Home / Advanced Search

  • Title/Keywords

  • Author/Affliations

  • Journal

  • Article Type

  • Start Year

  • End Year

Update SearchingClear
  • Articles
  • Online
Search Results (15)
  • Open Access

    PROCEEDINGS

    Automated Vulnerability Detection Using Deep Learning Technique

    Guan-Yan Yang1,*, Yi-Heng Ko1, Farn Wang1, Kuo-Hui Yeh2, Haw-Shiang Chang1, Hsueh Yi Chen1

    The International Conference on Computational & Experimental Engineering and Sciences, Vol.32, No.1, pp. 1-4, 2024, DOI:10.32604/icces.2024.013297

    Abstract 1 Introduction
    Ensuring the absence of exploitable vulnerabilities within applications has always been a critical aspect of software development [1-3]. Traditional code security testing methods often rely on manual inspection or rule-based approaches, which can be time-consuming and prone to human errors. With the recent advancements in natural language processing, deep learning has emerged as a viable approach for code security testing. In this work, we investigated the application of deep learning techniques to code security testing to enhance the efficiency and effectiveness of security analysis in the software development process. In 2022, Wartschinski et al.… More >

  • Open Access

    ARTICLE

    KubeFuzzer: Automating RESTful API Vulnerability Detection in Kubernetes

    Tao Zheng1, Rui Tang1,2,3, Xingshu Chen1,2,3,*, Changxiang Shen1

    CMC-Computers, Materials & Continua, Vol.81, No.1, pp. 1595-1612, 2024, DOI:10.32604/cmc.2024.055180 - 15 October 2024

    Abstract RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms. Existing tools struggle with generating lengthy, high-semantic request sequences that can pass Kubernetes API gateway checks. To address this, we propose KubeFuzzer, a black-box fuzzing tool designed for Kubernetes RESTful APIs. KubeFuzzer utilizes Natural Language Processing (NLP) to extract and integrate semantic information from API specifications and response messages, guiding the generation of more effective request sequences. Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86% to 36.34%, increases the successful response rate by More >

  • Open Access

    REVIEW

    A Systematic Review and Performance Evaluation of Open-Source Tools for Smart Contract Vulnerability Detection

    Yaqiong He, Jinlin Fan*, Huaiguang Wu

    CMC-Computers, Materials & Continua, Vol.80, No.1, pp. 995-1032, 2024, DOI:10.32604/cmc.2024.052887 - 18 July 2024

    Abstract With the rise of blockchain technology, the security issues of smart contracts have become increasingly critical. Despite the availability of numerous smart contract vulnerability detection tools, many face challenges such as slow updates, usability issues, and limited installation methods. These challenges hinder the adoption and practicality of these tools. This paper examines smart contract vulnerability detection tools from 2016 to 2023, sourced from the Web of Science (WOS) and Google Scholar. By systematically collecting, screening, and synthesizing relevant research, 38 open-source tools that provide installation methods were selected for further investigation. From a developer’s perspective,… More >

  • Open Access

    ARTICLE

    BArcherFuzzer: An Android System Services Fuzzier via Transaction Dependencies of BpBinder

    Jiawei Qin1,2, Hua Zhang1,*, Hanbing Yan2, Tian Zhu2, Song Hu1, Dingyu Yan2

    Intelligent Automation & Soft Computing, Vol.39, No.3, pp. 527-544, 2024, DOI:10.32604/iasc.2024.047509 - 11 July 2024

    Abstract By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, More >

  • Open Access

    ARTICLE

    A New Framework for Software Vulnerability Detection Based on an Advanced Computing

    Bui Van Cong1, Cho Do Xuan2,*

    CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 3699-3723, 2024, DOI:10.32604/cmc.2024.050019 - 20 June 2024

    Abstract The detection of software vulnerabilities written in C and C++ languages takes a lot of attention and interest today. This paper proposes a new framework called DrCSE to improve software vulnerability detection. It uses an intelligent computation technique based on the combination of two methods: Rebalancing data and representation learning to analyze and evaluate the code property graph (CPG) of the source code for detecting abnormal behavior of software vulnerabilities. To do that, DrCSE performs a combination of 3 main processing techniques: (i) building the source code feature profiles, (ii) rebalancing data, and (iii) contrastive… More >

  • Open Access

    ARTICLE

    HCRVD: A Vulnerability Detection System Based on CST-PDG Hierarchical Code Representation Learning

    Zhihui Song, Jinchen Xu, Kewei Li, Zheng Shan*

    CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 4573-4601, 2024, DOI:10.32604/cmc.2024.049310 - 20 June 2024

    Abstract Prior studies have demonstrated that deep learning-based approaches can enhance the performance of source code vulnerability detection by training neural networks to learn vulnerability patterns in code representations. However, due to limitations in code representation and neural network design, the validity and practicality of the model still need to be improved. Additionally, due to differences in programming languages, most methods lack cross-language detection generality. To address these issues, in this paper, we analyze the shortcomings of previous code representations and neural networks. We propose a novel hierarchical code representation that combines Concrete Syntax Trees (CST)… More >

  • Open Access

    ARTICLE

    Smart Contract Vulnerability Detection Method Based on Feature Graph and Multiple Attention Mechanisms

    Zhenxiang He*, Zhenyu Zhao, Ke Chen, Yanlin Liu

    CMC-Computers, Materials & Continua, Vol.79, No.2, pp. 3023-3045, 2024, DOI:10.32604/cmc.2024.050281 - 15 May 2024

    Abstract The fast-paced development of blockchain technology is evident. Yet, the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem. Conventional smart contract vulnerability detection primarily relies on static analysis tools, which are less efficient and accurate. Although deep learning methods have improved detection efficiency, they are unable to fully utilize the static relationships within contracts. Therefore, we have adopted the advantages of the above two methods, combining feature extraction mode of tools with deep learning techniques. Firstly, we have constructed corresponding feature extraction mode for… More >

  • Open Access

    REVIEW

    A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

    Huaiguang Wu, Yibo Peng, Yaqiong He*, Jinlin Fan

    CMES-Computer Modeling in Engineering & Sciences, Vol.140, No.1, pp. 77-108, 2024, DOI:10.32604/cmes.2024.046758 - 16 April 2024

    Abstract In recent years, the number of smart contracts deployed on blockchain has exploded. However, the issue of vulnerability has caused incalculable losses. Due to the irreversible and immutability of smart contracts, vulnerability detection has become particularly important. With the popular use of neural network model, there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts. This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts. Subsequently, it categorizes and presents an overview of contemporary deep learning-based tools developed… More > Graphic Abstract

    A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

  • Open Access

    ARTICLE

    GRATDet: Smart Contract Vulnerability Detector Based on Graph Representation and Transformer

    Peng Gong1,2,3, Wenzhong Yang2,3,*, Liejun Wang2,3, Fuyuan Wei2,3, KeZiErBieKe HaiLaTi2,3, Yuanyuan Liao2,3

    CMC-Computers, Materials & Continua, Vol.76, No.2, pp. 1439-1462, 2023, DOI:10.32604/cmc.2023.038878 - 30 August 2023

    Abstract Smart contracts have led to more efficient development in finance and healthcare, but vulnerabilities in contracts pose high risks to their future applications. The current vulnerability detection methods for contracts are either based on fixed expert rules, which are inefficient, or rely on simplistic deep learning techniques that do not fully leverage contract semantic information. Therefore, there is ample room for improvement in terms of detection precision. To solve these problems, this paper proposes a vulnerability detector based on deep learning techniques, graph representation, and Transformer, called GRATDet. The method first performs swapping, insertion, and symbolization… More >

  • Open Access

    ARTICLE

    Machine Learning-Based Efficient Discovery of Software Vulnerability for Internet of Things

    So-Eun Jeon, Sun-Jin Lee, Il-Gu Lee*

    Intelligent Automation & Soft Computing, Vol.37, No.2, pp. 2407-2419, 2023, DOI:10.32604/iasc.2023.039937 - 21 June 2023

    Abstract With the development of the 5th generation of mobile communication (5G) networks and artificial intelligence (AI) technologies, the use of the Internet of Things (IoT) has expanded throughout industry. Although IoT networks have improved industrial productivity and convenience, they are highly dependent on nonstandard protocol stacks and open-source-based, poorly validated software, resulting in several security vulnerabilities. However, conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and computing power. This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy. More >

Displaying 1-10 on page 1 of 15. Per Page