Jiawei Qin^1,2, Hua Zhang^1,*, Hanbing Yan², Tian Zhu², Song Hu¹, Dingyu Yan²

Intelligent Automation & Soft Computing, Vol.39, No.3, pp. 527-544, 2024, DOI:10.32604/iasc.2024.047509

Abstract By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, More >

Bui Van Cong¹, Cho Do Xuan^2,*

CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 3699-3723, 2024, DOI:10.32604/cmc.2024.050019

Abstract The detection of software vulnerabilities written in C and C++ languages takes a lot of attention and interest today. This paper proposes a new framework called DrCSE to improve software vulnerability detection. It uses an intelligent computation technique based on the combination of two methods: Rebalancing data and representation learning to analyze and evaluate the code property graph (CPG) of the source code for detecting abnormal behavior of software vulnerabilities. To do that, DrCSE performs a combination of 3 main processing techniques: (i) building the source code feature profiles, (ii) rebalancing data, and (iii) contrastive… More >

Zhihui Song, Jinchen Xu, Kewei Li, Zheng Shan^*

CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 4573-4601, 2024, DOI:10.32604/cmc.2024.049310

Abstract Prior studies have demonstrated that deep learning-based approaches can enhance the performance of source code vulnerability detection by training neural networks to learn vulnerability patterns in code representations. However, due to limitations in code representation and neural network design, the validity and practicality of the model still need to be improved. Additionally, due to differences in programming languages, most methods lack cross-language detection generality. To address these issues, in this paper, we analyze the shortcomings of previous code representations and neural networks. We propose a novel hierarchical code representation that combines Concrete Syntax Trees (CST)… More >

Zhenxiang He^*, Zhenyu Zhao, Ke Chen, Yanlin Liu

CMC-Computers, Materials & Continua, Vol.79, No.2, pp. 3023-3045, 2024, DOI:10.32604/cmc.2024.050281

Abstract The fast-paced development of blockchain technology is evident. Yet, the security concerns of smart contracts represent a significant challenge to the stability and dependability of the entire blockchain ecosystem. Conventional smart contract vulnerability detection primarily relies on static analysis tools, which are less efficient and accurate. Although deep learning methods have improved detection efficiency, they are unable to fully utilize the static relationships within contracts. Therefore, we have adopted the advantages of the above two methods, combining feature extraction mode of tools with deep learning techniques. Firstly, we have constructed corresponding feature extraction mode for… More >

Huaiguang Wu, Yibo Peng, Yaqiong He^*, Jinlin Fan

CMES-Computer Modeling in Engineering & Sciences, Vol.140, No.1, pp. 77-108, 2024, DOI:10.32604/cmes.2024.046758

Abstract In recent years, the number of smart contracts deployed on blockchain has exploded. However, the issue of vulnerability has caused incalculable losses. Due to the irreversible and immutability of smart contracts, vulnerability detection has become particularly important. With the popular use of neural network model, there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts. This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts. Subsequently, it categorizes and presents an overview of contemporary deep learning-based tools developed… More > Graphic Abstract

Peng Gong^1,2,3, Wenzhong Yang^2,3,*, Liejun Wang^2,3, Fuyuan Wei^2,3, KeZiErBieKe HaiLaTi^2,3, Yuanyuan Liao^2,3

CMC-Computers, Materials & Continua, Vol.76, No.2, pp. 1439-1462, 2023, DOI:10.32604/cmc.2023.038878

Abstract Smart contracts have led to more efficient development in finance and healthcare, but vulnerabilities in contracts pose high risks to their future applications. The current vulnerability detection methods for contracts are either based on fixed expert rules, which are inefficient, or rely on simplistic deep learning techniques that do not fully leverage contract semantic information. Therefore, there is ample room for improvement in terms of detection precision. To solve these problems, this paper proposes a vulnerability detector based on deep learning techniques, graph representation, and Transformer, called GRATDet. The method first performs swapping, insertion, and symbolization… More >

So-Eun Jeon, Sun-Jin Lee, Il-Gu Lee^*

Intelligent Automation & Soft Computing, Vol.37, No.2, pp. 2407-2419, 2023, DOI:10.32604/iasc.2023.039937

Abstract With the development of the 5th generation of mobile communication (5G) networks and artificial intelligence (AI) technologies, the use of the Internet of Things (IoT) has expanded throughout industry. Although IoT networks have improved industrial productivity and convenience, they are highly dependent on nonstandard protocol stacks and open-source-based, poorly validated software, resulting in several security vulnerabilities. However, conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and computing power. This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy. More >

Guangxia Xu^1,*, Lei Liu², Jingnan Dong³

CMES-Computer Modeling in Engineering & Sciences, Vol.137, No.1, pp. 903-922, 2023, DOI:10.32604/cmes.2023.026627

Abstract In recent years, with the great success of pre-trained language models, the pre-trained BERT model has been gradually applied to the field of source code understanding. However, the time cost of training a language model from zero is very high, and how to transfer the pre-trained language model to the field of smart contract vulnerability detection is a hot research direction at present. In this paper, we propose a hybrid model to detect common vulnerabilities in smart contracts based on a lightweight pre-trained language model BERT and connected to a bidirectional gate recurrent unit model. More >

LiangJun Deng¹, Hang Lei¹, Zheng Yang¹, WeiZhong Qian^1,*, XiaoYu Li¹, Hao Wu², Sihao Deng³, RuChao Sha¹, WeiDong Deng⁴

Computer Systems Science and Engineering, Vol.45, No.2, pp. 2155-2170, 2023, DOI:10.32604/csse.2023.027680

Abstract In order to realize a general-purpose automatic formal verification platform based on WebAssembly technology as a web service (FVPS), which aims to provide an automated report of vulnerability detections, this work builds a Hyperledger Fabric blockchain runtime model. It proposes an optimized methodology of the functional equivalent translation from source program languages to formal languages. This methodology utilizes an external application programming interface (API) table to replace the source codes in compilation, thereby pruning the part of housekeeping codes to ease code inflation. Code inflation is a significant metric in formal language translation. Namely, minor… More >

Abdulaziz Alhumam^*

CMC-Computers, Materials & Continua, Vol.73, No.1, pp. 1463-1482, 2022, DOI:10.32604/cmc.2022.029473

Abstract The most resource-intensive and laborious part of debugging is finding the exact location of the fault from the more significant number of code snippets. Plenty of machine intelligence models has offered the effective localization of defects. Some models can precisely locate the faulty with more than 95% accuracy, resulting in demand for trustworthy models in fault localization. Confidence and trustworthiness within machine intelligence-based software models can only be achieved via explainable artificial intelligence in Fault Localization (XFL). The current study presents a model for generating counterfactual interpretations for the fault localization model's decisions. Neural system More >