A machine learning framework that detects security vulnerabilities without the computational overhead of conventional models won the best paper award at the 2022 IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, in December.
The paper’s first author, Tanujay Saha, earned his Ph.D. from Princeton ECE last year and co-wrote the paper while he was a graduate student. He was advised by Niraj Jha, a professor of electrical and computer engineering and the paper’s senior author. Saha is now a machine learning engineer at Intel, where he works on developing intelligent systems and integrating them in client applications.
As scientists look for ways to automatically detect security vulnerabilities in software platforms, they have turned to many of the same machine learning tools that proved so successful in other applications. Deep learning models called transformers have revolutionized computer vision and natural language processing. Long short-term memory (LSTM) neural networks have enabled key advances in machine translation and robotics. Those approaches have been common so far in security exploit detection, but they require too much computational overhead for real-time security environments, according to the researchers.
To reduce that overhead, the Princeton-led team developed a new kind of exploit detection framework that draws on public computer security databases and uses a combination of pattern-based techniques to raise an alarm when it detects a security problem. The new model, called ML-FEED, proved to be more than 70 times faster than lightweight LSTMs and more than 75,000 times faster than transformers at the team’s exploit detection tasks. The new framework was also slightly more accurate than either comparative approach.
Additional authors include Tamjid Al Rahat and Yuan Tian, of the University of California-Los Angeles, and Najwa Aaraj of the Technology Innovation Institute, Abu Dhabi. The paper is titled “ML-FEED: Machine Learning Framework for Efficient Exploit Detection.”