English
Related papers

Related papers: Detecting and Characterizing Low and No Functional…

200 papers

The use of third-party packages is becoming increasingly popular and has led to the emergence of large software package ecosystems with a maze of inter-dependencies. Since the reliance on these ecosystems enables developers to reduce…

Software Engineering · Computer Science 2023-06-21 Raula Gaikovina Kula , Katsuro Inoue , Christoph Treude

In this paper, we present the first comprehensive empirical study of specialized LLM-based detectors and compare them with traditional static analyzers at the project scale. Specifically, our study evaluates five latest and representative…

Software Engineering · Computer Science 2026-01-28 Fengjie Li , Jiajun Jiang , Dongchi Chen , Yingfei Xiong

The open-source software (OSS) ecosystem suffers from security threats caused by malware.However, OSS malware research has three limitations: a lack of high-quality datasets, a lack of malware diversity, and a lack of attack campaign…

Cryptography and Security · Computer Science 2025-04-18 Xiaoyan Zhou , Ying Zhang , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Large language models (LLMs) have developed rapidly in recent years, revolutionizing various fields. Despite their widespread success, LLMs heavily rely on external code dependencies from package management systems, creating a complex and…

Cryptography and Security · Computer Science 2025-09-01 Shuhan Liu , Xing Hu , Xin Xia , David Lo , Xiaohu Yang

A promising avenue for improving the effectiveness of behavioral-based malware detectors would be to combine fast traditional machine learning detectors with high-accuracy, but time-consuming deep learning models. The main idea would be to…

Cryptography and Security · Computer Science 2020-06-16 Ruimin Sun , Marcus Botacin , Nikolaos Sapountzis , Xiaoyong Yuan , Matt Bishop , Donald E Porter , Xiaolin Li , Andre Gregio , Daniela Oliveira

With the popularity of software ecosystems, the number of open source components (known as packages) has grown rapidly. Identifying high-quality and well-maintained packages from a large pool of packages to depend on is a basic and…

Software Engineering · Computer Science 2022-04-12 Suhaib Mujahid , Rabe Abdalkareem , Emad Shihab

Malicious package detection has become a critical task in ensuring the security and stability of the PyPI. Existing detection approaches have focused on advancing model selection, evolving from traditional machine learning (ML) models to…

Cryptography and Security · Computer Science 2025-06-18 Xingan Gao , Xiaobing Sun , Sicong Cao , Kaifeng Huang , Di Wu , Xiaolei Liu , Xingwei Lin , Yang Xiang

Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring makes metadata inspection and static code analysis…

Cryptography and Security · Computer Science 2025-03-04 Sk Tanzir Mehedi , Chadni Islam , Gowri Ramachandran , Raja Jurdak

Fault analysis is a powerful attack to stream ciphers. Up to now, the major idea of fault analysis is to simplify the cipher system by injecting some soft faults. We call it soft fault analysis. As a hardware-oriented stream cipher, Trivium…

Cryptography and Security · Computer Science 2009-07-15 Hu Yupu , Zhang Fengrong , Zhang Yiwei

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect…

Cryptography and Security · Computer Science 2022-10-11 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais , Serena Elisa Ponta

Recent high-profile incidents in open-source software have greatly raised practitioner attention on software supply chain attacks. To guard against potential malicious package updates, security practitioners advocate pinning dependency to…

Software Engineering · Computer Science 2025-02-11 Hao He , Bogdan Vasilescu , Christian Kästner

As control-flow protection gets widely deployed, it is difficult for attackers to corrupt control-data and achieve control-flow hijacking. Instead, data-oriented attacks, which manipulate non-control data, have been demonstrated to be…

Cryptography and Security · Computer Science 2024-05-03 Zhilong Wang , Haizhou Wang , Hong Hu , Peng Liu

Third-party Python libraries introduce dependency management overhead, supply chain risk, and deployment friction in constrained environments. A natural question is how much of this ecosystem can be replicated using only Python's standard…

Software Engineering · Computer Science 2026-05-21 Peng Ding , Rick Stevens

A precise vulnerability discovery model (VDM) will provide a useful insight to assess software security, and could be a good prediction instrument for both software vendors and users to understand security trends and plan ahead patching…

Cryptography and Security · Computer Science 2018-08-30 Viet Hung Nguyen , Fabio Massacci

The NPM package repository contains over two million packages and serves tens of billions of downloads per-week. Nearly every single JavaScript application uses the NPM package manager to install packages from the NPM repository. NPM relies…

Software Engineering · Computer Science 2023-04-04 Donald Pinckney , Federico Cassano , Arjun Guha , Jonathan Bell

Nearly every popular programming language comes with one or more package managers. The software packages distributed by such package managers form large software ecosystems. These packaging ecosystems contain a large number of package…

Software Engineering · Computer Science 2017-10-16 Alexandre Decan , Tom Mens , Philippe Grosjean

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Static code warning tools often generate warnings that programmers ignore. Such tools can be made more useful via data mining algorithms that select the "actionable" warnings; i.e. the warnings that are usually not ignored. In this paper,…

Software Engineering · Computer Science 2021-01-12 Xueqi Yang , Jianfeng Chen , Rahul Yedida , Zhe Yu , Tim Menzies

Recent progress in machine learning has generated promising results in behavioral malware detection. Behavioral modeling identifies malicious processes via features derived by their runtime behavior. Behavioral features hold great promise…

Cryptography and Security · Computer Science 2019-11-07 Fabio De Gaspari , Dorjan Hitaj , Giulio Pagnotta , Lorenzo De Carli , Luigi V. Mancini