The US military has found a more productive way to detect vulnerabilities
Security researchers of all skill levels are doing better with improved automated analysis that better allocates human resources while searching for vulnerabilities, according to US military researchers from the NSA, Cyber Command, Navy, Air Force and Army.
“There is a cognitive bias in the hacking community to select a piece of software and invest significant human resources in finding vulnerabilities in that software without any preliminary signs of success,” the researchers note.
This approach is called "Depth-first search" (DFS) and, experts say, places a heavy burden on experienced researchers while newbies are lost in the mess.
To test the new automated Breadth-first search (BFS) method, the researchers recruited 12 US Cyber Command volunteers and divided them into two teams of six. One team tested a Breadth First Search method, in which volunteers used a method of automated software testing called fuzzing, and another tested a Breadth First Search method where all groups worked on the same software at the same time.
Researchers found that in the vast majority of cases, automated Breadth First Search allows volunteers to find more vulnerabilities in software than DFS. The wide-ranging approach also helped budding hackers engage in research and improve their skills as teams were able to match levels of knowledge with objectives throughout the vulnerability discovery process.
“The depth-first search method encourages novice hackers to give up when reaching a specific goal is time-consuming. Students write down any pertinent information about the target before moving it to a separate queue. This gives more experienced professionals the opportunity to familiarize themselves with the materials before using their abilities, ”the researchers explained.
The researchers found that not only looking for new bugs, but also an extension-based approach, allowed volunteer hackers to get more satisfaction from their work.
Depth search is one of the graph traversal methods. The depth-first search strategy is to go as deep as possible in the graph, while the breadth-first search results in the shortest path in the unweighted graph, that is, the path containing the fewest edges.