EVIL: Exploiting Software via Natural Language
This addresses the problem of exploit generation for security professionals, but it is incremental as it builds on existing neural machine translation techniques.
The paper tackled the challenge of writing exploits for security assessment by proposing EVIL, an approach that automatically generates exploits in assembly/Python from natural language descriptions, achieving high accuracy in syntactic and semantic correctness.
Writing exploits for security assessment is a challenging task. The writer needs to master programming and obfuscation techniques to develop a successful exploit. To make the task easier, we propose an approach (EVIL) to automatically generate exploits in assembly/Python language from descriptions in natural language. The approach leverages Neural Machine Translation (NMT) techniques and a dataset that we developed for this work. We present an extensive experimental study to evaluate the feasibility of EVIL, using both automatic and manual analysis, and both at generating individual statements and entire exploits. The generated code achieved high accuracy in terms of syntactic and semantic correctness.