Jiawei Qin^1,2, Hua Zhang^1,*, Hanbing Yan², Tian Zhu², Song Hu¹, Dingyu Yan²

Intelligent Automation & Soft Computing, Vol.39, No.3, pp. 527-544, 2024, DOI:10.32604/iasc.2024.047509

Abstract By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, More >

Bui Van Cong¹, Cho Do Xuan^2,*

CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 3699-3723, 2024, DOI:10.32604/cmc.2024.050019

Abstract The detection of software vulnerabilities written in C and C++ languages takes a lot of attention and interest today. This paper proposes a new framework called DrCSE to improve software vulnerability detection. It uses an intelligent computation technique based on the combination of two methods: Rebalancing data and representation learning to analyze and evaluate the code property graph (CPG) of the source code for detecting abnormal behavior of software vulnerabilities. To do that, DrCSE performs a combination of 3 main processing techniques: (i) building the source code feature profiles, (ii) rebalancing data, and (iii) contrastive… More >

Zhihui Song, Jinchen Xu, Kewei Li, Zheng Shan^*

CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 4573-4601, 2024, DOI:10.32604/cmc.2024.049310

Abstract Prior studies have demonstrated that deep learning-based approaches can enhance the performance of source code vulnerability detection by training neural networks to learn vulnerability patterns in code representations. However, due to limitations in code representation and neural network design, the validity and practicality of the model still need to be improved. Additionally, due to differences in programming languages, most methods lack cross-language detection generality. To address these issues, in this paper, we analyze the shortcomings of previous code representations and neural networks. We propose a novel hierarchical code representation that combines Concrete Syntax Trees (CST)… More >

Zhenxiang He^*, Zhenyu Zhao, Ke Chen, Yanlin Liu

CMC-Computers, Materials & Continua, Vol.79, No.2, pp. 3023-3045, 2024, DOI:10.32604/cmc.2024.050281

Abstract The fast-paced development of blockchain technology is evident. Yet, the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem. Conventional smart contract vulnerability detection primarily relies on static analysis tools, which are less efficient and accurate. Although deep learning methods have improved detection efficiency, they are unable to fully utilize the static relationships within contracts. Therefore, we have adopted the advantages of the above two methods, combining feature extraction mode of tools with deep learning techniques. Firstly, we have constructed corresponding feature extraction mode for… More >

Shalu¹, Twinkle Acharya¹, Dhwanilnath Gharekhan^1,*, Dipak Samal²

Revue Internationale de Géomatique, Vol.33, pp. 111-134, 2024, DOI:10.32604/rig.2024.051788

Abstract Seismic vulnerability modeling plays a crucial role in seismic risk assessment, aiding decision-makers in pinpointing areas and structures most prone to earthquake damage. While machine learning (ML) algorithms and Geographic Information Systems (GIS) have emerged as promising tools for seismic vulnerability modeling, there remains a notable gap in comprehensive geospatial studies focused on India. Previous studies in seismic vulnerability modeling have primarily focused on specific regions or countries, often overlooking the unique challenges and characteristics of India. In this study, we introduce a novel approach to seismic vulnerability modeling, leveraging ML and GIS to address… More >

Huaiguang Wu, Yibo Peng, Yaqiong He^*, Jinlin Fan

CMES-Computer Modeling in Engineering & Sciences, Vol.140, No.1, pp. 77-108, 2024, DOI:10.32604/cmes.2024.046758

Abstract In recent years, the number of smart contracts deployed on blockchain has exploded. However, the issue of vulnerability has caused incalculable losses. Due to the irreversible and immutability of smart contracts, vulnerability detection has become particularly important. With the popular use of neural network model, there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts. This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts. Subsequently, it categorizes and presents an overview of contemporary deep learning-based tools developed… More > Graphic Abstract

Dahyeon Kim¹, Namgi Kim², Junho Ahn^2,*

CMC-Computers, Materials & Continua, Vol.78, No.3, pp. 3867-3889, 2024, DOI:10.32604/cmc.2024.046871

Abstract This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities, generating applicable guidelines based on real-world software. The existing analysis of software security vulnerabilities often focuses on specific features or modules. This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software. The key novelty lies in overcoming the constraints of partial approaches. The proposed framework utilizes data from various sources to create a comprehensive functionality profile, facilitating the derivation of real-world security guidelines.… More >

Zhenhui Li¹, Shuangping Xing¹, Lin Yu¹, Huiping Li¹, Fan Zhou¹, Guangqiang Yin¹, Xikai Tang², Zhiguo Wang^1,*

CMC-Computers, Materials & Continua, Vol.78, No.2, pp. 1861-1879, 2024, DOI:10.32604/cmc.2023.046595

Abstract Software security analysts typically only have access to the executable program and cannot directly access the source code of the program. This poses significant challenges to security analysis. While it is crucial to identify vulnerabilities in such non-source code programs, there exists a limited set of generalized tools due to the low versatility of current vulnerability mining methods. However, these tools suffer from some shortcomings. In terms of targeted fuzzing, the path searching for target points is not streamlined enough, and the completely random testing leads to an excessively large search space. Additionally, when it… More >

Zhenhua Yu¹, Zhengqi Liu¹, Xuya Cong^1,*, Xiaobo Li², Li Yin³

CMC-Computers, Materials & Continua, Vol.78, No.1, pp. 1-29, 2024, DOI:10.32604/cmc.2023.042361

Abstract As one of the most effective techniques for finding software vulnerabilities, fuzzing has become a hot topic in software security. It feeds potentially syntactically or semantically malformed test data to a target program to mine vulnerabilities and crash the system. In recent years, considerable efforts have been dedicated by researchers and practitioners towards improving fuzzing, so there are more and more methods and forms, which make it difficult to have a comprehensive understanding of the technique. This paper conducts a thorough survey of fuzzing, focusing on its general process, classification, common application scenarios, and some More >

Rui Qiao, Shi Dong^*

CMC-Computers, Materials & Continua, Vol.77, No.2, pp. 2505-2527, 2023, DOI:10.32604/cmc.2023.043476

Abstract Effectively identifying and preventing the threat of Byzantine nodes to the security of distributed systems is a challenge in applying consortium chains. Therefore, this paper proposes a new consortium chain generation model, deeply analyzes the vulnerability of the consortium chain consensus based on the behavior of the nodes, and points out the effects of Byzantine node proportion and node state verification on the consensus process and system security. Furthermore, the normalized verification node aggregation index that represents the consensus ability of the consortium organization and the trust evaluation function of the verification node set is… More >