检索结果-内蒙古大学图书馆

Improving Coverage and Vulnerability Detection in Smart Contract Testing Using Self-Adaptive Learning GA

IETE JOURNAL OF RESEARCH 2024年第2期70卷 1593-1606页

作者： Sujeetha, R. Akila, K. SRM Inst Sci & Technol Coll Engn & Technol Dept Comp Sci & Engn 1 Jawaharlal Nehru RdVadapalani Campus Chennai Tamil Nadu India

In the domain of software testing, the generation of test cases is a critical process for detecting system errors and bugs. However, automated test case generation for smart contracts often encounters challenges related to automation, vulnerability diversity, and coverage. This paper presents a novel method, the self-adaptive learning Genetic Algorithm (self-adaptive learning GA), designed to address these issues. Our research methodology incorporates several construction models, namely the control Dependence graph (CDG), control flow graph (CFG), and Application Binary Interface (ABI). Initially, the ABI model provides essential information for generating and executing test cases. The CFG model subsequently visualizes potential execution paths through the functions of smart contracts. Ultimately, the CDG model identifies potential vulnerabilities in smart contracts. Using these models, our method enhances automatic test case generation in smart contracts by improving coverage and reducing execution time. We selected a variety of smart contracts from the Decentralized Finance (DeFi) ecosystem for data collection and comparative analysis. The experimental results show superior performance rates, with an average code coverage rate of 98.1%, a total of 3500 vulnerabilities detected, a vulnerability detection rate of 98.7%, a false positive rate of 1.3%, a recall of 98.2%, precision of 98.8%, a path uniqueness rate of 96.4%, false negative rate of 3.5%, an execution time of 25 s, and test case generation time of 16 s. In conclusion, our proposed approach demonstrates a significant improvement over existing methods for test case generation by providing a promising solution for the robustness of smart contracts and security enhancement in the DeFi ecosystem.

关键词： Application binary interface code coverage control dependence graph control flow graph genetic algorithm self-adaptive learning smart contracts test case generation vulnerability

来源：评论

学校读者我要写书评

暂无评论

An Approach for Detecting Unnecessary Cyclomatic Complexity on Source Code

引用

IEEE LATIN AMERICA TRANSACTIONS 2016年第8期14卷 3777-3783页

作者： Campos Junior, H. S. Martins Filho, L. R. V. Araujo, M. A. P. IF Sudeste MG Campus Juiz de Fora Juiz De Fora MG Brazil Univ Fed Juiz de Fora Juiz De Fora MG Brazil

Seeking product's quality is essential nowadays. One of the many quality aspects in software development is the source code complexity. Not taking care for the complexity during the development can result in unexpected cost, caused by the difficulty on the source code understanding. The goal of this paper is to introduce an initial approach to identify unnecessary complexity in source code. Besides identifying, also show to its user how to properly rewrite the source code without the unnecessary complexity. The approach is based on the static analysis of the source code control flow graph. Once the unnecessary complexity is identified, the graph is refactored in order to allow the user to understand the improvement on the source code. It was implemented in a software tool in order to prove its concept. A performance evaluation was performed, resulting in a high accuracy. Two experimental studies were also performed to assess its feasibility when used by real users. The evidences provided by these studies suggests that the approach support the unnecessary complexity removal.

关键词： cyclomatic complexity control flow graph experimental software engineering unnecessary complexity

来源：评论

学校读者我要写书评

暂无评论

CONCURRENT PROCESS MONITORING WITH NO REFERENCE SIGNATURES

引用

IEEE TRANSACTIONS ON COMPUTERS 1994年第4期43卷 475-480页

作者： UPADHYAYA, SJ RAMAMURTHY, B Dept. of Electr. & Comput. Eng. State Univ. of New York Buffalo NY USA

A simple, inexpensive and time/space efficient signature technique for process monitoring is presented. In this technique, a known signature function is applied to the instruction stream at compilation phase and when the accumulated signature forms an m-out-of-n code, the corresponding instructions are tagged. Error checking is done at run-time by monitoring the signatures accumulated at the tagged locations to determine whether they form m-out-of-n codes. This approach of signature checking does not require the embedding of reference signatures at compilation, thereby leading to savings in memory as well as in execution time. The m-out-of-n code approach offers high error coverage and controllable latency. The results of the experiments conducted to verify the controllability of the latency are discussed. One of the distinguishing features of the proposed scheme is the elimination of reference signatures, which are the main source of memory and time overhead in the existing techniques.

关键词： BIT ERRORS BRANCH-FREE INTERVAL control flow graph ERROR COVERAGE ERROR LATENCY SEQUENCING ERRORS SIGNATURE ANALYSIS WATCHDOG PROCESSOR

来源：评论

学校读者我要写书评

暂无评论

Vulnerability Detection by Learning From Syntax-Based Execution Paths of Code

引用

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING 2023年第8期49卷 4196-4212页

作者： Zhang, Junwei Liu, Zhongxin Hu, Xing Xia, Xin Li, Shanping Zhejiang Univ Coll Comp Sci & Technol Hangzhou 310027 Zhejiang Peoples R China Zhejiang Univ Sch Software Technol Ningbo 315103 Zhejiang Peoples R China

Vulnerability detection is essential to protect software systems. Various approaches based on deep learning have been proposed to learn the pattern of vulnerabilities and identify them. Although these approaches have shown vast potential in this task, they still suffer from the following issues: (1) It is difficult for them to distinguish vulnerability-related information from a large amount of irrelevant information, which hinders their effectiveness in capturing vulnerability features. (2) They are less effective in handling long code because many neural models would limit the input length, which hinders their ability to represent the long vulnerable code snippets. To mitigate these two issues, in this work, we proposed to decompose the syntax-based control flow graph (CFG) of the code snippet into multiple execution paths to detect the vulnerability. Specifically, given a code snippet, we first build its CFG based on its Abstract Syntax Tree (AST), refer to such CFG as syntax-based CFG, and decompose the CFG into multiple paths from an entry node to its exit node. Next, we adopt a pre-trained code model and a convolutional neural network to learn the path representations with intra- and inter-path attention. The feature vectors of the paths are combined as the representation of the code snippet and fed into the classifier to detect the vulnerability. Decomposing the code snippet into multiple paths can filter out some redundant information unrelated to the vulnerability and help the model focus on the vulnerability features. Besides, since the decomposed paths are usually shorter than the code snippet, the information located in the tail of the long code is more likely to be processed and learned. To evaluate the effectiveness of our model, we build a dataset with over 231 k code snippets, in which there are 24 k vulnerabilities. Experimental results demonstrate that the proposed approach outperforms state-of-the-art baselines by at least 22.30%, 42.92%, and 32.5

关键词： Vulnerability detection deep learning control flow graph pre-trained model

来源：评论

学校读者我要写书评

暂无评论

An efficient method for computing dynamic program slices

引用

INFORMATION PROCESSING LETTERS 2002年第2期81卷 111-117页

作者： Goswami, D Mall, R Indian Inst Technol Dept Comp Sci & Engn Kharagpur 721302 W Bengal India

We propose an efficient method for computing dynamic slices of programs. Our method is based on construction of data dependence edges of program dependence graph at run-time. We introduce the concept of compact dynamic dependence graphs (CDDGs) of programs. We show computation of dynamic slices using CDDGs to be more efficient than existing methods. (C) 2002 Elsevier Science B.V. All rights reserved.

关键词： program slicing static slicing dynamic slicing program dependence graph control flow graph program debugging

来源：评论

学校读者我要写书评

暂无评论

MalGNE: Enhancing the Performance and Efficiency of CFG-Based Malware Detector by graph Node Embedding in Low Dimension Space

引用

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 2024年 19卷 4881-4896页

作者： Peng, Hao Yang, Jieshuai Zhao, Dandan Xu, Xiaogang Pu, Yuwen Han, Jianmin Yang, Xing Zhong, Ming Ji, Shouling Zhejiang Normal Univ Coll Comp Sci & Technol Jinhua 321004 Peoples R China Zhejiang Normal Univ Key Lab Intelligent Educ Technol & Applicat Jinhua 321004 Peoples R China Zhejiang Univ Inst Cyberspace Res Hangzhou 310027 Zhejiang Peoples R China Zhejiang Univ Coll Comp Sci & Technol Hangzhou 310027 Zhejiang Peoples R China Georgia Inst Technol Sch Elect & Comp Engn Atlanta GA 30332 USA

The rich semantic information in control flow graphs (CFGs) of executable programs has made graph Neural Networks (GNNs) a key focus for malware detection. However, existing CFG-based detection techniques face limitations in node feature extraction, such as information loss, neglect of execution sequence information, and redundancy in representation vectors. These limitations compromise the balance between high efficiency and precision when training detectors. Addressing this, we introduce an innovative Malware CFG Node Embedding (MalGNE) method. This approach utilizes a novel instruction encoding rule to address the Out-Of-Vocabulary(OOV) problem, generates high-quality initial vectors. Then, it employs aggregation layer and sequence layer to extract node aggregation feature and execution sequence feature, in conjunction with GNNs to develop a pre-trained node embedding model. The model maps the semantic information of node assembly instruction sequences into a compact, low-dimensional continuous space, ensuring high-quality feature extraction, and enhancing the performance and efficiency of the detector. We trained the MalGNE model using the BIG 2015 dataset and validated MalGNE-enhanced detector on the SOREL-20M and BODMAS datasets. MalGNE-enhanced detector demonstrates outstanding performance and efficiency in low-dimensional spaces, especially when the dimensionality of the node feature vector is reduced to 16. MalGNE-enhanced detector not only maintains a high detection accuracy of 95.49%. sacrificing only about 1.7% of accuracy to save approximately 73% of training time compared to 128 dimensions.

关键词： Malware detection node embedding control flow graph graph neural network

来源：评论

学校读者我要写书评

暂无评论

BCGen: a comment generation method for bytecode

引用

AUTOMATED SOFTWARE ENGINEERING 2023年第1期30卷 1-31页

作者： Huang, Yuan Huang, Jinbo Chen, Xiangping He, Kunning Zhou, Xiaocong Sun Yat Sen Univ Sch Software Engn Zhuhai 519000 Guangdong Peoples R China Sun Yat Sen Univ Sch Journalism & Commun Guangdong Key Lab Big Data Anal & Simulat Publ Opi Guangzhou 510000 Guangdong Peoples R China Sun Yat Sen Univ Sch Comp Sci & Engn Guangzhou 510000 Guangdong Peoples R China

Bytecode is a form of instruction set designed for efficient execution by a software interpreter. Unlike human-readable source code, bytecode is even harder to understand for programmers and researchers. Bytecode has been widely used in various software tasks such as malware detection and clone detection. In order to understand the meaning of the bytecode more quickly and accurately and further help programmers in more software activities, we propose a bytecode comment generation method (called BCGen) using neural language model. Specifically, to get the structured information of the bytecode, we first generate the control flow graph (CFG) of the bytecode, and serialize the CFG with bytecode semantic information. Then a transformer model combining gate recurrent unit is proposed to learn the features of bytecode to generate comments. We obtain the bytecode by building the Jar packages of the well-known open-source projects in the Maven repository and construct a bytecode dataset to train and evaluate our model. Experimental results show that the BLEU of BCGen can reach 0.26, which outperforms several baselines and proves the effectiveness and practicability of our method. It is concluded that it is possible to generate natural language comments directly from the bytecode. Meanwhile, it is important to take structured and semantic information into account in generating bytecode comments.

关键词： Bytecode Comments generation control flow graph Program comprehension

来源：评论

学校读者我要写书评

暂无评论

THE COMBINING DAG - A TECHNIQUE FOR PARALLEL DATA-flow ANALYSIS

引用

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 1994年第8期5卷 805-813页

作者： KRAMER, R GUPTA, R SOFFA, ML Department of Computer Science University of Pittsburgh Pittsburgh PA USA

As the number of available multiprocessors increases, so does the importance of providing software support for these systems, including parallel compilers. Data flow analysis, an important component of software tools, may be computed many times during the compilation of a program, especially when compiling for a multiprocessor. Although converting a sequential data flow algorithm to a parallel algorithm can present some opportunities for computing data flow in parallel, more parallelism can be exposed by the development of new parallel data flow algorithms. In this paper, we present a technique that computes rapid data flow problems in parallel and thus is applicable for commonly used classical data flow problems, including reaching definitions, reachable uses, available expressions, and very busy expressions. Unlike previous techniques, our technique exploits the inherent parallelism in the data flow computation that occurs across independent paths, within linear paths, and in paths through loops of a control flow graph. The technique first changes cyclic structures in a control flow graph to acyclic structures and then builds a combining directed acyclic graph (DAG) that represents the paths through the control flow graph needed to compute data flow. Data flow is then computed using two passes over the DAG by computing the data flow for the nodes on each level of the DAG in parallel. We also present experimental results comparing the performance of our algorithm with a sequential algorithm and a parallelized sequential algorithm.

关键词： DATA flow ANALYSIS control flow graph ITERARTIVE METHOD STRUCTURED ANALYSIS NODE LISTINGS

来源：评论

学校读者我要写书评

暂无评论

Symbolic execution based test-patterns generation algorithm for hardware Trojan detection

引用

COMPUTERS & SECURITY 2018年 78卷 267-280页

作者： Shen, Lixiang Mu, Dejun Cao, Guo Qin, Maoyuan Blackstone, Jeremy Kastner, Ryan Northwestern Polytech Univ Sch Automat Xian 710072 Shaanxi Peoples R China Changzhou Inst Technol Sch Comp Informat & Engn Changzhou 213032 Jiangsu Peoples R China Northwestern Polytech Univ Sch Management Xian 710072 Shaanxi Peoples R China Changzhou Inst Technol Sch Econ & Management Changzhou 213032 Jiangsu Peoples R China Univ Calif San Diego Dept Comp Sci & Engn San Diego CA 92093 USA

Hardware Trojan detection is a very difficult challenge. However, the combination of symbolic execution and metamorphic testing is useful for detecting hardware Trojans in Verilog code. In this paper, symbolic execution and metamorphic testing were combined to detect internal conditionally triggered hardware Trojans in the register-transfer level design. First, control flow graphs of Verilog code were generated. Next, parallel symbolic execution and satisfiability modulo theories solver generated test patterns. Finally, metamorphic testing detected the hardware Trojans. The work used Trust-Hub benchmarks in experiments. (C) 2018 Elsevier Ltd. All rights reserved.

关键词： Hardware Trojan Symbolic execution Satisfiability modulo theory Metamorphic testing control flow graph

来源：评论

学校读者我要写书评

暂无评论

Clone detection in 5G-enabled social IoT system using graph semantics and deep learning model

引用

INTERNATIONAL JOURNAL OF MACHINE LEARNING AND CYBERNETICS 2021年第11期12卷 3115-3127页

作者： Ullah, Farhan Naeem, Muhammad Rashid Mostarda, Leonardo Shah, Syed Aziz Northwestern Polytech Univ Sch Software Xian Shaanxi Peoples R China Leshan Normal Univ Sch Artificial Intelligence Leshan 614000 Peoples R China Camerino Univ Comp Sci Dept I-62032 Camerino Italy Coventry Univ Mobile Hlth Ctr Intelligent Healthcare Coventry CV1 5FB W Midlands England

The protection and privacy of the 5G-IoT framework is a major challenge due to the vast number of mobile devices. Specialized applications running these 5G-IoT systems may be vulnerable to clone attacks. Cloning applications can be achieved by stealing or distributing commercial Android apps to harm the advanced services of the 5G-IoT framework. Meanwhile, most Android app stores run and manage Android apps that developers have submitted separately without any central verification systems. Android scammers sell pirated versions of commercial software to other app stores under different names. Android applications are typically stored on cloud servers, while API access services may be used to detect and prevent cloned applications from being released. In this paper, we proposed a hybrid approach to the control flow graph (CFG) and a deep learning model to secure the smart services of the 5G-IoT framework. First, the newly submitted APK file is extracted and the JDEX decompiler is used to retrieve Java source files from possibly original and cloned applications. Second, the source files are broken down into various android-based components. After generating control-flow graphs (CFGs), the weighted features are stripped from each component. Finally, the Recurrent Neural Network (RNN) is designed to predict potential cloned applications by training features from different components of android applications. Experimental results have shown that the proposed approach can achieve an average accuracy of 96.24% for cloned applications selected from different android application stores.

关键词： 5G IoT Clone detection control flow graph Deep learning Security Privacy

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：