By Eric Brown, Vice President, Innovation & Capabilities Organization, and
Bob Fleck, Cyber Engineering Fellow
For all the hype around AI replacing humans, those in the know understand the true end result of introducing AI – making humans super human. ManTech is succeeding in this amazing endeavor in an area vital to national security: deep understanding of systems vulnerability to attacks. We call our approach Hyperdrive, and the timing could not be more critical.
Public awareness of cyberattacks continues to increase, driven by news reports of the cyber dimensions of current wars and the rampant ransomware attacks on fuel pipelines, hospitals, governments, and many other sectors. A common thread tying all these problems together are the mountains of common coding errors, design flaws, shortcuts and ignored problems that leave computer systems vulnerable in the first place.
ManTech’s work with Hyperdrive is helping find and fix these problems to give our nation a considerable edge on opponents via deep research into systems vulnerabilities. We do it by empowering national security teams to tame and reduce the one factor that all sides face day in and day out. Time.
How Hyperdrive Works
Combing the vast amounts of data inherent to systems, architectures and devices consumes untold hours. Hyperdrive applies Artificial Intelligence (AI) to automate the process of identifying vulnerability patterns so that experts can more quickly review the data and accelerate the discovery process.
Hyperdrive was sponsored by ManTech’s Innovation & Capabilities Organization (ICO) and built by our experienced vulnerability researchers. One of our main goals was to pull together the best commercial, open source and internal tools into easily composable workflows. Hyperdrive integrates well-known static reverse engineering tools such as Binary Ninja, GHIDRA and IDA Pro into a unified workflow with dynamic stress tests like fuzzing, and machine learning, for the express purpose of discovering previously unknown software vulnerabilities.
Hyperdrive provides expert support to the process of exploration, assisting human intuitive capabilities by doing what machines do best – cutting the workload. In operation, Hyperdrive analyzes applications as a code property graph, a data structure that describes the flows of execution and data through the program and annotates those flows with information about the properties of each executable low-level instruction. Queries can be run looking for patterns and relationships in those flows and properties.
Researchers can look at past vulnerabilities to build the right queries and rapidly apply them across multiple large applications, a task that, when performed manually, is extremely time consuming to do comprehensively.
Another major plus of Hyperdrive: It does this important work for government cost-effectively, in contrast to competing offers available only via high-cost licenses.
An Assist from Machine Learning
Hyperdrive gets an important boost from yet another ManTech capability that does truly remarkable things. Called CASE – for Cross-Architectural Semantic Embedding – this exciting new approach performs vulnerability searches without needing expert-written queries, using graph machine learning to find similarities to known vulnerabilities and in the code property graphs of unexplored programs.
CASE uses self-supervised training to learn how to represent each instruction in the application as a context-aware embedding, a list of numbers capturing semantic meaning, that can be used directly for code similarity measurements, fast searching across multiple binaries, or as the bedrock for high-quality training of supervised machine learning models that detect specific types of bugs.
Benefitting from the Large Language Model Explosion
The most recent addition to the Hyperdrive toolbox is an agent-driven debugger that uses Generative Pretrained Transformer (GPT) large language models (LLM). Fuzzing efforts during vulnerability research generate mutated inputs to a program that cause it to crash or malfunction. To speed up the initial triage of theses crashes, we’ve created a GPT-driven autonomous agent that directly controls a debugger, issues debugger commands to explore the state of the crashed program, observes and drills into the resulting data, then uses the LLM to generate human and machine-readable summaries of the likely root cause and vulnerability types.
The output of this tool has demonstrated the value of combining LLMs and existing tools using agents in Hyperdrive. As the reasoning power of these language models increases, we plan to add even more workflow accelerator tools like this.
Even in the early stages, Hyperdrive is showing good results as an active area of pursuit driving very strong interest from customers who see it making them more effective via automation of time-consuming processes.
When it comes to supporting the mission of national security in the cyber arena, Hyperdrive accelerates research work critical to mission readiness – and strengthens U.S. systems with smarter defenses to repel attacks.
For more information please go to https://www.mantech.com/ai