Gustavo Grieco

Phd. student from CIFASIS (AR)

Gustavo is a Phd. student working in computer security. Specifically, his topic is vulnerability discovery using Machine Learning. In the past, he participated in some security related internships in France (Grenoble, INRIA), Spain (Madrid, IMDEA Software) and the U.S. (Pittsburgh, Carnegie Mellon University, CyLab). Grieco also worked for a small startup in San Francisco researching and developing a Machine Learning technique to detect website selling counterfeit stuff.

Gihub accounts:

  • Personal: https://github.com/neuromancer/
  • Academic: https://github.com/gaa-cifasis/

Gustavo also work developing some security related software:

  • VDiscover
  • Symbolic Exploit Assistant (abandoned)
  • BARF (some small contributions)

Getting started with vulnerability discovery using Machine Learning

With sustained growth of software complexity, finding security vulnerabilities in operating systems has become an important necessity. Very well known vulnerability detection techniques like static analysis, symbolic execution or fuzzing can be very costly to be used in a large amount of test cases.

In this workshop, we present an approach that uses Machine Learning to train and predict if a test case shows patterns associated with a vulnerable behavior. It only requires a lightweight analysis to extract data, is fully automatic and adaptive to be trained using different vulnerability detection techniques. Additionally, it works directly on test cases without source code.

In this presentation, we will explain our predictive approach to vulnerability discovery and we will show how our open-source tool, VDiscover performs such analysis on a large amount of test cases.

Presentation @DefCamp 2015