Abstract: A method for detecting security vulnerabilities, comprising: generating a corpus of input samples each labeled to indicate a threat level when executed by an input processing code; training a neural network (NN) using the plurality of input samples to classify inputs according to a plurality of labels of the plurality of input samples; for each input sample: iteratively altering the input sample to correspond to a process of gradient change of the NN, until the NN classifies the altered input sample to a different label than a respective label of the input sample; assigning the different label to the altered input sample; using the plurality of relabeled altered input samples to further train the NN and augment the corpus of input samples.

Abstract: An apparatus, a computer program product and a method for hybrid genetic concolic co-verification of hardware and software. The method comprises repeatedly obtaining a test input for a system comprising a software and a hardware; performing a symbolic co-simulation of the system executing the test input to generate a symbolic co-simulation constraint and utilizing the symbolic co-simulation constraint to generate a new test input. The symbolic co-simulation comprises iteratively performing concolic execution of the software and symbolic simulation of the hardware. The concolic execution is guided using the test input and monitors software symbols.

Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.

Abstract: An apparatus, a computer program product and a method for hybrid genetic concolic co-verification of hardware and software. The method comprises repeatedly obtaining a test input for a system comprising a software and a hardware; performing a symbolic co-simulation of the system executing the test input to generate a symbolic co-simulation constraint and utilizing the symbolic co-simulation constraint to generate a new test input. The symbolic co-simulation comprises iteratively performing concolic execution of the software and symbolic simulation of the hardware. The concolic execution is guided using the test input and monitors software symbols.

Abstract: A method, apparatus and product performing feature vector aggregation for malware detection. Two sets of measurements produced by a two dynamic analyses of an examined program are obtained, wherein the two dynamic analyses are performed with respect to the examined program executing two different execution paths. An aggregated feature vector representing the examined program is generated. The aggregated feature vector comprises a set of aggregated features, wherein a value of each aggregated feature is based on an aggregation of corresponding measurements in the first set of measurements and in the second set of measurements. A predictive model is applied on the aggregated feature vector to classify the examined program as malicious or benign.

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.