English
Related papers

Related papers: Taint-Based Code Slicing for LLMs-based Malicious …

200 papers

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional…

Cryptography and Security · Computer Science 2026-04-23 Ronghao Ni , Mihai Christodorescu , Limin Jia

Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis…

Existing malicious code detection techniques demand the integration of multiple tools to detect different malware patterns, often suffering from high misclassification rates. Therefore, malicious code detection techniques could be enhanced…

Cryptography and Security · Computer Science 2025-01-07 Nusrat Zahan , Philipp Burckhardt , Mikola Lysenko , Feross Aboukhadijeh , Laurie Williams

Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing…

Cryptography and Security · Computer Science 2023-10-17 Piergiorgio Ladisa , Serena Elisa Ponta , Nicola Ronzoni , Matias Martinez , Olivier Barais

The NPM ecosystem has become a primary target for software supply chain attacks, yet existing detection tools are evaluated in isolation on incompatible datasets, making cross-tool comparison unreliable. We conduct a benchmark-driven…

Software Engineering · Computer Science 2026-03-31 Wenbo Guo , Zhongwen Chen , Zhengzi Xu , Chengwei Liu , Ming Kang , Shiwen Song , Chengyue Liu , Yijia Xu , Weisong Sun , Yang Liu

Code generation large language models (LLMs) are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of…

Cryptography and Security · Computer Science 2026-03-19 Shenao Yan , Shimaa Ahmed , Shan Jin , Sunpreet S. Arora , Yiwei Cai , Yizhen Wang , Yuan Hong

The prevalence of malicious packages in open-source repositories, such as PyPI, poses a critical threat to the software supply chain. While Large Language Models (LLMs) have emerged as a promising tool for automated security tasks, their…

Cryptography and Security · Computer Science 2026-03-03 Ahmed Ryan , Ibrahim Khalil , Abdullah Al Jahid , Md Erfan , Sungbin Park , Akond Ashfaque Ur Rahman , Md Rayhanur Rahman

Large Language Models (LLMs) have significantly advanced code analysis tasks, yet they struggle to detect malicious behaviors fragmented across files, whose intricate dependencies easily get lost in the vast amount of benign code. We…

Software Engineering · Computer Science 2026-01-23 Hang Gao , Tao Peng , Baoquan Cui , Hong Huang , Fengge Wu , Junsuo Zhao , Jian Zhang

Open-source ecosystems such as NPM and PyPI are increasingly targeted by supply chain attacks, yet existing detection methods either depend on fragile handcrafted rules or data-driven features that fail to capture evolving attack semantics.…

Software Engineering · Computer Science 2026-01-26 Wenbo Guo , Shiwen Song , Jiaxun Guo , Zhengzi Xu , Chengwei Liu , Haoran Ou , Mengmeng Ge , Yang Liu

Deep learning-based approaches, particularly those leveraging pre-trained language models (PLMs), have shown promise in automated software vulnerability detection. However, existing methods are predominantly limited to specific programming…

Software Engineering · Computer Science 2025-05-13 Junji Yu , Honglin Shu , Michael Fu , Dong Wang , Chakkrit Tantithamthavorn , Yasutaka Kamei , Junjie Chen

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi

As we increasingly depend on software systems, the consequences of breaches in the software supply chain become more severe. High-profile cyber attacks like those on SolarWinds and ShadowHammer have resulted in significant financial and…

Cryptography and Security · Computer Science 2023-08-10 Tanmay Singla , Dharun Anandayuvaraj , Kelechi G. Kalu , Taylor R. Schorlemmer , James C. Davis

Vulnerability detection is a critical aspect of software security. Accurate detection is essential to prevent potential security breaches and protect software systems from malicious attacks. Recently, vulnerability detection methods…

Software Engineering · Computer Science 2025-04-24 Yixin Yang , Bowen Xu , Xiang Gao , Hailong Sun

Program analysis tools often produce large volumes of candidate vulnerability reports that require costly manual review, creating a practical challenge: how can security analysts prioritize the reports most likely to be true…

Cryptography and Security · Computer Science 2025-10-24 Ronghao Ni , Aidan Z. H. Yang , Min-Chien Hsu , Nuno Sabino , Limin Jia , Ruben Martins , Darion Cassel , Kevin Cheang

Automated detection of software vulnerabilities is critical for enhancing security, yet existing methods often struggle with the complexity and diversity of modern codebases. In this paper, we introduce EnStack, a novel ensemble stacking…

Software Engineering · Computer Science 2024-11-26 Shahriyar Zaman Ridoy , Md. Shazzad Hossain Shaon , Alfredo Cuzzocrea , Mst Shapna Akter

Software vulnerabilities present a persistent security challenge, with over 25,000 new vulnerabilities reported in the Common Vulnerabilities and Exposures (CVE) database in 2024 alone. While deep learning based approaches show promise for…

Cryptography and Security · Computer Science 2025-07-23 Ahmed Lekssays , Hamza Mouhcine , Khang Tran , Ting Yu , Issa Khalil

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or…

Cryptography and Security · Computer Science 2024-02-13 S. Halder , M. Bewong , A. Mahboubi , Y. Jiang , R. Islam , Z. Islam , R. Ip , E. Ahmed , G. Ramachandran , A. Babar

Malicious package detection has become a critical task in ensuring the security and stability of the PyPI. Existing detection approaches have focused on advancing model selection, evolving from traditional machine learning (ML) models to…

Cryptography and Security · Computer Science 2025-06-18 Xingan Gao , Xiaobing Sun , Sicong Cao , Kaifeng Huang , Di Wu , Xiaolei Liu , Xingwei Lin , Yang Xiang

Large Language Models (LLMs) are emerging as transformative tools for software vulnerability detection, addressing critical challenges in the security domain. Traditional methods, such as static and dynamic analysis, often falter due to…

Cryptography and Security · Computer Science 2025-02-19 Ze Sheng , Zhicheng Chen , Shuning Gu , Heqing Huang , Guofei Gu , Jeff Huang

Large Language Models (LLMs) have recently emerged as powerful tools in cybersecurity, offering advanced capabilities in malware detection, generation, and real-time monitoring. Numerous studies have explored their application in…

Cryptography and Security · Computer Science 2025-04-11 Hamed Jelodar , Samita Bai , Parisa Hamedi , Hesamodin Mohammadian , Roozbeh Razavi-Far , Ali Ghorbani
‹ Prev 1 2 3 10 Next ›