English

EVIL: Exploiting Software via Natural Language

Software Engineering 2022-03-09 v1

Abstract

Writing exploits for security assessment is a challenging task. The writer needs to master programming and obfuscation techniques to develop a successful exploit. To make the task easier, we propose an approach (EVIL) to automatically generate exploits in assembly/Python language from descriptions in natural language. The approach leverages Neural Machine Translation (NMT) techniques and a dataset that we developed for this work. We present an extensive experimental study to evaluate the feasibility of EVIL, using both automatic and manual analysis, and both at generating individual statements and entire exploits. The generated code achieved high accuracy in terms of syntactic and semantic correctness.

Keywords

Cite

@article{arxiv.2109.00279,
  title  = {EVIL: Exploiting Software via Natural Language},
  author = {Pietro Liguori and Erfan Al-Hossami and Vittorio Orbinato and Roberto Natella and Samira Shaikh and Domenico Cotroneo and Bojan Cukic},
  journal= {arXiv preprint arXiv:2109.00279},
  year   = {2022}
}

Comments

Paper accepted at the 32nd International Symposium on Software Reliability Engineering (ISSRE 2021)

R2 v1 2026-06-24T05:35:26.017Z