English
Related papers

Related papers: Creating a vulnerable node based on the vulnerabil…

200 papers

SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities have enabled the notorious Meltdown, Spectre, and L1 terminal fault (L1TF) attacks. While a number of studies have reported different variants of SPEECH vulnerabilities,…

Cryptography and Security · Computer Science 2019-12-11 Yuan Xiao , Yinqian Zhang , Radu Teodorescu

The convolutional neural network (CNN) architecture is increasingly being applied to new domains, such as malware detection, where it is able to learn malicious behavior from raw bytes extracted from executables. These architectures reach…

Machine Learning · Computer Science 2019-04-16 Octavian Suciu , Scott E. Coull , Jeffrey Johns

Spectre v1 attacks, which exploit conditional branch misprediction, are often identified with attacks that bypass array bounds checking to leak data from a victim's memory. Generally, however, Spectre v1 attacks can exploit any conditional…

Cryptography and Security · Computer Science 2021-07-05 Ofek Kirzner , Adam Morrison

This paper presents results from the MSR 2021 Hackathon. Our team investigates files/projects that contain known security vulnerabilities and how widespread they are throughout repositories in open source software. These security…

Software Engineering · Computer Science 2021-03-24 David Reid , Kalvin Eng , Chris Bogart , Adam Tutko

One of the most prevalent source of side channel vulnerabilities is the secret-dependent behavior of conditional branches (SDBCB). The state-of-the-art solution relies on Constant-Time Expressions, which require high programming effort and…

Cryptography and Security · Computer Science 2020-07-30 Andrea Mondelli , Paul Gazzillo , Yan Solihin

Vulnerability is a weakness, shortcoming or flaw in the system or network infrastructure which can be used by an attacker to harm the system, disrupt its normal operation and use it for his financial, competitive or other motives or just…

Social and Information Networks · Computer Science 2014-03-27 Dharmendra Singh , Rakhi Sinha , Pawan Songara , Dr. Rakesh Rathi

Many studies have developed Machine Learning (ML) approaches to detect Software Vulnerabilities (SVs) in functions and fine-grained code statements that cause such SVs. However, there is little work on leveraging such detection outputs for…

Software Engineering · Computer Science 2022-03-17 Triet H. M. Le , M. Ali Babar

Software security vulnerabilities allow attackers to perform malicious activities to disrupt software operations. Recent Transformer-based language models have significantly advanced vulnerability detection, surpassing the capabilities of…

Cryptography and Security · Computer Science 2024-06-11 Aidan Z. H. Yang , Haoye Tian , He Ye , Ruben Martins , Claire Le Goues

A system vulnerability analysis technique (SVAT) for complex mission critical systems (CMCS) was developed in response to the need to be able to conduct penetration testing on large industrial systems which cannot be taken offline or risk…

Cryptography and Security · Computer Science 2023-06-08 Matthew Tassava , Cameron Kolodjski , Jeremy Straub

The Model Context Protocol (MCP) is a recently proposed interoperability standard that unifies how AI agents connect with external tools and data sources. By defining a set of common client-server message exchange clauses, MCP replaces…

Cryptography and Security · Computer Science 2026-03-12 Nanzi Yang , Weiheng Bai , Kangjie Lu

Attack graphs are one of the main techniques used to automate the risk assessment process. In order to derive a relevant attack graph, up-to-date information on known attack techniques should be represented as interaction rules. Designing…

Cryptography and Security · Computer Science 2020-08-12 Hodaya Binyamini , Ron Bitton , Masaki Inokuchi , Tomohiko Yagyu , Yuval Elovici , Asaf Shabtai

While machine learning is vulnerable to adversarial examples, it still lacks systematic procedures and tools for evaluating its security in different application contexts. In this article, we discuss how to develop automated and scalable…

Cryptography and Security · Computer Science 2022-07-13 Luca Demetrio , Battista Biggio , Fabio Roli

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials (SBOM)-based pipelines for security analysis typically…

Software Engineering · Computer Science 2026-04-08 Laura Baird , Armin Moin

Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent…

Software Engineering · Computer Science 2026-01-29 Laura Baird , Armin Moin

Zero-day attacks pose severe cybersecurity risks due to their high success rates and stealth. Because signature-based approaches struggle to detect such attacks, building Intrusion Detection Systems (IDSs) for detecting zero-day attacks is…

Cryptography and Security · Computer Science 2026-05-06 Nnamdi Jibunoh , Sara Khanchi , Adetokunbo Makanju

This paper explores how the current paradigm of vulnerability management might adapt to include machine learning systems through a thought experiment: what if flaws in machine learning (ML) were assigned Common Vulnerabilities and Exposures…

Cryptography and Security · Computer Science 2021-01-27 Jonathan M. Spring , April Galyardt , Allen D. Householder , Nathan VanHoudnos

In this paper we present an elaborated graph-based algorithmic technique for efficient malware detection. More precisely, we utilize the system-call dependency graphs (or, for short ScD graphs), obtained by capturing taint analysis traces…

Cryptography and Security · Computer Science 2014-12-31 Stavros D. Nikolopoulos , Iosif Polenakis

Engineering more secure software has become a critical challenge in the cyber world. It is very important to develop methodologies, techniques, and tools for developing secure software. To develop secure software, software developers need…

Software Engineering · Computer Science 2023-02-14 Nicholas Lasky , Benjamin Hallis , Mounika Vanamala , Rushit Dave , Jim Seliya

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole…

Cryptography and Security · Computer Science 2017-05-11 Federico De Meo , Luca Viganò

Training pipelines for machine learning (ML) based malware classification often rely on crowdsourced threat feeds, exposing a natural attack injection point. In this paper, we study the susceptibility of feature-based ML malware classifiers…

Cryptography and Security · Computer Science 2021-01-12 Giorgio Severi , Jim Meyer , Scott Coull , Alina Oprea