English
Related papers

Related papers: Fakeium: A Dynamic Execution Environment for JavaS…

200 papers

JSConTest introduced the notions of effect monitoring and dynamic effect inference for JavaScript. It enables the description of effects with path specifications resembling regular expressions. It is implemented by an offline source code…

Programming Languages · Computer Science 2013-12-12 Matthias Keil , Peter Thiemann

Static analysis is a powerful tool for detecting security vulnerabilities and other programming problems. Global taint tracking, in particular, can spot vulnerabilities arising from complicated data flow across multiple functions. However,…

Software Engineering · Computer Science 2023-01-26 Yiu Wai Chow , Max Schäfer , Michael Pradel

Malware writers have employed various obfuscation and polymorphism techniques to thwart static analysis approaches and bypassing antivirus tools. Dynamic analysis techniques, however, have essentially overcome these deceits by observing the…

Cryptography and Security · Computer Science 2014-10-09 Waqas Aman

Large Language Model (LLM)-based agents increasingly rely on APIs to operate complex web applications, but rapid evolution often leads to incomplete or inconsistent API documentation. Existing work falls into two categories: (1) static,…

Software Engineering · Computer Science 2026-03-26 Yanjing Yang , Chenxing Zhong , Ke Han , Zeru Cheng , Jinwei Xu , Xin Zhou , He Zhang , Bohan Liu

The Go programming language has become increasingly popular among malware developers due to its ability to produce statically linked, cross-platform executables that challenge traditional analysis techniques. These binaries embed a…

Cryptography and Security · Computer Science 2026-05-15 Hala Ali , Andrew Case , Irfan Ahmed

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research…

Cryptography and Security · Computer Science 2025-09-03 Eric Cornelissen , Musard Balliu

Malicious websites are responsible for a majority of the cyber-attacks and scams today. Malicious URLs are delivered to unsuspecting users via email, text messages, pop-ups or advertisements. Clicking on or crawling such URLs can result in…

Cryptography and Security · Computer Science 2019-10-15 Apoorva Joshi , Levi Lloyd , Paul Westin , Srini Seethapathy

Dynamic malware analysis executes the program in an isolated environment and monitors its run-time behaviour (e.g. system API calls) for malware detection. This technique has been proven to be effective against various code obfuscation…

Cryptography and Security · Computer Science 2020-01-27 Zhaoqi Zhang , Panpan Qi , Wei Wang

Modern websites heavily rely on JavaScript (JS) to implement legitimate functionality as well as privacy-invasive advertising and tracking. Browser extensions such as NoScript block any script not loaded by a trusted list of endpoints, thus…

Cryptography and Security · Computer Science 2023-03-27 Abdul Haddi Amjad , Zubair Shafiq , Muhammad Ali Gulzar

WebAssembly (Wasm), as a compact, fast, and isolation-guaranteed binary format, can be compiled from more than 40 high-level programming languages. However, vulnerabilities in Wasm binaries could lead to sensitive data leakage and even…

Cryptography and Security · Computer Science 2024-08-19 Ningyu He , Zhehao Zhao , Hanqin Guan , Jikai Wang , Shuo Peng , Ding Li , Haoyu Wang , Xiangqun Chen , Yao Guo

The continuous increase in malware samples, both in sophistication and number, presents many challenges for organizations and analysts, who must cope with thousands of new heterogeneous samples daily. This requires robust methods to quickly…

Cryptography and Security · Computer Science 2025-03-26 Theodoros Apostolopoulos , Vasilios Koutsokostas , Nikolaos Totosis , Constantinos Patsakis , Georgios Smaragdakis

TypeScript is a quickly evolving superset of JavaScript with active development of new features. Our paper seeks to understand how quickly these features are adopted by the developer community. Existing work in JavaScript shows the adoption…

Software Engineering · Computer Science 2023-03-20 Joshua D. Scarsbrook , Mark Utting , Ryan K. L. Ko

Popularity and complexity of malicious mobile applications are rising, making their analysis difficult and labor intensive. Mobile application analysis is indeed inherently different from desktop application analysis: In the latter, the…

Cryptography and Security · Computer Science 2014-02-21 Andrea Gianazza , Federico Maggi , Aristide Fattori , Lorenzo Cavallaro , Stefano Zanero

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

The amount of Android malware has increased greatly during the last few years. Static analysis is widely used in detecting such malware by analyzing the code without execution. The effectiveness of current tools relies on the app model as…

Cryptography and Security · Computer Science 2016-04-11 Mohsin Junaid , Donggang Liu , David Kung

The explosive growth of mini-game platforms has led to widespread code plagiarism, where malicious users access popular games' source code and republish them with modifications. While existing static analysis tools can detect simple…

Cryptography and Security · Computer Science 2025-08-05 Zhihao Li , Chaozheng Wang , Zongjie Li , Xinyong Peng , Qun Xia , Haochuan Lu , Ting Xiong , Shuzheng Gao , Cuiyun Gao , Shuai Wang , Yuetang Deng , Huafeng Ma

Malicious scripts are an important computer infection threat vector in the wild. For web-scale processing, static analysis offers substantial computing efficiencies. We propose the ScriptNet system for neural malicious JavaScript detection…

Cryptography and Security · Computer Science 2019-04-03 Jack W. Stokes , Rakshit Agrawal , Geoff McDonald , Matthew Hausknecht

WebAssembly is a low-level bytecode language that allows high-level languages like C, C++, and Rust to be executed in the browser at near-native performance. In recent years, WebAssembly has gained widespread adoption is now natively…

Cryptography and Security · Computer Science 2024-03-25 Håkon Harnes , Donn Morrison

AI applications pose increasing demands on performance, so it is not surprising that the era of client-side distributed software is becoming important. On top of many AI applications already using mobile hardware, and even browsers for…

Artificial Intelligence · Computer Science 2018-02-13 Bernd Malle , Nicola Giuliani , Peter Kieseberg , Andreas Holzinger

Static analysis is the analysis of a program without executing it, usually carried out by an automated tool. Symbolic execution is a popular static analysis technique used both in program verification and in bug detection software. It works…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Zoltan Porkolab