Overview
Research conducted by Ying Zhang during her doctoral studies at Virginia Tech focused on developing methodologies for artificial intelligence to identify software vulnerabilities. This approach involves training AI systems to simulate the perspective of an attacker, thereby uncovering weaknesses that might otherwise be missed during conventional software development and testing processes.
Research Context
The core of the research is predicated on the idea that effective software defense necessitates an understanding of offensive techniques. Ying Zhang dedicated several years to understanding how attackers identify and exploit hidden weaknesses within software. This foundational understanding guided the development of AI-driven methods designed to replicate this adversarial thought process. The objective is to leverage AI to proactively find vulnerabilities before malicious actors can exploit them.
The methodology posits that by teaching AI to think like an attacker, it can more effectively probe software for latent vulnerabilities. This includes identifying design flaws, implementation errors, or configuration weaknesses that might be overlooked by developers during the creation and initial security checks of software systems. The work focuses on creating a system capable of identifying these vulnerabilities programmatically, aiming to enhance the robustness of software defenses.