AMBS has been awarded funding for a major project which will aim to improve the security of computer source code and thereby help reduce cyber security threats.
Over the last 20 years more than 2.8 trillion lines of code have been written but there are major challenges in the sector around security, quality, and plagiarism. It is estimated that small UK businesses are targeted by 65,000 cyber attacks daily, costing the average small business thousands of pounds, while studies have shown that the average computer developer spends almost half their time dealing with maintenance issues and debugging bad or poor-quality code.
No standardised approach
Currently there is no standardised approach to assessing and preventing vulnerabilities within source code management, and it requires a significant investment in time, money, and support from experienced personnel to review the code manually for defects.
The year-long project, funded by the UK Research and Innovation Impact Acceleration Account and the EPSRC (Engineering and Physical Sciences Research Council), will aim to help improve the productivity of professional developers. With the help of Artificial Intelligence (AI) and Machine Learning (ML) methods, it will look at how to check and remediate source code defects before exploitation, increasing the overall security of software products used by organisations.
Proof of concept
The team of researchers at AMBS, working with the Computer Science department at The University of Manchester and also with software escrow and cyber security specialist SES Secure, will develop and deliver a proof of concept that allows an AI programme to evaluate source code and discover weaknesses that could lead to security vulnerabilities.
The team will also investigate ML models that can automatically determine the most suitable algorithm and its parameters for SES’s new source code vulnerability detection platform, and for different programmes to increase detection accuracy and verification speed.
Cyber security agenda
The project aligns well with The University of Manchester’s wider cyber security agenda driven by the Centre for Digital Trust and Society. For instance, AMBS is currently part way through a major research project, working with leading e-commerce business THG, to help prevent cyber attacks.
That project, entitled Soteria, is being funded by Innovate UK’s Digital Security by Design initiative which aims to prevent hackers from remotely taking control of digital systems such as autonomous cars, personal computers or smart home security systems.
Richard Allmendinger, Professor of Applied Artificial Intelligence at AMBS, said "This latest project is a fantastic opportunity to work, as part of an interdisciplinary team, towards using AI and ML to establish code that is trustworthy and safe to use by the public. The work also aligns very well with the many cyber security-related initiatives and projects that AMBS and The University of Manchester have ongoing, such as the Soteria project and Centre for Digital Trust and Society.”
Tom Sweet, Head of Technology at SES Secure, added: “The current state of software development and cyber security lends itself heavily to novel technologies such as artificial intelligence and machine learning, which can be used to identify and remediate weakness within source code even before they reach a production system.
“Our aim is to prove that this type of solution is not only viable, but an essential step towards safer software development and fewer breaches due to known and potentially unknown weaknesses. We also want to bring this technology to the wider industry and ensure SMEs have equitable access to the same cutting-edge solutions that are typically out of reach.”