English
Related papers

Related papers: SpellBound: Defending Against Package Typosquattin…

200 papers

Large Language Models (LLMs) have become an essential tool in the programmer's toolkit, but their tendency to hallucinate code can be used by malicious actors to introduce vulnerabilities to broad swathes of the software supply chain. In…

Machine Learning · Computer Science 2025-02-03 Arjun Krishna , Erick Galinkin , Leon Derczynski , Jeffrey Martin

Today, many different types of scams can be found on the internet. Online criminals are always finding new creative ways to trick internet users, be it in the form of lottery scams, downloading scam apps for smartphones or fake gambling…

Cryptography and Security · Computer Science 2020-04-07 Tobias Dam , Lukas Daniel Klausner , Sebastian Schrittwieser

Open-source ecosystems such as NPM and PyPI are increasingly targeted by supply chain attacks, yet existing detection methods either depend on fragile handcrafted rules or data-driven features that fail to capture evolving attack semantics.…

Software Engineering · Computer Science 2026-01-26 Wenbo Guo , Shiwen Song , Jiaxun Guo , Zhengzi Xu , Chengwei Liu , Haoran Ou , Mengmeng Ge , Yang Liu

The npm registry is one of the pillars of the JavaScript and TypeScript ecosystems, hosting over 1.7 million packages ranging from simple utility libraries to complex frameworks and entire applications. Due to the overwhelming popularity of…

Cryptography and Security · Computer Science 2022-03-01 Adriana Sejfia , Max Schäfer

String obfuscation is an established technique used by proprietary, closed-source applications to protect intellectual property. Furthermore, it is also frequently used to hide spyware or malware in applications. In both cases, the…

Cryptography and Security · Computer Science 2020-09-10 Leonid Glanz , Patrick Müller , Lars Baumgärtner , Michael Reif , Sven Amann , Pauline Anthonysamy , Mira Mezini

Developers are increasingly integrating Language Models (LMs) into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input…

Cryptography and Security · Computer Science 2025-05-14 Muhammad Ibrahim , Gűliz Seray Tuncay , Z. Berkay Celik , Aravind Machiry , Antonio Bianchi

Existing code benchmarks measure whether an agent can produce any test that reproduces a known bug, or whether it can produce a patch that fixes a described issue. Neither isolates the distinct skill of property-based testing: deriving a…

Software Engineering · Computer Science 2026-05-21 Lucas Jing , Xinqi Wang , Liao Zhang , Simon S. Du

A Blockchain Name System (BNS) simplifies the process of sending cryptocurrencies by replacing complex cryptographic recipient addresses with human-readable names, making the transactions more convenient. Unfortunately, these names can be…

Cryptography and Security · Computer Science 2024-11-04 Muhammad Muzammil , Zhengyu Wu , Lalith Harisha , Brian Kondracki , Nick Nikiforakis

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern,…

Software Engineering · Computer Science 2025-09-05 Haowei Quan , Junjie Wang , Xinzhe Li , Terry Yue Zhuo , Xiao Chen , Xiaoning Du

Spell-checking is the process of detecting and sometimes providing suggestions for incorrectly spelled words in a text. Basically, the larger the dictionary of a spell-checker is, the higher is the error detection rate; otherwise,…

Computation and Language · Computer Science 2012-04-03 Youssef Bassil

Software vulnerabilities are a fundamental cause of cyber attacks. Effectively identifying these vulnerabilities is essential for robust cybersecurity, yet it remains a complex and challenging task. In this paper, we present SafePyScript, a…

Software Engineering · Computer Science 2024-11-04 Talaya Farasat , Atiqullah Ahmadzai , Aleena Elsa George , Sayed Alisina Qaderi , Dusan Dordevic , Joachim Posegga

Backdoor attacks create significant security threats to language models by embedding hidden triggers that manipulate model behavior during inference, presenting critical risks for AI systems deployed in healthcare and other sensitive…

Cryptography and Security · Computer Science 2026-04-30 Mohamed Afane , Abhishek Satyam , Ke Chen , Tao Li , Junaid Farooq , Juntao Chen

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or…

Cryptography and Security · Computer Science 2024-02-13 S. Halder , M. Bewong , A. Mahboubi , Y. Jiang , R. Islam , Z. Islam , R. Ip , E. Ahmed , G. Ramachandran , A. Babar

Malicious package detection has become a critical task in ensuring the security and stability of the PyPI. Existing detection approaches have focused on advancing model selection, evolving from traditional machine learning (ML) models to…

Cryptography and Security · Computer Science 2025-06-18 Xingan Gao , Xiaobing Sun , Sicong Cao , Kaifeng Huang , Di Wu , Xiaolei Liu , Xingwei Lin , Yang Xiang

With more than 294 million registered domain names as of late 2015, the domain name ecosystem has evolved to become a cornerstone for the operation of the Internet. Domain names today serve everyone, from individuals for their online…

Cryptography and Security · Computer Science 2016-03-10 Jeffrey Spaulding , Shambhu Upadhyaya , Aziz Mohaisen

We introduce NeuSpell, an open-source toolkit for spelling correction in English. Our toolkit comprises ten different models, and benchmarks them on naturally occurring misspellings from multiple sources. We find that many systems do not…

Computation and Language · Computer Science 2020-10-22 Sai Muralidhar Jayanthi , Danish Pruthi , Graham Neubig

Sound-squatting is a phishing attack that tricks users into malicious resources by exploiting similarities in the pronunciation of words. Proactive defense against sound-squatting candidates is complex, and existing solutions rely on…

Cryptography and Security · Computer Science 2023-10-12 Rodolfo Valentim , Idilio Drago , Marco Mellia , Federico Cerutti

Many software applications incorporate open-source third-party packages distributed by public package registries. Guaranteeing authorship along this supply chain is a challenge. Package maintainers can guarantee package authorship through…

Today, many different types of scams can be found on the internet. Online criminals are always finding new creative ways to trick internet users, be it in the form of lottery scams, downloading scam apps for smartphones or fake gambling…

Cryptography and Security · Computer Science 2020-01-22 Tobias Dam , Lukas Daniel Klausner , Damjan Buhov , Sebastian Schrittwieser

Vulnerabilities severely threaten software systems, making the timely application of security patches crucial for mitigating attacks. However, software vendors often silently patch vulnerabilities with limited disclosure, where Security…

Software Engineering · Computer Science 2026-01-12 Qingyuan Li , Chenchen Yu , Chuanyi Li , Xin-Cheng Wen , Cheryl Lee , Cuiyun Gao , Bin Luo