRS is inseparable from machine learning.