English

Toward Automated Security Risk Detection in Large Software Using Call Graph Analysis

Cryptography and Security 2025-10-31 v1 Software Engineering

Abstract

Threat modeling plays a critical role in the identification and mitigation of security risks; however, manual approaches are often labor intensive and prone to error. This paper investigates the automation of software threat modeling through the clustering of call graphs using density-based and community detection algorithms, followed by an analysis of the threats associated with the identified clusters. The proposed method was evaluated through a case study of the Splunk Forwarder Operator (SFO), wherein selected clustering metrics were applied to the software's call graph to assess pertinent code-density security weaknesses. The results demonstrate the viability of the approach and underscore its potential to facilitate systematic threat assessment. This work contributes to the advancement of scalable, semi-automated threat modeling frameworks tailored for modern cloud-native environments.

Keywords

Cite

@article{arxiv.2510.26620,
  title  = {Toward Automated Security Risk Detection in Large Software Using Call Graph Analysis},
  author = {Nicholas Pecka and Lotfi Ben Othmane and Renee Bryce},
  journal= {arXiv preprint arXiv:2510.26620},
  year   = {2025}
}
R2 v1 2026-07-01T07:14:04.532Z