HACKAR: Helpful Advice for Code Knowledge and Attack Resilience
Abstract
This paper describes a novel combination of Java program analysis and automated learning and planning architecture to the domain of Java vulnerability analysis. The key feature of our “HACKAR: Helpful Advice for Code Knowledge and Attack Resilience” system is its ability to analyze Java programs at development-time, identifying vulnerabilities and ways to avoid them. HACKAR uses an improved version of NASA’s Java PathFinder (JPF) to execute Java programs and identify vulnerabilities. The system features new Hierarchical Task Network (HTN) learning algorithms that (1) advance stateof-theart HTN learners with reasoning about numeric constraints, failures, and more general cases of recursion, and (2) contribute to problem-solving by learning a hierarchical dataflow representation of the program from the inputs of the program. Empirical evaluation demonstrates that HACKAR was able to suggest fixes for all of our test program suites. It also shows that HACKAR can analyze programs with string inputs that original JPF implementation cannot.
Cite
Text
Kuter et al. "HACKAR: Helpful Advice for Code Knowledge and Attack Resilience." AAAI Conference on Artificial Intelligence, 2015. doi:10.1609/AAAI.V29I2.19059Markdown
[Kuter et al. "HACKAR: Helpful Advice for Code Knowledge and Attack Resilience." AAAI Conference on Artificial Intelligence, 2015.](https://mlanthology.org/aaai/2015/kuter2015aaai-hackar/) doi:10.1609/AAAI.V29I2.19059BibTeX
@inproceedings{kuter2015aaai-hackar,
title = {{HACKAR: Helpful Advice for Code Knowledge and Attack Resilience}},
author = {Kuter, Ugur and Burstein, Mark H. and Benton, J. and Bryce, Daniel and Thayer, Jordan Tyler and McCoy, Steve},
booktitle = {AAAI Conference on Artificial Intelligence},
year = {2015},
pages = {3987-3992},
doi = {10.1609/AAAI.V29I2.19059},
url = {https://mlanthology.org/aaai/2015/kuter2015aaai-hackar/}
}