Generalized model of software code`s static analysis based on machine learning for vulnerabilitys search

Abstract

Over the past years, the use of unsafe software, the search for vulnerabilities in which relies on static and dynamic analysis, continues to be the main threat to the infosphere. The manual form of conducting static analysis is extremely time-consuming and requires the involvement of highly qualified, and therefore deficient specialists. An alternative is the automation of the process based on artificial intelligence. This work is aimed at finding solutions for the use of machine learning methods at all stages of the static analysis of program code, for which the formal needs of the stages and the possibilities of the methods are studied and correlated. The main result of the study is a generalized domain model, and private — 14 solutions to the “key” problems of static analysis of program code using machine learning methods.