This is a beginners’ level talk. The audience will be introduced to the machine-learning foundations required for understanding the main message of the talk. Prior knowledge on classification problems and general understanding on taint-style vulnerabilities, such as SQL injection is helpful, but not required.
The audience will become familiar with the state-of-the-art machine-learning approaches used to adapt security tools to developers’ needs. They will learn how classification techniques are used to detect security-relevant APIs in code, which are important for the reduction of false warnings by static analysis tools. Moreover, they will get insights of active learning approach that enabled developers to train their security tools for better reports.
Goran Piskachev is a research associate at Fraunhofer IEM. He completed his master studies at Paderborn University and is currently doing his PhD in the area of Security-Adaptive Static Code Analysis. He focuses on applied research at Fraunhofer IEM. Currently, he leads the SecuCheck project under the Software Campus Program, funded by the German Ministry of Education and Research.