An Intelligent Software Threat Monitoring Platform for Continuous Vulnerability and Malware Detection

Abstract

Today’s software development is highly dependent on automated CI/CD pipeline solutions that help deliver applications rapidly. Nonetheless, the security mechanisms provided by CI/CD pipelines are far from optimal and fail to provide a holistic approach to security. They are not able to provide any protection from known or unknown vulnerabilities or malware hidden in compiled binaries and software supply chain components. The traditional approaches to security like SAST, SCA and DAST can be deployed separately and aim to detect only known vulnerabilities without any capacity to identify unknown and zero-day attacks at the binary level. The current paper provides a comprehensive literature review and identifies critical issues such as fragmentation of toolchains, lack of interoperability, and absence of AI-powered systems among others. As a solution to these problems, this paper introduces Zentronyx - An Intelligent Software Threat Monitoring Platform for Continuous Vulnerability & Malware Detection ,capable of identifying vulnerabilities and malware continuously throughout the software development process. Zentronyx is built based on SAST, SCA and DAST and is supplemented by a GNN-based malware detector the core innovation provided by this platform. Specifically, this GNN component performs analysis of the compiled binary objects by representing the binary objects in a graph form (including control flow graphs and function call graphs) and applying the structure learning abilities of GNNs to identify novel, zero-day threats, which cannot be detected by signature-based and flat ML techniques. In addition, the platform uses policy-driven decision functionality as well as a centralized visualization dashboard, which provides capabilities for real-time risk assessment, explainability of GNN findings, and automated decisioning to allow or block suspicious binaries. Contributions made by this paper can be highlighted as follows: an identification of limitations in existing frameworks, a creation of a unified continuous monitoring framework, and a combination of GNN analysis capabilities directly within automated CI/CD pipelines.