English
Related papers

Related papers: A Smart and Defensive Human-Machine Approach to Co…

200 papers

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Detecting performance issues due to suboptimal code during the development process can be a daunting task, especially when it comes to localizing them after noticing performance degradation after deployment. Static analysis has the…

Software Engineering · Computer Science 2021-05-06 Aaron Beigelbeck , Maurício Aniche , Jürgen Cito

Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six…

Software Engineering · Computer Science 2025-08-07 Damian Gnieciak , Tomasz Szandala

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation…

Software Engineering · Computer Science 2024-02-13 Mugdha Khedkar , Eric Bodden

Malware writers have employed various obfuscation and polymorphism techniques to thwart static analysis approaches and bypassing antivirus tools. Dynamic analysis techniques, however, have essentially overcome these deceits by observing the…

Cryptography and Security · Computer Science 2014-10-09 Waqas Aman

We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type…

Software Engineering · Computer Science 2019-10-01 Steven P. Reiss

Cyber-physical systems are found in many applications such as power networks, manufacturing processes, and air and ground transportation systems. Maintaining security of these systems under cyber attacks is an important and challenging…

Systems and Control · Computer Science 2016-06-13 Young Hwan Chang , Qie Hu , Claire J. Tomlin

Program analysis is a technique to reason about programs without executing them, and it has various applications in compilers, integrated development environments, and security. In this work, we present a machine learning pipeline that…

Programming Languages · Computer Science 2017-11-06 Wasuwee Sodsong , Bernhard Scholz , Sanjay Chawla

As machine-learning (ML) based systems for malware detection become more prevalent, it becomes necessary to quantify the benefits compared to the more traditional anti-virus (AV) systems widely used today. It is not practical to build an…

Cryptography and Security · Computer Science 2018-06-14 William Fleshman , Edward Raff , Richard Zak , Mark McLean , Charles Nicholas

With the increasing concern for security in the network, many approaches are laid out that try to protect the network from unauthorised access. New methods have been adopted in order to find the potential discrepancies that may damage the…

Cryptography and Security · Computer Science 2014-03-28 Sheetal Bairwa , Bhawna Mewara , Jyoti Gajrani

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a…

Cryptography and Security · Computer Science 2019-04-09 Tran Tri Dang , Tran Khanh Dang

Static analysis is an essential component of many modern software development tools. Unfortunately, the ever-increasing complexity of static analyzers makes their coding error-prone. Even analysis tools based on rigorous mathematical…

Software Engineering · Computer Science 2025-05-08 Daniela Ferreiro , Ignacio Casso , Jose F. Morales , Pedro López-García , Manuel V. Hermenegildo

Static analysis is widely used for software assurance. However, static analysis tools can report an overwhelming number of warnings, many of which are false positives. Applying static analysis to a new version, a large number of warnings…

Software Engineering · Computer Science 2023-05-05 Xiuyuan Guo , Ashwin Kallingal Joshy , Benjamin Steenhoek , Wei Le , Lori Flynn

Static analysis techniques enhance the security, performance, and reliability of programs by analyzing and portraiting program behaviors without the need for actual execution. In essence, static analysis takes the Intermediate…

Programming Languages · Computer Science 2024-05-22 Bowen Zhang , Wei Chen , Hung-Chun Chiu , Charles Zhang

This paper investigates code LLMs' capability of static analysis during code intelligence tasks such as code summarization and generation. Code LLMs are now household names for their abilities to do some programming tasks that have…

Software Engineering · Computer Science 2026-03-27 Chia-Yi Su , Collin McMillan

Despite their remarkable success, large language models (LLMs) have shown limited ability on safety-critical code tasks such as vulnerability detection. Typically, static analysis (SA) tools, like CodeQL, CodeGuru Security, etc., are used…

Cryptography and Security · Computer Science 2025-09-15 Ira Ceka , Feitong Qiao , Anik Dey , Aastha Valecha , Gail Kaiser , Baishakhi Ray

This paper proposes an approach for a tool-agnostic and heterogeneous static code analysis toolchain in combination with an exchange format. This approach enhances both traceability and comparability of analysis results. State of the art…

Software Engineering · Computer Science 2024-03-12 Matthias Kern , Ferhat Erata , Markus Iser , Carsten Sinz , Frederic Loiret , Stefan Otten , Eric Sax

Large language models (LLMs) are becoming more advanced and widespread and have shown their applicability to various domains, including cybersecurity. Static malware analysis is one of the most important tasks in cybersecurity; however, it…

Cryptography and Security · Computer Science 2024-11-25 Shota Fujii , Rei Yamagishi