Tao Zheng¹, Rui Tang^1,2,3, Xingshu Chen^1,2,3,*, Changxiang Shen¹

CMC-Computers, Materials & Continua, Vol.81, No.1, pp. 1595-1612, 2024, DOI:10.32604/cmc.2024.055180 - 15 October 2024

Abstract RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms. Existing tools struggle with generating lengthy, high-semantic request sequences that can pass Kubernetes API gateway checks. To address this, we propose KubeFuzzer, a black-box fuzzing tool designed for Kubernetes RESTful APIs. KubeFuzzer utilizes Natural Language Processing (NLP) to extract and integrate semantic information from API specifications and response messages, guiding the generation of more effective request sequences. Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86% to 36.34%, increases the successful response rate by More >

Bum-Sok Kim¹, Hye-Won Suk¹, Yong-Hoon Choi², Dae-Sung Moon³, Min-Suk Kim^2,*

CMES-Computer Modeling in Engineering & Sciences, Vol.141, No.2, pp. 1551-1574, 2024, DOI:10.32604/cmes.2024.052375 - 27 September 2024

Abstract Currently, cybersecurity threats such as data breaches and phishing have been on the rise due to the many different attack strategies of cyber attackers, significantly increasing risks to individuals and organizations. Traditional security technologies such as intrusion detection have been developed to respond to these cyber threats. Recently, advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus. In this paper, we propose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to address continuously evolving cyber threats. Additionally, we have implemented an effective reinforcement-learning-based cyber-attack scenario using Cyber Battle Simulation, which is a… More >

Li-Anne Gacul¹, Dexter Ferrancullo¹, Romel Gallano¹, KC Jane Fadriquela¹, Kyla Jane Mendez¹, John Rommel Morada¹, John Kevin Morgado¹, Jerome Gacu^1,2,*

Revue Internationale de Géomatique, Vol.33, pp. 295-320, 2024, DOI:10.32604/rig.2024.055085 - 03 September 2024

Abstract Risk assessment is vital for humanities, especially in assessing natural and manmade hazards. Romblon, an archipelagic province in the Philippines, faces frequent typhoons and heavy rainfall, resulting in floods, with the Municipality of Santa Fe being particularly vulnerable to its severe damage. Thus, this research study intends to evaluate the flood risk of Santa Fe spatially using the fuzzy analytical hierarchy process (FAHP), taking into account data sourced from various government agencies and online databases. GIS was utilized to map flood-prone areas in the municipality. Hazard assessment factors included average annual rainfall, elevation, slope, soil… More > Graphic Abstract

Shibin Zhao^*, Junhu Zhu, Jianshan Peng

CMC-Computers, Materials & Continua, Vol.80, No.2, pp. 3263-3287, 2024, DOI:10.32604/cmc.2024.041949 - 15 August 2024

Abstract In recent years, the rapid development of computer software has led to numerous security problems, particularly software vulnerabilities. These flaws can cause significant harm to users’ privacy and property. Current security defect detection technology relies on manual or professional reasoning, leading to missed detection and high false detection rates. Artificial intelligence technology has led to the development of neural network models based on machine learning or deep learning to intelligently mine holes, reducing missed alarms and false alarms. So, this project aims to study Java source code defect detection methods for defects like null pointer… More >

Yaqiong He, Jinlin Fan^*, Huaiguang Wu

CMC-Computers, Materials & Continua, Vol.80, No.1, pp. 995-1032, 2024, DOI:10.32604/cmc.2024.052887 - 18 July 2024

Abstract With the rise of blockchain technology, the security issues of smart contracts have become increasingly critical. Despite the availability of numerous smart contract vulnerability detection tools, many face challenges such as slow updates, usability issues, and limited installation methods. These challenges hinder the adoption and practicality of these tools. This paper examines smart contract vulnerability detection tools from 2016 to 2023, sourced from the Web of Science (WOS) and Google Scholar. By systematically collecting, screening, and synthesizing relevant research, 38 open-source tools that provide installation methods were selected for further investigation. From a developer’s perspective,… More >

Jiawei Qin^1,2, Hua Zhang^1,*, Hanbing Yan², Tian Zhu², Song Hu¹, Dingyu Yan²

Intelligent Automation & Soft Computing, Vol.39, No.3, pp. 527-544, 2024, DOI:10.32604/iasc.2024.047509 - 11 July 2024

Abstract By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, More >

Bui Van Cong¹, Cho Do Xuan^2,*

CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 3699-3723, 2024, DOI:10.32604/cmc.2024.050019 - 20 June 2024

Abstract The detection of software vulnerabilities written in C and C++ languages takes a lot of attention and interest today. This paper proposes a new framework called DrCSE to improve software vulnerability detection. It uses an intelligent computation technique based on the combination of two methods: Rebalancing data and representation learning to analyze and evaluate the code property graph (CPG) of the source code for detecting abnormal behavior of software vulnerabilities. To do that, DrCSE performs a combination of 3 main processing techniques: (i) building the source code feature profiles, (ii) rebalancing data, and (iii) contrastive… More >

Zhihui Song, Jinchen Xu, Kewei Li, Zheng Shan^*

CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 4573-4601, 2024, DOI:10.32604/cmc.2024.049310 - 20 June 2024

Abstract Prior studies have demonstrated that deep learning-based approaches can enhance the performance of source code vulnerability detection by training neural networks to learn vulnerability patterns in code representations. However, due to limitations in code representation and neural network design, the validity and practicality of the model still need to be improved. Additionally, due to differences in programming languages, most methods lack cross-language detection generality. To address these issues, in this paper, we analyze the shortcomings of previous code representations and neural networks. We propose a novel hierarchical code representation that combines Concrete Syntax Trees (CST)… More >

Zhenxiang He^*, Zhenyu Zhao, Ke Chen, Yanlin Liu

CMC-Computers, Materials & Continua, Vol.79, No.2, pp. 3023-3045, 2024, DOI:10.32604/cmc.2024.050281 - 15 May 2024

Abstract The fast-paced development of blockchain technology is evident. Yet, the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem. Conventional smart contract vulnerability detection primarily relies on static analysis tools, which are less efficient and accurate. Although deep learning methods have improved detection efficiency, they are unable to fully utilize the static relationships within contracts. Therefore, we have adopted the advantages of the above two methods, combining feature extraction mode of tools with deep learning techniques. Firstly, we have constructed corresponding feature extraction mode for… More >

Shalu¹, Twinkle Acharya¹, Dhwanilnath Gharekhan^1,*, Dipak Samal²

Revue Internationale de Géomatique, Vol.33, pp. 111-134, 2024, DOI:10.32604/rig.2024.051788 - 15 May 2024

Abstract Seismic vulnerability modeling plays a crucial role in seismic risk assessment, aiding decision-makers in pinpointing areas and structures most prone to earthquake damage. While machine learning (ML) algorithms and Geographic Information Systems (GIS) have emerged as promising tools for seismic vulnerability modeling, there remains a notable gap in comprehensive geospatial studies focused on India. Previous studies in seismic vulnerability modeling have primarily focused on specific regions or countries, often overlooking the unique challenges and characteristics of India. In this study, we introduce a novel approach to seismic vulnerability modeling, leveraging ML and GIS to address… More >