The DL on LLM Code Analysis

Welcome to the New World Order, the Age of Artificial Intelligence, the unavoidable evolution of technology that is here to assimilate human knowledge in its natural language form! You've parleyed with the perceptrons, you've dreamed deeply with dall-e, but how do we harness this emerging capability to perform security analysis tasks such as looking for vulnerabilities and malware in source or binaries? In this hour I will give you the down low download of deep learning applications for code analysis!

Attendees will join me on a tour of deep learning architectures and applied systems for security tasks. We will explore the different applications of large language models that implement the encoder half of the transformer for classification tasks and their generative counterparts such as the familiar GPT and Llama family of models. We will also discuss how to leverage efficient embedding models for semantic search, similarity analysis, and comparative tasks.

We will review successes and failures in recent public experiments and ultimately discuss our current approach to fine tuning a model and architecting a layered system for vulnerability and malware detection. This is experimental work so join us for a sneak peak at the early results of our ongoing research and get inspired to start your own projects applying deep learning to security analysis. 

 

About the Presenter: Richard Johnson

Richard Johnson is a computer security specialist with a focus on fuzzing and software vulnerability analysis. Currently Principal Security Researcher for Eclypsium, a platform security company and owner of FUZZING IO, a research and development company offering professional training and consulting services, Richard offers over 20 years of professional expertise and leadership in the information security industry. Previously Richard was Director of Security Research at Oracle Cloud and Research Lead roles at Trellix, Cisco Talos, and Microsoft. Richard has delivered training and presented annually at premier industry conferences for over 20 years including Black Hat, Defcon, RECON, CanSecWest, and many more.

Previous
Previous

Developing Secure Software in 2024

Next
Next

Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS/iOS