检索结果-内蒙古大学图书馆

45th IEEE Symposium on Security and Privacy (SP)

作者： Jiang, Jiasheng Wu, Jingzheng Ling, Xiang Luo, Tianyue Qu, Sheng Wu, Yanjun Chinese Acad Sci Inst Software Beijing Peoples R China

ISBN: (纸本)9798350331318;9798350331301

Extracting API patterns from the source code has been extensively employed to detect API misuses. However, recent studies manually provide pattern templates as prerequisites, requiring prior software knowledge and limiting their extraction scope. This paper presents APP-Miner (API path pattern miner), a novel static analysis framework for extracting API path patterns via a frequent subgraph mining technique without pattern templates. The critical insight is that API patterns usually consist of APIs' data-related operations and are commonplace. Therefore, we define API paths as the control flow graphs composed of APIs' data-related operations, and thereby the maximum frequent subgraphs of the API paths are the probable API path patterns. We implemented APP-Miner and extensively evaluated it on four widely used open-source software: Linux kernel, OpenSSL, FFmpeg, and Apache httpd. We found 116, 35, 3, and 3 new API misuses from the above systems, respectively. Moreover, we gained 19 CVEs.

关键词： API misuse specification inference control flow graph frequent subgraph mining static analysis

来源：评论

学校读者我要写书评

暂无评论

graphRTL: an Agile Design Framework of RTL Code from Data flow graphs

GraphRTL: an Agile Design Framework of RTL Code from Data Fl...

引用

2nd International Symposium of Electronics Design Automation (ISEDA)

作者： Qiao, Yuheng Xie, Cai Ou, Zhaoting Lei, Peizhi Tian, Yan Chen, Jienan Univ Elect Sci & Technol China Chengdu 611731 Peoples R China

ISBN: (纸本)9798350352047;9798350352030

As the increasing demand for large and complex signal processing requirements, the efficient and fast design of signal processing circuits becomes an important issues. Agile design offers a new approach for rapid hardware design cycles. While this approach is a standard for software design, how to adapt it to hardware design properly remains an open question. In our work, we propose a framework for agile software and hardware co-design named graphRTL. The tool addresses the challenge of designing hardware for Digital Signal Processing (DSP). Instead of direct coding and debugging iteration, we employ data flow graphs (DFG) and control flow graphs (CFG) to automatically generate RTL code. The input to graphRTL is the flow graph of the designed circuit. Subsequently, the tool checks the graphs, reconstructs it, and then translates it into a configuration file for the compiler. Finally, the compiler autonomously generates the corresponding software to hardware code and RTL code. Compared to the traditional design route, graphRTL enhances design efficiency and broadens the design space. In our experiments, we achieved up to an 70% reduction in design time while maintaining a 5 to 10% reduction in hardware overhead for the designed circuits.

关键词： Data flow graph control flow graph Agile Design Compilers Digital Signal Processing RTL

来源：评论

学校读者我要写书评

暂无评论

Measuring nesting

引用

IET SOFTWARE 2022年第6期16卷 543-557页

作者： Alrasheed, Hend Melton, Austin King Saud Univ Dept Informat Technol Univ StPOB 145111 Riyadh Saudi Arabia Kent State Univ Dept Comp Sci Kent OH USA

Nesting is a fundamental and very commonly used programming construct. In many cases, the wise use of nesting contributes significantly to a programming team elegantly designing a solution to a difficult problem. However, the ease with which nesting constructs may be created and the essentially unlimited depth and breadth to which they may exist also enable a programming team to create programs that may be extremely difficult to understand and maintain. In this paper, nesting and nesting metrics are examined. The authors begin the nesting examination/discussion with a precise definition of the scope of programme selection nodes. The term 'nodes' instead of 'statements' is used because this work is done on control flow graphs of programme modules. Although there has been much work done on metrics related to nesting, there has not been significant work done on metrics that focus entirely on nesting. Explicit definitions for nesting depth and nesting breadth metrics are given for programme modules. The metrics are validated by comparing them to probably the best known nesting metric, the MaCabe cyclomatic metric. Also, the metrics are compared to the standard lines of code metric. Further, a new nesting concept, the nesting tree, is discussed and it is proposed that nesting trees themselves could be useful nesting measurement values.

关键词： programming nesting depth metrics nesting breadth metrics nesting depth nesting measurement control flow graph nesting tree programming construct nesting constructs MaCabe cyclomatic metric flow graphs trees (mathematics) program modules software metrics program selection nodes

来源：评论

学校读者我要写书评

暂无评论

A Software QA Framework for Autonomous Vehicle open source application: OpenPilot 9

A Software QA Framework for Autonomous Vehicle open source a...

引用

9th IEEE World Forum on the Internet of Things (WF-IoT) - The Blue Planet - A Marriage of Sea and Space

作者： Ali, Khalid Jammal, Manar Abu Sharkh, Mohamed York Univ Sch Informat Technol Toronto ON Canada Ferris State Univ Digital Media Software Engn Grand Rapids MI USA

ISBN: (纸本)9798350311617;9798350311624

As the deployment of autonomous vehicles (AV) grows, ensuring their reliability and safety becomes paramount. The need for rigorous testing and validation methods is surging. This paper focuses on investigating the resilience of OpenPilot, an open-source driving agent for assisted driving systems, against faults and environmental conditions affecting sensor data, targeting faults that directly impact machine learning (ML) and perception systems, known to be a significant cause of disengagement incidents in AV. To assess the effectiveness and coverage of Open-Pilot's functionalities, we employ standard model-driven test engineering methodology graph coverage testing. A systematic and comprehensive modeling of OpenPilot using graph coverage methodology is proposed, covering three programming scripts and yielding 16 major test case scenarios. This approach enables graph coverage testing on OpenPilot, facilitating evaluation of its performance, robustness, and safety measures. By systematically exploring the system's functionalities and scenarios, we ensure OpenPilot performs as expected and effectively mitigates safety hazards, contributing to the enhancement of autonomous vehicle safety and building confidence in autonomous driving technology.

关键词： graph Coverage OpenPilot Autonomous Vehicles control flow graph Code Coverage Visualization Test Coverage

来源：评论

学校读者我要写书评

暂无评论

LSAFE: a Lightweight Static Analysis Framework for binary Executables

LSAFE: a Lightweight Static Analysis Framework for binary Ex...

引用

2024 International Performance Computing and Communications Conference

作者： Yue, Xiao Qu, Guangzhi Oakland Univ Dept Comp Sci & Engn Rochester MI 48063 USA

ISBN: (纸本)9798350367959;9798350367942

Static analysis is a widely used technique for analyzing various aspects of programs. However, as programs become more complex, static analysis tools require larger resources, such as CPU time and memory, to perform the same tasks. Moreover, the source code of programs may not always be accessible, requiring static analysis to be performed on the binary executable code directly. To overcome these challenges, we propose a lightweight static analysis framework called LSAFE, which constructs control flow graphs (CFGs) and data dependency graphs (DDGs) of target programs with optimized performance in terms of CPU and memory usage. We evaluated the proposed framework using both Spec benchmark programs and real-world industrial applications, and found that it outperformed Angr, an existing state-of-the-art static analysis tool. Additionally, we demonstrate a case study that utilizes the CFG generated by LSAFE to detect memory leaks.

关键词： Framework Binary executable code Static analysis control flow graph

来源：评论

学校读者我要写书评

暂无评论

A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization

引用

JOURNAL OF CLOUD COMPUTING-ADVANCES SYSTEMS AND APPLICATIONS 2022年第1期11卷 1-21页

作者： Ullah, Farhan Srivastava, Gautam Ullah, Shamsher Northwestern Polytech Univ Sch Software Xian 710072 Peoples R China Brandon Univ Dept Math & Comp Sci Brandon MB R7A 6A9 Canada China Med Univ Res Ctr Interneural Comp Taichung 40402 Taiwan Lebanese Amer Univ Dept Comp Sci & Math Beirut 1102 Lebanon

Android is the most widely used mobile platform, making it a prime target for malicious attacks. Therefore, it is imperative to effectively circumvent these attacks. Recently, machine learning has been a promising solution for malware detection, which relies on distinguishing features. While machine learning-based malware scanners have a large number of features, adversaries can avoid detection by using feature-related expertise. Therefore, one of the main tasks of the Android security industry is to consistently propose cutting-edge features that can detect suspicious activity. This study presents a novel feature representation approach for malware detection that combines API-Call graphs (ACGs) with byte-level image representation. First, the reverse engineering procedure is used to obtain the Java programming codes and Dalvik Executable (DEX) file from Android Package Kit (APK). Second, to depict Android apps with high-level features, we develop ACGs by mining API-Calls and API sequences from control flow graph (CFG). The ACGs can act as a digital fingerprint of the actions taken by Android apps. Next, the multi-head attention-based transfer learning method is used to extract trained features vector from ACGs. Third, the DEX file is converted to a malware image, and the texture features are extracted and highlighted using a combination of FAST (Features from Accelerated Segment Test) and BRIEF (Binary Robust Independent Elementary Features). Finally, the ACGs and texture features are combined for effective malware detection and classification. The proposed method uses a customized dataset prepared from the CIC-InvesAndMal2019 dataset and outperforms state-of-the-art methods with 99.27% accuracy.

关键词： Android malware control flow graph Malware visualization Transfer learning Ensemble learning Cybersecurity

来源：评论

学校读者我要写书评

暂无评论

Arvin: Greybox Fuzzing Using Approximate Dynamic CFG Analysis 23

Arvin: Greybox Fuzzing Using Approximate Dynamic CFG Analysi...

引用

18th ACM ASIA Conference on Computer and Communications Security (ASIA CCS)

作者： Shahini, Sirus Zhang, Mu Payer, Mathias Ricci, Robert Univ Utah Salt Lake City UT 84112 USA Ecole Polytech Fed Lausanne Lausanne Switzerland

ISBN: (纸本)9798400700989

Fuzzing has emerged as the most broadly used testing technique to discover bugs. Effective fuzzers rely on coverage to prioritize inputs that exercise new program areas. Edge-based code coverage of the Program Under Test (PUT) is the most commonly used coverage today. It is cheap to collect-a simple counter per basic block edge suffices. Unfortunately, edge coverage lacks context information: it exclusively records how many times each edge was executed but lacks the information necessary to trace actual paths of execution. Our new fuzzer Arvin gathers probabilistic full traces of PUT executions to construct Dynamic control flow graphs (DCFGs). These DCFGs observe a richer set of program behaviors, such as the "depth" of execution, different paths to reach the same basic block, and targeting specific functions and paths. Prioritizing the most promising inputs based on these behaviors improves fuzzing effectiveness by increasing the diversity of explored basic blocks. Designing a DCFG-aware fuzzer raises a key challenge: collecting the required information needs complex instrumentation which results in performance overheads. Our prototype approximates DCFG and enables lightweight, asynchronous coordination between fuzzing processes, making DCFG-based fuzzing practical. By approximating DCFGs, Arvin is fast, resulting in at least an eight-fold increase in fuzzing speed. Because it effectively prioritizes inputs using methods like depth comparison and directed exclusion, which are unavailable to other fuzzers, it finds bugs missed by others. We compare its ability to find bugs using various Linux programs and discover 50 bugs, 23 of which are uniquely found by Arvin.

关键词： fuzzer vulnerability control flow graph Input Prioritization

来源：评论

学校读者我要写书评

暂无评论

A vulnerability detection framework with enhanced graph feature learning

引用

JOURNAL OF SYSTEMS AND SOFTWARE 2024年 216卷

作者： Cheng, Jianxin Chen, Yizhou Cao, Yongzhi Wang, Hanpin Peking Univ Key Lab High Confidence Software Technol Minist Educ Beijing Peoples R China Peking Univ Sch Comp Sci Beijing Peoples R China Zhongguancun Lab Beijing Peoples R China Guangzhou Univ Sch Comp Sci & Cyber Engn Guangzhou Peoples R China

Vulnerability detection in smart contracts is critical to secure blockchain systems. Existing methods represent the bytecode as a graph structure and leverage graph neural networks to learn graph features for vulnerability detection. However, these methods are limited to handling the long-range dependencies between nodes. This means that they might focus on learning local node feature while ignoring global node information. In this paper, we propose a novel vulnerability detection framework with E nhanced G raph F eature L earning (EGFL), which aims to extract the global node information and utilize it to improve vulnerability detection in smart contracts. Specifically, we first represent the bytecode as a control flow graph (CFG). To extract global node information, EGFL constructs a linear node feature matrix from CFG, and uses the feature -aware and relationship -aware modules to handle long-range dependencies between nodes. Meanwhile, a graph neural network is adopted to extract the local node feature from CFG. Subsequently, we fuse the global node information and local node feature to generate an enhanced graph feature for capturing more vulnerability features. We evaluate EGFL on the benchmark dataset with six types of smart contract vulnerabilities. Results show that EGFL outperforms fourteen state-of-the-art vulnerability detection methods by 10.83%-60.28% in F1 score.

关键词： Vulnerability detection Software security Code representation control flow graph graph neural network

来源：评论

学校读者我要写书评

暂无评论

A vulnerability detection framework by focusing on critical execution paths

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2024年 174卷

Context: Vulnerability detection is critical to ensure software security, and detecting vulnerabilities in smart contract code is currently gaining massive attention. Existing deep learning -based vulnerability detection methods represent the code as a code structure graph and eliminate vulnerability -irrelevant nodes. Then, they learn vulnerability -related code features from the simplified graph for vulnerability detection. However, this simplified graph struggles to represent relatively complete structural information of code, which may affect the performance of existing vulnerability detection methods. Objective: In this paper, we present a novel V ulnerability D etection framework based on C ritical E xecution P aths (VDCEP), which aims to improve smart contract vulnerability detection. Method: Firstly, given a code structure graph, we deconstruct it into multiple execution paths that reflect rich structural information of code. To reduce irrelevant code information, a path selection strategy is employed to identify critical execution paths that may contain vulnerable code information. Secondly, a feature extraction module is adopted to learn feature representations of critical paths. Finally, we feed all path feature representations into a classifier for vulnerability detection. Also, the feature weights of paths are provided to measure their importance in vulnerability detection. Results: We evaluate VDCEP on a large dataset with four types of smart contract vulnerabilities. Results show that VDCEP outperforms 14 representative vulnerability detection methods by 5.34%-60.88% in F1 -score. The ablation studies analyze the effects of our path selection strategy and feature extraction module on VDCEP. Moreover, VDCEP still outperforms ChatGPT by 34.46% in F1 -score. Conclusion: Compared to existing vulnerability detection methods, VDCEP is more effective in detecting smart contract vulnerabilities by utilizing critical execution paths. Besides, we can provide in

关键词： Vulnerability detection Software security Code representation control flow graph Deep learning

来源：评论

学校读者我要写书评

暂无评论

COBREX: A Tool for Extracting Business Rules from COBOL 39

COBREX: A Tool for Extracting Business Rules from COBOL

引用

39th IEEE International Conference on Software Maintenance and Evolution (ICSME)

作者： Ali, Mir Sameed Manjunath, Nikhil Chimalakonda, Sridhar Indian Inst Technol Tirupati Dept Comp Sci & Engn Res Intelligent Software & Human Analyt RISHA Lab Tirupati Andhra Pradesh India

ISBN: (数字)9781665479561

ISBN: (纸本)9781665479561

COBOL (Common Business-Oriented Language) has had a strong presence for the last five decades and is still prevalent in the finance and banking sectors and other organizations. The systems which were earlier written in COBOL have now become legacy systems. Therefore, it has become essential to maintain and migrate these legacy COBOL systems. These legacy systems on which companies rely consist of embedded logic to run their business rules and day-to-day operations. Due to everchanging requirements, these business rules need to be revisited and updated regularly. Understanding the code that enforces the business rules is critical for system evolution. However, this is time-consuming, laborious, and error-prone. Also, the documentation of these systems is sometimes inadequate and may be inconsistent with current organizational policies. Furthermore, the number of current-age developers working on COBOL has been drastically reduced, and they are mainly unfamiliar with legacy systems. To aid this, we propose a tool called COBREX to extract COBOL business rules using a CFG-based approach. The tool's main aim is to help the researchers and practitioners to understand COBOL source code by extracting and comprehending the business rules. The demo of the tool can be found here - https://***/3QODmOkISL0 and the details of the tool can be found here - https://***/COBREXdoc/.

关键词： business rules control flow graph legacy systems COBOL

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：