English
Related papers

Related papers: Detecting and Characterizing Low and No Functional…

200 papers

Securing software supply chains is a growing challenge due to the inadequacy of existing datasets in capturing the complexity of next-gen attacks, such as multiphase malware execution, remote access activation, and dynamic payload…

Cryptography and Security · Computer Science 2026-02-12 Sk Tanzir Mehedi , Raja Jurdak , Chadni Islam , Gowri Ramachandran

As computing systems become increasingly advanced and as users increasingly engage themselves in technology, security has never been a greater concern. In malware detection, static analysis, the method of analyzing potentially malicious…

Cryptography and Security · Computer Science 2018-05-22 Chan Woo Kim

The exponential growth of open-source package ecosystems, particularly NPM and PyPI, has led to an alarming increase in software supply chain poisoning attacks. Existing static analysis methods struggle with high false positive rates and…

Cryptography and Security · Computer Science 2024-09-17 Xinyi Zheng , Chen Wei , Shenao Wang , Yanjie Zhao , Peiming Gao , Yuanchao Zhang , Kailong Wang , Haoyu Wang

A widespread belief in the blockchain security community is that automated techniques are only good for detecting shallow bugs, typically of small value. In this paper, we present the techniques and insights that have led us to repeatable…

Reusing software libraries is a pillar of modern software engineering. In 2022, the average Java application depends on 40 third-party libraries. Relying on such libraries exposes a project to potential vulnerabilities and may put an…

Software Engineering · Computer Science 2023-01-20 Amir M. Mir , Mehdi Keshani , Sebastian Proksch

Software ecosystems (e.g., npm, PyPI) are the backbone of modern software developments. Developers add new packages to ecosystems every day to solve new problems or provide alternative solutions, causing obsolete packages to decline in…

Software Engineering · Computer Science 2023-08-21 Suhaib Mujahid , Diego Elias Costa , Rabe Abdalkareem , Emad Shihab

The package manager (PM) is crucial to most technology stacks, acting as a broker to ensure that a verified dependency package is correctly installed, configured, or removed from an application. Diversity in technology stacks has led to…

Software Engineering · Computer Science 2023-02-15 Syful Islam , Raula Gaikovina Kula , Christoph Treude , Bodin Chinthanet , Takashi Ishio , Kenichi Matsumoto

The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to…

Cryptography and Security · Computer Science 2023-10-09 Piergiorgio Ladisa , Merve Sahin , Serena Elisa Ponta , Marco Rosa , Matias Martinez , Olivier Barais

Large language models (LLMs) can detect software vulnerabilities, but how do they actually identify vulnerable code? We address this question using mechanistic interpretability; analyzing the internal computations of a neural network to…

Cryptography and Security · Computer Science 2026-05-29 Syafiq Al Atiiq , Chun Zhou , Christian Gehrmann

Understanding vulnerability propagation is essential for assessing how vulnerabilities spread across components of a software package. This supports more accurate impact analysis and enhances threat detection and mitigation. In this paper,…

Cryptography and Security · Computer Science 2026-04-21 Michael Robinson , Sajal Halder , Muhammad Ejaz Ahmed , Muhammad Ikram , Seyit Camtepe , Hyoungshick Kim

Analysing malware is important to understand how malicious software works and to develop appropriate detection and prevention methods. Dynamic analysis can overcome evasion techniques commonly used to bypass static analysis and provide…

Cryptography and Security · Computer Science 2023-10-30 Baskoro Adi Pratomo , Toby Jackson , Pete Burnap , Andrew Hood , Eirini Anthi

Large language models (LLMs) offer unprecedented and growing capabilities, but also introduce complex safety and security challenges that resist conventional risk management. While conventional probabilistic risk analysis (PRA) requires…

Cryptography and Security · Computer Science 2025-05-26 Alexander Gutfraind , Vicki Bier

When using an LLM through an API provider, users expect the served model to remain consistent over time, a property crucial for the reliability of downstream applications and the reproducibility of research. Existing audit methods are too…

Machine Learning · Computer Science 2026-03-02 Timothée Chauvin , Erwan Le Merrer , François Taïani , Gilles Tredan

Large Language Models (LLMs) have become an essential tool in the programmer's toolkit, but their tendency to hallucinate code can be used by malicious actors to introduce vulnerabilities to broad swathes of the software supply chain. In…

Machine Learning · Computer Science 2025-02-03 Arjun Krishna , Erick Galinkin , Leon Derczynski , Jeffrey Martin

Maliciously prepared software packages are an extensively leveraged weapon for software supply chain attacks. The detection of malicious packages is undoubtedly of high priority and many academic and commercial approaches have been…

Cryptography and Security · Computer Science 2025-05-13 Marc Ohm , Timo Pohl , Felix Boes

Existing network simulations often rely on simplistic models that send packets at random intervals, failing to capture the critical role of application-level behaviour. This paper presents a statistical approach that extracts and models…

Networking and Internet Architecture · Computer Science 2025-02-04 Murugaraj Odiathevar , Kim Chung Yup

Traditionally, machine learning methods for PE malware detection have relied on static features like byte histograms, string information, and PE header contents. One barrier to incorporating dynamic analysis features has been the…

Cryptography and Security · Computer Science 2026-05-04 Rebecca Saul , Jingzhi Jiang , Elliott Chia , David Wagner

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that…

Software Engineering · Computer Science 2021-06-24 Bodin Chinthanet , Raula Gaikovina Kula , Shane McIntosh , Takashi Ishio , Akinori Ihara , Kenichi Matsumoto

The significant increase in software production driven by automation and faster development lifecycles has resulted in a corresponding surge in software vulnerabilities. In parallel, the evolving landscape of software vulnerability…

Cryptography and Security · Computer Science 2024-08-30 Yuejun Guo , Constantinos Patsakis , Qiang Hu , Qiang Tang , Fran Casino

Detecting packed executables is a critical component of large-scale malware analysis and antivirus engine workflows, as it identifies samples that warrant computationally intensive dynamic unpacking to reveal concealed malicious behavior.…

Cryptography and Security · Computer Science 2025-09-22 Shijia Li , Jiang Ming , Lanqing Liu , Longwei Yang , Ni Zhang , Chunfu Jia
‹ Prev 1 3 4 5 6 7 10 Next ›