Huaiguang Wu, Yibo Peng, Yaqiong He^*, Jinlin Fan

CMES-Computer Modeling in Engineering & Sciences, Vol.140, No.1, pp. 77-108, 2024, DOI:10.32604/cmes.2024.046758

Abstract In recent years, the number of smart contracts deployed on blockchain has exploded. However, the issue of vulnerability has caused incalculable losses. Due to the irreversible and immutability of smart contracts, vulnerability detection has become particularly important. With the popular use of neural network model, there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts. This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts. Subsequently, it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection. These… More > Graphic Abstract

Dahyeon Kim¹, Namgi Kim², Junho Ahn^2,*

CMC-Computers, Materials & Continua, Vol.78, No.3, pp. 3867-3889, 2024, DOI:10.32604/cmc.2024.046871

Abstract This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities, generating applicable guidelines based on real-world software. The existing analysis of software security vulnerabilities often focuses on specific features or modules. This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software. The key novelty lies in overcoming the constraints of partial approaches. The proposed framework utilizes data from various sources to create a comprehensive functionality profile, facilitating the derivation of real-world security guidelines. Security guidelines are dynamically generated… More >

Zhenhui Li¹, Shuangping Xing¹, Lin Yu¹, Huiping Li¹, Fan Zhou¹, Guangqiang Yin¹, Xikai Tang², Zhiguo Wang^1,*

CMC-Computers, Materials & Continua, Vol.78, No.2, pp. 1861-1879, 2024, DOI:10.32604/cmc.2023.046595

Abstract Software security analysts typically only have access to the executable program and cannot directly access the source code of the program. This poses significant challenges to security analysis. While it is crucial to identify vulnerabilities in such non-source code programs, there exists a limited set of generalized tools due to the low versatility of current vulnerability mining methods. However, these tools suffer from some shortcomings. In terms of targeted fuzzing, the path searching for target points is not streamlined enough, and the completely random testing leads to an excessively large search space. Additionally, when it comes to code similarity analysis,… More >

Zhenhua Yu¹, Zhengqi Liu¹, Xuya Cong^1,*, Xiaobo Li², Li Yin³

CMC-Computers, Materials & Continua, Vol.78, No.1, pp. 1-29, 2024, DOI:10.32604/cmc.2023.042361

Abstract As one of the most effective techniques for finding software vulnerabilities, fuzzing has become a hot topic in software security. It feeds potentially syntactically or semantically malformed test data to a target program to mine vulnerabilities and crash the system. In recent years, considerable efforts have been dedicated by researchers and practitioners towards improving fuzzing, so there are more and more methods and forms, which make it difficult to have a comprehensive understanding of the technique. This paper conducts a thorough survey of fuzzing, focusing on its general process, classification, common application scenarios, and some state-of-the-art techniques that have been… More >

Rui Qiao, Shi Dong^*

CMC-Computers, Materials & Continua, Vol.77, No.2, pp. 2505-2527, 2023, DOI:10.32604/cmc.2023.043476

Abstract Effectively identifying and preventing the threat of Byzantine nodes to the security of distributed systems is a challenge in applying consortium chains. Therefore, this paper proposes a new consortium chain generation model, deeply analyzes the vulnerability of the consortium chain consensus based on the behavior of the nodes, and points out the effects of Byzantine node proportion and node state verification on the consensus process and system security. Furthermore, the normalized verification node aggregation index that represents the consensus ability of the consortium organization and the trust evaluation function of the verification node set is derived. When either of the… More >

Peng Gong^1,2,3, Wenzhong Yang^2,3,*, Liejun Wang^2,3, Fuyuan Wei^2,3, KeZiErBieKe HaiLaTi^2,3, Yuanyuan Liao^2,3

CMC-Computers, Materials & Continua, Vol.76, No.2, pp. 1439-1462, 2023, DOI:10.32604/cmc.2023.038878

Abstract Smart contracts have led to more efficient development in finance and healthcare, but vulnerabilities in contracts pose high risks to their future applications. The current vulnerability detection methods for contracts are either based on fixed expert rules, which are inefficient, or rely on simplistic deep learning techniques that do not fully leverage contract semantic information. Therefore, there is ample room for improvement in terms of detection precision. To solve these problems, this paper proposes a vulnerability detector based on deep learning techniques, graph representation, and Transformer, called GRATDet. The method first performs swapping, insertion, and symbolization operations for contract functions,… More >

So-Eun Jeon, Sun-Jin Lee, Il-Gu Lee^*

Intelligent Automation & Soft Computing, Vol.37, No.2, pp. 2407-2419, 2023, DOI:10.32604/iasc.2023.039937

Abstract With the development of the 5th generation of mobile communication (5G) networks and artificial intelligence (AI) technologies, the use of the Internet of Things (IoT) has expanded throughout industry. Although IoT networks have improved industrial productivity and convenience, they are highly dependent on nonstandard protocol stacks and open-source-based, poorly validated software, resulting in several security vulnerabilities. However, conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and computing power. This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy. Experimental results using a software… More >

Leilei Li¹, Yansong Wang², Dongjie Zhu^2,*, Xiaofang Li³, Haiwen Du⁴, Yixuan Lu², Rongning Qu³, Russell Higgs⁵

CMC-Computers, Materials & Continua, Vol.76, No.1, pp. 771-791, 2023, DOI:10.32604/cmc.2023.038268

Abstract With the rapid development of Internet technology, the issues of network asset detection and vulnerability warning have become hot topics of concern in the industry. However, most existing detection tools operate in a single-node mode and cannot parallelly process large-scale tasks, which cannot meet the current needs of the industry. To address the above issues, this paper proposes a distributed network asset detection and vulnerability warning platform (Dis-NDVW) based on distributed systems and multiple detection tools. Specifically, this paper proposes a distributed message subscription and publication system based on Zookeeper and Kafka, which endows Dis-NDVW with the ability to parallelly… More >

Nadia Trabelsi, Imen Hentati, Ibtissem Triki, Moncef Zairi

Revue Internationale de Géomatique, Vol.29, No.3, pp. 317-338, 2019, DOI:10.3166/rig.2019.00087

Abstract The Sfax phreatic system is an important source of water supply. The latter is constantly threatened by nitric pollution. In order to protect this aquifer, a study of the intrinsic vulnerability has been carried out using the SI (Susceptibility Index) method. The model takes into consideration the various vulnerability criteria governing the process of contaminant transfer. These are geological, hydrogeological, land use, topography, and meteorological factors. In this study, a method derived from the SI model is presented (modified SI). The model is based on an approach that integrates hydrological modeling under Agriflux and GIS. Indeed, the use of GIS… More >

Guangxia Xu^1,*, Lei Liu², Jingnan Dong³

CMES-Computer Modeling in Engineering & Sciences, Vol.137, No.1, pp. 903-922, 2023, DOI:10.32604/cmes.2023.026627

Abstract In recent years, with the great success of pre-trained language models, the pre-trained BERT model has been gradually applied to the field of source code understanding. However, the time cost of training a language model from zero is very high, and how to transfer the pre-trained language model to the field of smart contract vulnerability detection is a hot research direction at present. In this paper, we propose a hybrid model to detect common vulnerabilities in smart contracts based on a lightweight pre-trained language model BERT and connected to a bidirectional gate recurrent unit model. The downstream neural network adopts… More >