Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleJuly 2024
Are Latent Vulnerabilities Hidden Gems for Software Vulnerability Prediction? An Empirical Study
MSR '24: Proceedings of the 21st International Conference on Mining Software RepositoriesApril 2024, Pages 716–727https://doi.org/10.1145/3643991.3644919Collecting relevant and high-quality data is integral to the development of effective Software Vulnerability (SV) prediction models. Most of the current SV datasets rely on SV-fixing commits to extract vulnerable functions and lines. However, none of ...
- surveyApril 2024
A Survey on Software Vulnerability Exploitability Assessment
ACM Computing Surveys (CSUR), Volume 56, Issue 8Article No.: 205, Pages 1–41https://doi.org/10.1145/3648610Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to ...
- ArticleAugust 2023
Variables are a Curse in Software Vulnerability Prediction
Database and Expert Systems ApplicationsAug 2023, Pages 516–521https://doi.org/10.1007/978-3-031-39847-6_41AbstractDeep learning-based approaches for software vulnerability prediction currently mainly rely on the original text of software code as the feature of nodes in the graph of code and thus could learn a representation that is only specific to the code ...
- research-articleJuly 2023
Toward More Effective Deep Learning-Based Automated Software Vulnerability Prediction, Classification, and Repair
ICSE '23: Proceedings of the 45th International Conference on Software Engineering: Companion ProceedingsMay 2023, Pages 208–212https://doi.org/10.1109/ICSE-Companion58688.2023.00057Software vulnerabilities are prevalent in software systems and the unresolved vulnerable code may cause system failures or serious data breaches. To enhance security and prevent potential cyberattacks on software systems, it is critical to (1) early ...
VULGEN: Realistic Vulnerability Generation Via Pattern Mining and Deep Learning
ICSE '23: Proceedings of the 45th International Conference on Software EngineeringMay 2023, Pages 2527–2539https://doi.org/10.1109/ICSE48619.2023.00211Building new, powerful data-driven defenses against prevalent software vulnerabilities needs sizable, quality vulnerability datasets, so does large-scale benchmarking of existing defense solutions. Automatic data generation would promisingly meet the ...
-
- research-articleJuly 2023
Vulnerability Detection with Graph Simplification and Enhanced Graph Representation Learning
ICSE '23: Proceedings of the 45th International Conference on Software EngineeringMay 2023, Pages 2275–2286https://doi.org/10.1109/ICSE48619.2023.00191Prior studies have demonstrated the effectiveness of Deep Learning (DL) in automated software vulnerability detection. Graph Neural Networks (GNNs) have proven effective in learning the graph representations of source code and are commonly adopted by ...
- research-articleJuly 2023
Data Quality for Software Vulnerability Datasets
ICSE '23: Proceedings of the 45th International Conference on Software EngineeringMay 2023, Pages 121–133https://doi.org/10.1109/ICSE48619.2023.00022The use of learning-based techniques to achieve automated software vulnerability detection has been of longstanding interest within the software security domain. These data-driven solutions are enabled by large software vulnerability datasets used for ...
- research-articleJuly 2023
Vulnerability Disclosure Considered Stressful
ACM SIGCOMM Computer Communication Review (SIGCOMM-CCR), Volume 53, Issue 2April 2023, Pages 2–10https://doi.org/10.1145/3610381.3610383Vulnerability disclosure is a widely recognized practice in the software industry, but there is a lack of literature detailing the firsthand experiences of researchers who have gone through the process. This work aims to bridge that gap by sharing our ...
- research-articleJuly 2023
Vulnerability diffusions in software product networks
Journal of Operations Management (WILEY-JOM), Volume 69, Issue 8December 2023, Pages 1342–1370https://doi.org/10.1002/joom.1270AbstractDuring software product development, the combination of digital resources (such as application programming interfaces and software development kits) establishes loose and tight edges between nodes, which form a software product network (SPN). ...
Highlights- Greater software vulnerability diffusion is demonstrated when software products are arranged globally compared to neighboring within their respective networks.
- Rapid responses of software developers toward mitigating vulnerability diffusion ...
- research-articleFebruary 2023
A Code Centric Evaluation of C/C++ Vulnerability Datasets for Deep Learning Based Vulnerability Detection Techniques
ISEC '23: Proceedings of the 16th Innovations in Software Engineering ConferenceFebruary 2023, Article No.: 6, Pages 1–10https://doi.org/10.1145/3578527.3578530Recent years have witnessed tremendous progress in NLP-based code comprehension via deep neural networks (DNN) learning, especially Large Language Models (LLMs). While the original application of LLMs is focused on code generation, there have been ...
- research-articleJanuary 2023
A Novel Coverage-guided Greybox Fuzzing based on Power Schedule Optimization with Time Complexity
ASE '22: Proceedings of the 37th IEEE/ACM International Conference on Automated Software EngineeringOctober 2022, Article No.: 172, Pages 1–5https://doi.org/10.1145/3551349.3559550Coverage-guided Greybox fuzzing is regarded as a practical approach to detect software vulnerabilities, which targets to expand code coverage as much as possible. A common implementation is to assign more energy to such seeds which find new edges with ...
- research-articleJanuary 2023
Tunter: Assessing Exploitability of Vulnerabilities with Taint-Guided Exploitable States Exploration
Computers and Security (CSEC), Volume 124, Issue CJan 2023https://doi.org/10.1016/j.cose.2022.102995Highlights- software vulnerability
- exploitability assessment
Assessing the exploitability of vulnerabilities is critical for defenders. But the vulnerability-triggering samples available for analysts often do not trigger exploitable states, making it hard to accurately assess whether the ...
- research-articleNovember 2022
Predicting the severity and exploitability of vulnerability reports using convolutional neural nets
EnCyCriS '22: Proceedings of the 3rd International Workshop on Engineering and Cybersecurity of Critical SystemsMay 2022, Pages 1–8https://doi.org/10.1145/3524489.3527298Common Vulnerability and Exposure (CVE) reports published by Vulnerability Management Systems (VMSs) are used to evaluate the severity and exploitability of software vulnerabilities. Public vulnerability databases such as NVD uses the Common ...
- research-articleNovember 2022
You see what I want you to see: poisoning vulnerabilities in neural code search
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software EngineeringNovember 2022, Pages 1233–1245https://doi.org/10.1145/3540250.3549153Searching and reusing code snippets from open-source software repositories based on natural-language queries can greatly improve programming productivity.Recently, deep-learning-based approaches have become increasingly popular for code search. ...
Generating realistic vulnerabilities via neural code editing: an empirical study
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software EngineeringNovember 2022, Pages 1097–1109https://doi.org/10.1145/3540250.3549128The availability of large-scale, realistic vulnerability datasets is essential both for benchmarking existing techniques and for developing effective new data-driven approaches for software security. Yet such datasets are critically lacking. A promising ...
- research-articleJune 2022
DeepCVA: automated commit-level vulnerability assessment with deep multi-task learning
ASE '21: Proceedings of the 36th IEEE/ACM International Conference on Automated Software EngineeringNovember 2021, Pages 717–729https://doi.org/10.1109/ASE51524.2021.9678622It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they are detected ...
- research-articleJune 2022
Learning-based Vulnerability Detection in Binary Code
ICMLC '22: Proceedings of the 2022 14th International Conference on Machine Learning and ComputingFebruary 2022, Pages 266–271https://doi.org/10.1145/3529836.3529926Cyberattacks typically exploit software vulnerabilities to compromise computers and smart devices. To address vulnerabilities, many approaches have been developed to detect vulnerabilities using deep learning. However, most learning-based approaches ...
- research-articleMay 2022
Integrating vulnerability risk into the software process
ACM SE '22: Proceedings of the 2022 ACM Southeast ConferenceApril 2022, Pages 91–98https://doi.org/10.1145/3476883.3520217Software developers often focus on the functional aspects of software and defer consideration of security vulnerabilities until late in the development process. Consequently, vulnerabilities plague contemporary software. This work presents an approach ...
- research-articleJanuary 2022
Fuzz Testing Technique and its Use in Cybersecurity Tasks
Cybernetics and Systems Analysis (KLU-CASA), Volume 58, Issue 1Jan 2022, Pages 157–163https://doi.org/10.1007/s10559-022-00445-2AbstractThe paper considers the technology of fuzz testing, which is testing software systems by feeding critical or unexpected input data to them. An overview of the current problem state is made and the main systems of fuzz testing are presented. An ...
- research-articleDecember 2021
On the Detection of Exploitation of Vulnerabilities That Leads to the Execution of a Malicious Code
Automatic Control and Computer Sciences (ACCS), Volume 55, Issue 7Dec 2021, Pages 827–837https://doi.org/10.3103/S0146411621070233AbstractSoftware protection from exploitation of possible unknown vulnerabilities can be ensured both by searching for (for example, using symbolic execution) and subsequently eliminating vulnerabilities and by means of detection and/or intrusion ...