English
Related papers

Related papers: D2A: A Dataset Built for AI-Based Vulnerability De…

200 papers

In the past couple of decades, significant research efforts have been devoted to the prediction of software bugs (i.e., defects). In general, these works leverage a diverse set of metrics, tools, and techniques to predict which classes,…

Software Engineering · Computer Science 2024-08-06 Ehsan Mashhadi , Shaiful Chowdhury , Somayeh Modaberi , Hadi Hemmati , Gias Uddin

Data leakage is a well-known problem in machine learning. Data leakage occurs when information from outside the training dataset is used to create a model. This phenomenon renders a model excessively optimistic or even useless in the real…

Programming Languages · Computer Science 2024-08-07 Filip Drobnjaković , Pavle Subotić , Caterina Urban

This paper presents a theoretical framework for addressing the challenges posed by generative artificial intelligence (AI) in higher education assessment through a machine-versus-machine approach. Large language models like GPT-4, Claude,…

Computers and Society · Computer Science 2025-06-04 Mohammad Saleh Torkestani , Taha Mansouri

Large language models (LLMs) are increasingly used to generate requirements specifications, design documents, code, and test cases. In contrast, much less attention has been given to a more difficult assurance problem: statically verifying…

Software Engineering · Computer Science 2026-05-19 Zhi Quan Zhou , Dave Towey , Tsong Yueh Chen

Static analysis is a growing application of software engineering, leading to a range of essential security tools, bug-finding tools, as well as software verification. Recent years show an increase of universal static analysis tools that…

Programming Languages · Computer Science 2024-04-22 Avi Hayoun , Veselin Raychev , Jack Hair

We propose Instruct2Attack (I2A), a language-guided semantic attack that generates semantically meaningful perturbations according to free-form language instructions. We make use of state-of-the-art latent diffusion models, where we…

Computer Vision and Pattern Recognition · Computer Science 2023-11-28 Jiang Liu , Chen Wei , Yuxiang Guo , Heng Yu , Alan Yuille , Soheil Feizi , Chun Pong Lau , Rama Chellappa

In recent years, the importance of smart contract security has been heightened by the increasing number of attacks against them. To address this issue, a multitude of static application security testing (SAST) tools have been proposed for…

Software Engineering · Computer Science 2024-07-02 Kaixuan Li , Yue Xue , Sen Chen , Han Liu , Kairan Sun , Ming Hu , Haijun Wang , Yang Liu , Yixiang Chen

Probabilistic security assessment and real-time dynamic security assessments (DSA) are promising to better handle the risks of system operations. The current methodologies of security assessments may require many time-domain simulations for…

Systems and Control · Electrical Eng. & Systems 2023-01-06 Jochen L. Cremer , Goran Strbac

Automated Static Analysis Tools (ASATs) are part of software development best practices. ASATs are able to warn developers about potential problems in the code. On the one hand, ASATs are based on best practices so there should be a…

Software Engineering · Computer Science 2021-11-19 Alexander Trautsch , Steffen Herbold , Jens Grabowski

In recent years, defect prediction techniques based on deep learning have become a prominent research topic in the field of software engineering. These techniques can identify potential defects without executing the code. However, existing…

Software Engineering · Computer Science 2024-05-20 Ying Xing , Mengci Zhao , Bin Yang , Yuwei Zhang , Wenjin Li , Jiawei Gu , Jun Yuan

We present an alternative approach to creating static bug finders. Instead of relying on human expertise, we utilize deep neural networks to train static analyzers directly from data. In particular, we frame the problem of bug finding as a…

Software Engineering · Computer Science 2020-03-30 Yu Wang , Fengjuan Gao , Linzhang Wang , Ke Wang

Graphs of developer networks are important for software engineering research and practice. For these graphs to realistically represent the networks, accurate developer identities are imperative. We aim to identify developer identity errors…

Software Engineering · Computer Science 2019-01-14 Sadika Amreen , Audris Mockus , Chris Bogart , Yuxia Zhang , Russell Zaretzki

The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation.…

Cryptography and Security · Computer Science 2026-04-30 Sk Tanzir Mehedi , Raja Jurdak , Chadni Islam , Abu Bakar Siddique Mahi , Gowri Ramachandran

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Automated code vulnerability detection has gained increasing attention in recent years. The deep learning (DL)-based methods, which implicitly learn vulnerable code patterns, have proven effective in vulnerability detection. The performance…

Software Engineering · Computer Science 2023-08-22 Xin-Cheng Wen , Xinchen Wang , Cuiyun Gao , Shaohua Wang , Yang Liu , Zhaoquan Gu

Automated detection of software vulnerabilities is a fundamental problem in software security. Existing program analysis techniques either suffer from high false positives or false negatives. Recent progress in Deep Learning (DL) has…

Software Engineering · Computer Science 2020-09-16 Saikat Chakraborty , Rahul Krishna , Yangruibo Ding , Baishakhi Ray

Context: The IoT system infrastructure platform facility vulnerability attack has become the main battlefield of network security attacks. Most of the traditional vulnerability mining methods rely on vulnerability detection tools to realize…

Cryptography and Security · Computer Science 2022-12-06 Wen Zhou

To detect and fix bugs and security vulnerabilities, software companies use static analysis as part of the development process. However, static analysis code itself is also prone to bugs. To ensure a consistent level of precision, as…

Software Engineering · Computer Science 2018-01-16 Lisa Nguyen Quang Do , Stefan Krüger , Patrick Hill , Karim Ali , Eric Bodden

Finding and fixing buggy code is an important and cost-intensive maintenance task, and static analysis (SA) is one of the methods developers use to perform it. SA tools warn developers about potential bugs by scanning their source code for…

Software Engineering · Computer Science 2020-09-04 Yoshiki Higo , Shinpei Hayashi , Hideaki Hata , Meiyappan Nagappan

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp