English
Related papers

Related papers: Learning to Catch Security Patches

200 papers

Static cache analysis characterizes a program's cache behavior by determining in a sound but approximate manner which memory accesses result in cache hits and which result in cache misses. Such information is valuable in optimizing…

Programming Languages · Computer Science 2021-08-23 Valentin Touzeau , Claire Maïza , David Monniaux , Jan Reineke

We introduce a new challenge to the software development community: 1) leveraging AI to accurately detect and flag up secrets in code and on popular document sharing platforms that frequently used by developers, such as Confluence and 2)…

Software Engineering · Computer Science 2024-01-04 Gregor Kerr , David Algorry , Senad Ibraimoski , Peter Maciver , Sean Moran

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

Zero-day vulnerabilities can be accidentally or maliciously placed in code and can remain in place for years. In this study, we address an aspect of their longevity by considering the likelihood that they will be discovered in the code…

Cryptography and Security · Computer Science 2018-09-03 Andrew J. Lohn

Adversarial patch attacks are among one of the most practical threat models against real-world computer vision systems. This paper studies certified and empirical defenses against patch attacks. We begin with a set of experiments showing…

Cryptography and Security · Computer Science 2020-09-28 Ping-Yeh Chiang , Renkun Ni , Ahmed Abdelkader , Chen Zhu , Christoph Studer , Tom Goldstein

Patch robustness certification is an emerging kind of defense technique against adversarial patch attacks with provable guarantees. There are two research lines: certified recovery and certified detection. They aim to label malicious…

Software Engineering · Computer Science 2024-05-14 Qilin Zhou , Zhengyuan Wei , Haipeng Wang , Bo Jiang , W. K. Chan

Malware evolves rapidly, forcing machine learning (ML)-based detectors to adapt continuously. With antivirus vendors processing hundreds of thousands of new samples daily, datasets can grow to billions of examples, making full retraining…

Software projects are dependent on many third-party libraries, therefore high-risk vulnerabilities can propagate through the dependency chain to downstream projects. Owing to the subjective nature of patch management, software vendors…

Software Engineering · Computer Science 2024-09-16 Mei Han , Lulu Wang , Jianming Chang , Bixin Li , Chunguang Zhang

Binary security has increasingly relied on deep learning to reason about malware behavior and program semantics. However, the performance often degrades as threat landscapes evolve and code representations shift. While continual learning…

Machine Learning · Computer Science 2026-04-24 Yiling He , Junchi Lei , Hongyu She , Shuo Shao , Xinran Zheng , Yiping Liu , Zhan Qin , Lorenzo Cavallaro

A large body of the literature of automated program repair develops approaches where patches are generated to be validated against an oracle (e.g., a test suite). Because such an oracle can be imperfect, the generated patches, although…

Software Engineering · Computer Science 2020-08-10 Haoye Tian , Kui Liu , Abdoul Kader Kaboreé , Anil Koyuncu , Li Li , Jacques Klein , Tegawendé F. Bissyandé

Code clone detection is involved with detecting duplicated fragments of code within a code base. Detecting these clones is useful for maintenance operations which require editing the clones. The tools developed are expected to be robust…

Software Engineering · Computer Science 2016-05-10 Ogechi Onuoha

Identifying which software versions are affected by a vulnerability is critical for patching, risk mitigation. Despite a growing body of tools, their real-world effectiveness remains unclear due to narrow evaluation scopes often limited to…

Software Engineering · Computer Science 2025-09-10 Xingchu Chen , Chengwei Liu , Jialun Cao , Yang Xiao , Xinyue Cai , Yeting Li , Jingyi Shi , Tianqi Sun , Haiming Chen ang Wei Huo

Bug fixing holds significant importance in software development and maintenance. Recent research has made substantial strides in exploring the potential of large language models (LLMs) for automatically resolving software bugs. However, a…

Software Engineering · Computer Science 2025-02-18 Yuwei Zhang , Zhi Jin , Ying Xing , Ge Li , Fang Liu , Jiaxin Zhu , Wensheng Dou , Jun Wei

Cybersecurity is increasingly threatened by advanced and persistent attacks. As these attacks are often designed to disable a system (or a critical resource, e.g., a user account) repeatedly, it is crucial for the defender to keep updating…

Machine Learning · Computer Science 2016-12-05 Zizhan Zheng , Ness B. Shroff , Prasant Mohapatra

Effective caching is crucial for the performance of modern-day computing systems. A key optimization problem arising in caching -- which item to evict to make room for a new item -- cannot be optimally solved without knowing the future.…

Machine Learning · Computer Science 2021-06-29 Jakub Chłędowski , Adam Polak , Bartosz Szabucki , Konrad Zolna

Caches have become the prime method for unintended information extraction across logical isolation boundaries. Even Spectre and Meltdown rely on the cache side channel, as it provides great resolution and is widely available on all major…

Cryptography and Security · Computer Science 2019-04-15 Samira Briongos , Pedro Malagón , José M. Moya , Thomas Eisenbarth

The practice of continuous deployment has enabled companies to reduce time-to-market by increasing the rate at which software can be deployed. However, deploying more frequently bears the risk that occasionally defective changes are…

Software Engineering · Computer Science 2022-06-24 Michael Lindon , Chris Sanden , Vaché Shirikian

Security holds an important role in a software. Most people are not aware of the significance of security in software system and tend to assume that they will be fine without security in their software systems. However, the lack of security…

Software Engineering · Computer Science 2020-12-25 Ariessa Davaindran Lingham , Nelson Tang Kwong Kin , Chen Wan Jing , Chong Heng Loong , Fatima-tuz-Zahra

Motivation: Code understandability is crucial in software development, as developers spend 58% to 70% of their time reading source code. Improving it can improve productivity and reduce maintenance costs. Problem: Experimental studies often…

Software Engineering · Computer Science 2024-11-13 Delano Oliveira , Reydne Santos , Benedito de Oliveira , Martin Monperrus , Fernando Castor , Fernanda Madeiral

Identifying recurring vulnerabilities is crucial for ensuring software security. Clone-based techniques, while widely used, often generate many false alarms due to the existence of similar but patched (SBP) code, which is similar to…

Software Engineering · Computer Science 2026-02-10 Zixuan Tan , Jiayuan Zhou , Xing Hu , Shengyi Pan , Kui Liu , Xin Xia