English
Related papers

Related papers: Malicious Source Code Detection Using Transformer

200 papers

Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as…

Cryptography and Security · Computer Science 2026-04-21 Nges Brian Njungle , Edwin P. Kayang , Mishel J. Paul , Michel A. Kinsy

In Go, the widespread adoption of open-source software has led to a flourishing ecosystem of third-party dependencies, which are often integrated into critical systems. However, the reuse of dependencies introduces significant supply chain…

Cryptography and Security · Computer Science 2025-09-05 Carmine Cesarano , Vivi Andersson , Roberto Natella , Martin Monperrus

Package managers have become a vital part of the modern software development process. They allow developers to reuse third-party code, share their own code, minimize their codebase, and simplify the build process. However, recent reports…

Cryptography and Security · Computer Science 2020-12-03 Ruian Duan , Omar Alrawi , Ranjita Pai Kasturi , Ryan Elder , Brendan Saltaformaggio , Wenke Lee

Malicious software is an integral part of cybercrime defense. Due to the growing number of malicious attacks and their target sources, detecting and preventing the attack becomes more challenging due to the assault's changing behavior. The…

Cryptography and Security · Computer Science 2023-08-10 Mohammad Aziz , Ali Saeed Alfoudi

With the booming development of blockchain technology, smart contracts have been widely used in finance, supply chain, Internet of things and other fields in recent years. However, the security problems of smart contracts become…

Cryptography and Security · Computer Science 2026-02-03 Huanhuan Zou , Zongwei Li , Xiaoqi Li

In modern software development workflows, the open-source software supply chain contributes significantly to efficient and convenient engineering practices. With increasing system complexity, using open-source software as third-party…

Software Engineering · Computer Science 2025-11-18 Zihe Yan , Kai Luo , Haoyu Yang , Yang Yu , Zhuosheng Zhang , Guancheng Li

Modern software supply chains face an increasing threat from malicious code hidden in trusted components such as browser extensions, IDE extensions, and open-source packages. This paper introduces JavaSith, a novel client-side framework for…

Cryptography and Security · Computer Science 2025-05-28 Avihay Cohen

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

This paper proposes a generic classification system designed to detect security threats based on the behavior of malware samples. The system relies on statistical features computed from proxy log fields to train detectors using a database…

Machine Learning · Statistics 2017-02-09 Lukas Machlica , Karel Bartos , Michal Sofka

Signature-based malware detectors have proven to be insufficient as even a small change in malignant executable code can bypass these signature-based detectors. Many machine learning-based models have been proposed to efficiently detect a…

Cryptography and Security · Computer Science 2024-09-02 Yash Jakhotiya , Heramb Patil , Jugal Rawlani , Sunil B. Mane

With the advent of large language models (LLMs), numerous software service providers (SSPs) are dedicated to developing LLMs customized for code generation tasks, such as CodeLlama and Copilot. However, these LLMs can be leveraged by…

Cryptography and Security · Computer Science 2025-04-22 Kaiwen Ning , Jiachi Chen , Qingyuan Zhong , Tao Zhang , Yanlin Wang , Wei Li , Jingwen Zhang , Jianxing Yu , Yuming Feng , Weizhe Zhang , Zibin Zheng

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly…

Cryptography and Security · Computer Science 2026-01-27 Duc-Ly Vu , Thanh-Cong Nguyen , Minh-Khanh Vu , Ngoc-Thanh Nguyen , Kim-Anh Do Thi

The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically,…

Cryptography and Security · Computer Science 2023-05-24 Betul Gokkaya , Leonardo Aniello , Basel Halak

Secure by Design has become the mainstream development approach ensuring that software systems are not vulnerable to cyberattacks. Architectural security controls need to be carefully monitored over the software development life cycle to…

Software Engineering · Computer Science 2023-07-13 Ahmet Okutan , Ali Shokri , Viktoria Koscinski , Mohamad Fazelinia , Mehdi Mirakhorli

Be it for a malicious or legitimate purpose, packing, a transformation that consists in applying various operations like compression or encryption to a binary file, i.e. for making reverse engineering harder or obfuscating code, is widely…

Cryptography and Security · Computer Science 2023-02-21 Alexandre D'Hondt , Charles-Henry Bertrand Van Ouytsel , Axel Legay

Static detection technologies based on signature-based approaches that are widely used in Android platform to detect malicious applications. It can accurately detect malware by extracting signatures from test data and then comparing the…

Cryptography and Security · Computer Science 2017-09-27 Sanya Chaba , Rahul Kumar , Rohan Pant , Mayank Dave

Malicious URLs persistently threaten the cybersecurity ecosystem, by either deceiving users into divulging private data or distributing harmful payloads to infiltrate host systems. Gaining timely insights into the current state of this…

Cryptography and Security · Computer Science 2025-06-03 Ye Tian , Yanqiu Yu , Jianguo Sun , Yanbin Wang

LLM-powered coding agents increasingly make software supply chain decisions. They generate imports, recommend packages, and write installation commands. Prior work showed that these systems can hallucinate non-existent package names, which…

Cryptography and Security · Computer Science 2026-05-12 Yiyong Liu , Chia-Yi Hsu , Chun-Ying Huang , Michael Backes , Rui Wen , Chia-Mu Yu

Where can we find malware source code? This question is motivated by a real need: there is a dearth of malware source code, which impedes various types of security research. Our work is driven by the following insight: public archives, like…

Cryptography and Security · Computer Science 2020-06-01 Md Omar Faruk Rokon , Risul Islam , Ahmad Darki , Vagelis E. Papalexakis , Michalis Faloutsos

In today's digital landscape, the importance of timely and accurate vulnerability detection has significantly increased. This paper presents a novel approach that leverages transformer-based models and machine learning techniques to…

Software Engineering · Computer Science 2025-01-10 Daniele Cipollone , Changjie Wang , Mariano Scazzariello , Simone Ferlin , Maliheh Izadi , Dejan Kostic , Marco Chiesa