English
Related papers

Related papers: Scalable Defect Detection via Traversal on Code Gr…

200 papers

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Static analysis is the analysis of a program without executing it, usually carried out by an automated tool. Symbolic execution is a popular static analysis technique used both in program verification and in bug detection software. It works…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Zoltan Porkolab

Identifying vulnerable code is a precautionary measure to counter software security breaches. Tedious expert effort has been spent to build static analyzers, yet insecure patterns are barely fully enumerated. This work explores a deep…

Artificial Intelligence · Computer Science 2021-09-09 Yufan Zhuang , Sahil Suneja , Veronika Thost , Giacomo Domeniconi , Alessandro Morari , Jim Laredo

Malware represents a significant security concern in today's digital landscape, as it can destroy or disable operating systems, steal sensitive user information, and occupy valuable disk space. However, current malware detection methods,…

Cryptography and Security · Computer Science 2023-12-21 Chenzhong Yin , Hantang Zhang , Mingxi Cheng , Xiongye Xiao , Xinghe Chen , Xin Ren , Paul Bogdan

Large language models (LLMs) have been proposed as powerful tools for detecting software vulnerabilities, where task-specific fine-tuning is typically employed to provide vulnerability-specific knowledge to the LLMs. However, existing…

Software Engineering · Computer Science 2025-07-22 Ruijun Feng , Hammond Pearce , Pietro Liguori , Yulei Sui

We introduce QLPro, a vulnerability detection framework that systematically integrates LLMs and static analysis tools to enable comprehensive vulnerability detection across entire open-source projects.We constructed a new dataset, JavaTest,…

Software Engineering · Computer Science 2025-07-22 Junze Hu , Xiangyu Jin , Yizhe Zeng , Yuling Liu , Yunpeng Li , Dan Du , Kaiyu Xie , Hongsong Zhu

Detecting vulnerabilities in source code is a critical task for software security assurance. Graph Neural Network (GNN) machine learning can be a promising approach by modeling source code as graphs. Early approaches treated code elements…

Cryptography and Security · Computer Science 2025-02-25 Yu Luo , Weifeng Xu , Dianxiang Xu

In order to ensure the quality of software and prevent attacks from hackers on critical systems, static analysis tools are frequently utilized to detect vulnerabilities in the early development phase. However, these tools often report a…

Software Engineering · Computer Science 2022-09-28 Thanh Trong Vu , Hieu Dinh Vo

Static code analysis is a powerful approach to detect quality deficiencies such as performance bottlenecks, safety violations or security vulnerabilities already during a software system's implementation. Yet, as current software systems…

Software Engineering · Computer Science 2017-10-23 Eric Bodden

While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large…

Cryptography and Security · Computer Science 2025-05-01 Baleegh Ahmad , Hammond Pearce , Ramesh Karri , Benjamin Tan

Given an attributed graph $G$ and a query node $q$, \underline{C}ommunity \underline{S}earch over \underline{A}ttributed \underline{G}raphs (CS-AG) aims to find a structure- and attribute-cohesive subgraph from $G$ that contains $q$.…

Social and Information Networks · Computer Science 2024-03-01 Yuxiang Wang , Shuzhan Ye , Xiaoliang Xu , Yuxia Geng , Zhenghe Zhao , Xiangyu Ke , Tianxing Wu

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

Static analysis, the process of examining code without executing it, is crucial for identifying software issues. Yet, static analysis is hampered by its complexity and the need for customization for different targets. Traditional static…

Software Engineering · Computer Science 2023-12-15 Yu Hao , Weiteng Chen , Ziqiao Zhou , Weidong Cui

Software vulnerabilities can pose severe harms to a computing system. They can lead to system crash, privacy leakage, or even physical damage. Correctly identifying vulnerabilities among enormous software codes in a timely manner is so far…

Cryptography and Security · Computer Science 2022-11-24 Jin Wang , Hui Xiao , Shuwen Zhong , Yinhao Xiao

GraphQL is an open-source data query and manipulation language for web applications, offering a flexible alternative to RESTful APIs. However, its dynamic execution model and lack of built-in security mechanisms expose it to vulnerabilities…

Cryptography and Security · Computer Science 2025-04-21 Omar Tsai , Jianing Li , Tsz Tung Cheung , Lejing Huang , Hao Zhu , Jianrui Xiao , Iman Sharafaldin , Mohammad A. Tayebi

Identifying vulnerabilities in the source code is essential to protect the software systems from cyber security attacks. It, however, is also a challenging step that requires specialized expertise in security and code representation. To…

Machine Learning · Computer Science 2022-02-08 Van-Anh Nguyen , Dai Quoc Nguyen , Van Nguyen , Trung Le , Quan Hung Tran , Dinh Phung

Source code plagiarism is a long-standing issue in tertiary computer science education. Many source code plagiarism detection tools have been proposed to aid in the detection of source code plagiarism. However, existing detection tools are…

Software Engineering · Computer Science 2021-04-23 Hayden Cheers , Yuqing Lin , Shamus P. Smith

Code reviews are one of the effective methods to estimate defectiveness in source code. However, the existing methods are dependent on experts or inefficient. In this paper, we improve the performance (in terms of speed and memory usage) of…

Software Engineering · Computer Science 2021-04-30 Ritu Kapur , Balwinder Sodhi , Poojith U Rao , Shipra Sharma

To compete with existing mobile architectures, MobileViG introduces Sparse Vision Graph Attention (SVGA), a fast token-mixing operator based on the principles of GNNs. However, MobileViG scales poorly with model size, falling at most 1%…

Computer Vision and Pattern Recognition · Computer Science 2024-06-11 William Avery , Mustafa Munir , Radu Marculescu