English
Related papers

Related papers: Predicting Likely-Vulnerable Code Changes: Machine…

200 papers

To effectively guide the exploration of the code transform space for automated code evolution techniques, we present in this paper the first approach for structurally predicting code transforms at the level of AST nodes using conditional…

Software Engineering · Computer Science 2023-06-06 Zhongxing Yu , Matias Martinez , Zimin Chen , Tegawendé F. Bissyandé , Martin Monperrus

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced…

Cryptography and Security · Computer Science 2026-02-03 Ranjith Krishnamurthy , Oshando Johnson , Goran Piskachev , Eric Bodden

With the rapid advancement of machine learning (ML), ML-based Android malware detection has gained significant popularity due to its ability to automatically learn malicious patterns from Android apps. However, the lack of an in-depth and…

Cryptography and Security · Computer Science 2026-04-21 Jiahao Liu , Jun Zeng , Fabio Pierazzi , Ziqi Yang , Lorenzo Cavallaro , Zhenkai Liang

As blockchain technology and smart contracts become widely adopted, securing them throughout every stage of the transaction process is essential. The concern of improved security for smart contracts is to find and detect vulnerabilities…

Cryptography and Security · Computer Science 2025-03-11 S M Mostaq Hossain , Amani Altarawneh , Jesse Roberts

Change-based code review is used widely in industrial software development. Thus, research on tools that help the reviewer to achieve better review performance can have a high impact. We analyze one possibility to provide cognitive support…

Software Engineering · Computer Science 2018-12-27 Tobias Baum , Steffen Herbold , Kurt Schneider

Background: Static Application Security Testing (SAST) tools purport to assist developers in detecting security issues in source code. These tools typically use rule-based approaches to scan source code for security vulnerabilities.…

Software Engineering · Computer Science 2021-07-19 Roland Croft , Dominic Newlands , Ziyu Chen , M. Ali Babar

Accompanying the successes of learning-based defensive software vulnerability analyses is the lack of large and quality sets of labeled vulnerable program samples, which impedes further advancement of those defenses. Existing automated…

Software Engineering · Computer Science 2024-01-08 Yu Nong , Richard Fang , Guangbei Yi , Kunsong Zhao , Xiapu Luo , Feng Chen , Haipeng Cai

Detecting vulnerabilities in source code remains a critical yet challenging task, especially when benign and vulnerable functions share significant similarities. In this work, we introduce VulTrial, a courtroom-inspired multi-agent…

Third-party libraries (TPLs) have become a significant part of the Android ecosystem. Developers can employ various TPLs to facilitate their app development. Unfortunately, the popularity of TPLs also brings new security issues. For…

Software Engineering · Computer Science 2021-08-05 Xian Zhan , Tianming Liu , Yepang Liu , Yang Liu , Li Li , Haoyu Wang , Xiapu Luo

Android apps could expose their components for cooperating with other apps. This convenience, however, makes apps susceptible to the exposed component vulnerability (ECV), in which a dangerous API (commonly known as sink) inside its…

Cryptography and Security · Computer Science 2014-05-27 Daoyuan Wu , Xiapu Luo , Rocky K. C. Chang

In the past decade, the cyber-crime related to mobile devices has increased. Mobile devices, especially the ones running on Android operating system are particularly interesting to malware creators, as the users often keep the biggest…

Cryptography and Security · Computer Science 2019-10-24 Nikola Milosevic , Junfan Huang

The detection of software vulnerabilities (or vulnerabilities for short) is an important problem that has yet to be tackled, as manifested by the many vulnerabilities reported on a daily basis. This calls for machine learning methods for…

Machine Learning · Computer Science 2021-01-27 Zhen Li , Deqing Zou , Shouhuai Xu , Hai Jin , Yawei Zhu , Zhaoxuan Chen

Application Programming Interface (API) incompatibility is a long-standing issue in Android application development. The rapid evolution of Android APIs results in a significant number of API additions, removals, and changes between…

Software Engineering · Computer Science 2024-06-27 Shidong Pan , Tianchen Guo , Lihong Zhang , Pei Liu , Zhenchang Xing , Xiaoyu Sun

Android Malware has emerged as a consequence of the increasing popularity of smartphones and tablets. While most previous work focuses on inherent characteristics of Android apps to detect malware, this study analyses indirect features and…

Cryptography and Security · Computer Science 2017-12-13 Ignacio Martín , José Alberto Hernández , Alfonso Muñoz , Antonio Guzmán

The lack of comprehensive sources of accurate vulnerability data represents a critical obstacle to studying and understanding software vulnerabilities (and their corrections). In this paper, we present an approach that combines heuristics…

Software Engineering · Computer Science 2025-03-18 Daan Hommersom , Antonino Sabetta , Bonaventura Coppola , Dario Di Nucci , Damian A. Tamburri

Deep learning (DL) models have become increasingly popular in identifying software vulnerabilities. Prior studies found that vulnerabilities across different vulnerable programs may exhibit similar vulnerable scopes, implicitly forming…

Cryptography and Security · Computer Science 2023-06-13 Michael Fu , Trung Le , Van Nguyen , Chakkrit Tantithamthavorn , Dinh Phung

The increasing complexity of software has led to the steady growth of vulnerabilities. Vulnerability repair investigates how to fix software vulnerabilities. Manual vulnerability repair is labor-intensive and time-consuming because it…

Software Engineering · Computer Science 2025-06-16 Yiwei Hu , Zhen Li , Kedie Shu , Shenghua Guan , Deqing Zou , Shouhuai Xu , Bin Yuan , Hai Jin

Code review is an essential part to software development lifecycle since it aims at guaranteeing the quality of codes. Modern code review activities necessitate developers viewing, understanding and even running the programs to assess…

Software Engineering · Computer Science 2022-10-12 Zhiyu Li , Shuai Lu , Daya Guo , Nan Duan , Shailesh Jannu , Grant Jenks , Deep Majumder , Jared Green , Alexey Svyatkovskiy , Shengyu Fu , Neel Sundaresan

Developers create modern software applications (Apps) on top of third-party libraries (Libs). When library vulnerabilities are reachable through application code, the applications can be vulnerable to software supply chain attacks. Prior…

Cryptography and Security · Computer Science 2026-05-06 Shravya Kanchi , Xiaoyan Zang , Ying Zhang , Danfeng Yao , Na Meng

Weaknesses in computer systems such as faults, bugs and errors in the architecture, design or implementation of software provide vulnerabilities that can be exploited by attackers to compromise the security of a system. Common Weakness…

Machine Learning · Computer Science 2021-02-24 Siddhartha Shankar Das , Edoardo Serra , Mahantesh Halappanavar , Alex Pothen , Ehab Al-Shaer