Search Results (16)

Automated Program Repair (APR) is increasingly used for vulnerability patching, yet many existing methods focus primarily on syntactic similarity between vulnerable and fixed code, with limited guarantees of semantic correctness and limited alignment with security frameworks. This work presents a prototype-based deep metric learning method for vulnerability repair that integrates normative constraints from OWASP and NIST SSDF. The method combines embeddings of vulnerable code and CWE descriptions, refines category prototypes to improve separation among CWE types, and validates repairs against statement-level control requirements derived from the normative mapping. Experiments on 959 vulnerable–fixed pairs across Python, Java, C, and C++ covering 15 CWE categories achieved a Match Ratio of 88.95%, 0.81 compliance, and 0.84 consistency. Full article

Cybersecurity vulnerabilities are rapidly increasing, but public understanding and awareness remain limited. Since most vulnerabilities are common, they continue to exist and to be exploited. Although there are tools, including the Open Worldwide Application Security project and the common weakness enumeration method, that provide extensive information on known security problems, their information is not structured and visually shown. The tools are ineffective in speed assessment and response. We analyzed large-scale common vulnerabilities and exposures JavaScript object notation datasets to recognize key threats, to understand the underlying cause of data breaches, and to analyze vulnerability trends. Implementing keyword gate-filling techniques and better data visualization enhances the clarity and usefulness of vulnerability information. These tools enable stakeholders to make quicker and more informed decisions and implement stronger encryption and defensive measures. Finally, the results of this study lead to broad awareness, active security, and a reactive strategy to evolving cyber threats that simplifies both governmental and average-day user recognition and response to emerging attack patterns and risks across digital platforms. Full article

With the increasing complexity of software systems, the number of security vulnerabilities contained within software has risen accordingly. The existing shift-left security concept aims to detect and fix vulnerabilities during the software development cycle. While CodeQL stands as the premier static code analysis tool currently available on the market, its high barrier to entry poses challenges for meeting the implementation requirements of shift-left security initiatives. While large language model (LLM) offers potential assistance in QL code development, the inherent complexity of code generation tasks often leads to persistent issues such as syntactic inaccuracies and references to non-existent modules, which consequently constrains their practical applicability in this domain. To address these challenges, this paper proposes CQLLM (CodeQL-enhanced Large Language Model), a novel framework for automating the generation of CodeQL security vulnerability detection code by leveraging LLM. This framework is designed to enhance both the efficiency and the accuracy of automated QL code generation, thereby advancing static code analysis for a more efficient and intelligent paradigm for vulnerability detection. First, retrieval-augmented generation (RAG) is employed to search the vector database for dependency libraries and code snippets that are highly similar to the user’s input, thereby constraining the model’s generation process and preventing the import of invalid modules. Then, the user input and the knowledge chunks retrieved by RAG are fed into a fine-tuned LLM to perform reasoning and generate QL code. By integrating external knowledge bases with the large model, the framework enhances the correctness and completeness of the generated code. Experimental results show that CQLLM significantly improves the executability of the generated QL code, with the execution success rate improving from 0.31% to 72.48%, outperforming the original model by a large margin. Meanwhile, CQLLM also enhances the effectiveness of the generated results, achieving a CWE (Common Weakness Enumeration) coverage rate of 57.4% in vulnerability detection tasks, demonstrating its practical applicability in real-world vulnerability detection. Full article

Common Weakness Enumerations (CWEs) and Common Vulnerabilities and Exposures (CVEs) are open knowledge bases that provide definitions, descriptions, and samples of code vulnerabilities. The combination of Large Language Models (LLMs) with vulnerability knowledge bases helps to enhance and automate code vulnerability repair. Several key factors come into play in this setting, including (1) the retrieval of the most relevant context to a specific vulnerable code snippet; (2) augmenting LLM prompts with the retrieved context; and (3) the generated artifact form, such as a code repair with natural language explanations or a code repair only. Artifacts produced by these factors often lack transparency and explainability regarding the rationale behind the repair. In this paper, we propose an LLM-enabled framework for explainable recommendation of vulnerable code repairs with techniques addressing each factor. Our method is data-driven, which means the data characteristics of the selected CWE and CVE datasets and the knowledge base determine the best retrieval strategies. Across 100 experiments, we observe the inadequacy of the SOTA metrics to differentiate between low-quality and irrelevant repairs. To address this limitation, we design the LLM-as-a-Judge framework to enhance the robustness of recommendation assessments. Compared to baselines from prior works, as well as using static code analysis and LLMs in zero-shot, our findings highlight that multifaceted LLMs guided by retrieval context produce explainable and reliable recommendations under a small to mild level of self-alignment bias. Our work is developed on open-source knowledge bases and models, which makes it reproducible and extensible to new datasets and retrieval strategies. Full article

Software attack surfaces define the external boundaries—entry points, communication channels, and sensitive data stores through which adversaries may compromise a system. This paper introduces a scoring mechanism that produces a normalized attack-surface metric in the range of 0–1. Building on the established Damage-Potential-to-Effort ratio, our approach further incorporates real-world vulnerability intelligence drawn from MITRE’s CVE and CWE repositories. We compute each application’s score by ingesting preliminary findings from a static-analysis tool and processing them through our unified model. To assess effectiveness, we validate the scoring system across a spectrum of scenarios, from a simple Java application to complex enterprise applications. The resulting metric offers development and security teams a concise, objective measure to monitor an application’s attack surface and hence proactively identify vulnerabilities in their applications. This tool can also be used to benchmark various third-party or dependent applications, enabling both developers and security practitioners to better manage risk. Full article

As robotic systems become more integrated into our daily lives, there is growing concern about cybersecurity. Robots used in areas such as autonomous driving, surveillance, surgery, home assistance, and industrial automation can be vulnerable to cyber-attacks, which could have serious real-world consequences. Modern robotic systems face a unique set of threats due to their evolving characteristics. This paper outlines the SESAME project’s methodology for the automated security analysis of multi-robot systems (MRS) and the production of Executable Digital Dependability Identities (EDDIs). Addressing security challenges in MRS involves overcoming complex factors such as increased connectivity, human–robot interactions, and a lack of risk awareness. The proposed methodology encompasses a detailed process, starting from system description and vulnerability identification and moving to the generation of attack trees and security EDDIs. The SESAME security methodology leverages structured repositories like Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) to identify potential vulnerabilities and associated attacks. The introduction of Template Attack Trees facilitates modeling potential attacks, helping security experts develop effective mitigation strategies. This approach not only identifies, but also connects, specific vulnerabilities to possible exploits, thereby generating comprehensive security assessments. By merging safety and security assessments, this methodology ensures the overall dependability of MRS, providing a robust framework to mitigate cyber–physical threats. Full article

Software vulnerability detection aims to proactively reduce the risk to software security and reliability. Despite advancements in deep-learning-based detection, a semantic gap still remains between learned features and human-understandable vulnerability semantics. In this paper, we present an XAI-based framework to assess program code in a graph context as feature representations and their effect on code vulnerability classification into multiple Common Weakness Enumeration (CWE) types. Our XAI framework is deep-learning-model-agnostic and programming-language-neutral. We rank the feature importance of 40 syntactic constructs for each of the top 20 distributed CWE types from three datasets in Java and C++. By means of four metrics of information retrieval, we measure the similarity of human-understandable CWE types using each CWE type’s feature contribution ranking learned from XAI methods. We observe that the subtle semantic difference between CWE types occurs after the variation in neighboring features’ contribution rankings. Our study shows that the XAI explanation results have approximately 78% Top-1 to 89% Top-5 similarity hit rates and a mean average precision of 0.70 compared with the baseline of CWE similarity identified by the open community experts. Our framework allows for code vulnerability patterns to be learned and contributing factors to be assessed at the same stage. Full article

The research presented in the paper aims at increasing the capacity to identify security weaknesses in programming languages that are less supported by specialized security analysis tools, based on the knowledge gathered from securing the popular ones, for which security experts, scanners, and labeled datasets are, in general, available. This goal is vital in reducing the overall exposure of software applications. We propose a solution to expand the capabilities of security gaps detection to downstream languages, influenced by their more popular “ancestors” from the programming languages’ evolutionary tree, using language keyword tokenization and clustering based on word embedding techniques. We show that after training a machine learning algorithm on C, C++, and Java applications developed by a community of programmers with similar behavior of writing code, we can detect, with acceptable accuracy, similar vulnerabilities in C# source code written by the same community. To achieve this, we propose a core cross-language representation of source code, optimized for security weaknesses classifiers, named CLaSCoRe. Using this method, we can achieve zero-shot vulnerability detection—in our case, without using any training data with C# source code. Full article

Common Weakness Enumeration (CWE) refers to a list of faults caused from software or hardware. The CWE includes the faults related to programming language and security. We propose a technique to detect the vulnerabilities from incorrect use of a variable in C language. There are various static/dynamic methods to detect the variable vulnerabilities. However, when analyzing the vulnerabilities, a static technique causes a lot of false alarms, meaning that there is no fault in the actual implementation. When monitoring the variable via the static analysis, there is a great overhead during execution, so its application is not easy in a real environment. In this paper, we propose a method to reduce false alarms and detect vulnerabilities by performing static analysis and dynamic verification using machine learning. Our method extracts information on variables through static analysis and detects defects through static analysis results and execution monitoring of the variables. In this process, it is determined whether the currently used variable values are valid and whether the variables are used in the correct order by learning the initial values and permissible range of the variables using machine learning techniques. We implemented our method as VVDUM (Variable Vulnerability Detector Using Machine learning). We conducted the comparative experiment with the existing static/dynamic analysis tools. As a result, compared with other tools with the rate of variable vulnerability detection between 9.17~18.5%, ours had that of 89.5%. In particular, VVDUM detects ‘defects out of the range of valid’ that are difficult to detect with existing methods, and the overhead due to defect detection is small. In addition, there were a few overheads at run time that were caused during data collection for detection of a fault. Full article

Software developers represent the bastion of application security against the overwhelming cyber-attacks which target all organizations and affect their resilience. As security weaknesses which may be introduced during the process of code writing are complex and matching different and variate skills, most applications are launched intrinsically vulnerable. We have advanced our research for a security scanner able to use automated learning techniques based on machine learning algorithms to recognize patterns of security weaknesses in source code. To make the scanner independent on the programming language, the source code is converted to a vectorial representation using natural language processing methods, which are able to retain semantical traits of the original code and at the same time to reduce the dependency on the lexical structure of the program. The security flaws detection performance is in the ranges accepted by software security professionals (recall > 0.94) even when vulnerable samples are very low represented in the dataset (e.g., less than 4% vulnerable code for a specific CWE in the dataset). No significant change or adaptation is needed to change the source code language under scrutiny. We apply this approach on detecting Common Weaknesses Enumeration (CWE) vulnerabilities in datasets provided by NIST (Test suites–NIST Software Assurance Reference Dataset). Full article

The growing use of the internet has resulted in an exponential rise in the use of web applications. Businesses, industries, financial and educational institutions, and the general populace depend on web applications. This mammoth rise in their usage has also resulted in many security issues that make these web applications vulnerable, thereby affecting the confidentiality, integrity, and availability of associated information systems. It has, therefore, become necessary to find vulnerabilities in these information system resources to guarantee information security. A publicly available web application vulnerability scanner is a computer program that assesses web application security by employing automated penetration testing techniques that reduce the time, cost, and resources required for web application penetration testing and eliminates test engineers’ dependency on human knowledge. However, these security scanners possess various weaknesses of not scanning complete web applications and generating wrong test results. Moreover, intensive research has been carried out to quantitatively enumerate web application security scanners’ results to inspect their effectiveness and limitations. However, the findings show no well-defined method or criteria available for assessing their results. In this research, we have evaluated the performance of web application vulnerability scanners by testing intentionally defined vulnerable applications and the level of their respective precision and accuracy. This was achieved by classifying the analyzed tools using the most common parameters. The evaluation is based on an extracted list of vulnerabilities from OWASP (Open Web Application Security Project). Full article

In recent decades, with the rapid development of nanotechnology, nanomaterials have been widely used in the medical field, showing great potential due to their unique physical and chemical properties including minimal size and functionalized surface characteristics. Nanomaterials such as metal nanoparticles and polymeric nanoparticles have been extensively studied in the diagnosis and treatment of diseases that seriously threaten human life and health, and are regarded to significantly improve the disadvantages of traditional diagnosis and treatment platforms, such as poor effectiveness, low sensitivity, weak security and low economy. In this review, we report and discuss the development and application of nanomaterials in the diagnosis and treatment of diseases based mainly on published research in the last five years. We first briefly introduce the improvement of several nanomaterials in imaging diagnosis and genomic sequencing. We then focus on the application of nanomaterials in the treatment of diseases, and select three diseases that people are most concerned about and that do the most harm: tumor, COVID-19 and cardiovascular diseases. First, we introduce the characteristics of nanoparticles according to the excellent effect of nanoparticles as delivery carriers of anti-tumor drugs. We then review the application of various nanoparticles in tumor therapy according to the classification of nanoparticles, and emphasize the importance of functionalization of nanomaterials. Second, COVID-19 has been the hottest issue in the health field in the past two years, and nanomaterials have also appeared in the relevant treatment. We enumerate the application of nanomaterials in various stages of viral pathogenesis according to the molecular mechanism of the complete pathway of viral infection, pathogenesis and transmission, and predict the application prospect of nanomaterials in the treatment of COVID-19. Third, aiming at the most important causes of human death, we focus on atherosclerosis, aneurysms and myocardial infarction, three of the most common and most harmful cardiovascular diseases, and prove that nanomaterials could be involved in a variety of therapeutic approaches and significantly improve the therapeutic effect in cardiovascular diseases. Therefore, we believe nanotechnology will become more widely involved in the diagnosis and treatment of diseases in the future, potentially helping to overcome bottlenecks under existing medical methods. Full article

For effective vulnerability management, vulnerability and attack information must be collected quickly and efficiently. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of common attributes and approaches employed by adversaries to exploit known weaknesses. Due to the fact that the information in these two repositories are not linked, identifying related CAPEC attack information from CVE vulnerability information is challenging. Currently, the related CAPEC-ID can be traced from the CVE-ID using Common Weakness Enumeration (CWE) in some but not all cases. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using three similarity measures: TF–IDF, Universal Sentence Encoder (USE), and Sentence-BERT (SBERT). We prepared and used 58 CVE-IDs as test input data. Then, we tested whether we could trace CAPEC-IDs related to each of the 58 CVE-IDs. Additionally, we experimentally confirm that TF–IDF is the best similarity measure, as it traced 48 of the 58 CVE-IDs to the related CAPEC-ID. Full article

Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security status and the presence of security vulnerabilities in the source code of the most popular open source IoT OSs. Through this research, three Static Analysis Tools (Cppcheck, Flawfinder and RATS) were used to examine the code of sixteen different releases of four different C/C++ IoT OSs, with 48 examinations, regarding the presence of vulnerabilities from the Common Weakness Enumeration (CWE). The examination reveals that IoT OS code still suffers from errors that lead to security vulnerabilities and increase the opportunity of security breaches. The total number of errors in IoT OSs is increasing from version to the next, while error density, i.e., errors per 1K of physical Source Lines of Code (SLOC) is decreasing chronologically for all IoT Oss, with few exceptions. The most prevalent vulnerabilities in IoT OS source code were CWE-561, CWE-398 and CWE-563 according to Cppcheck, (CWE-119!/CWE-120), CWE-120 and CWE-126 according to Flawfinder, and CWE-119, CWE-120 and CWE-134 according to RATS. Additionally, the CodeScene tool was used to investigate the development of the evolutionary properties of IoT OSs and the relationship between them and the presence of IoT OS vulnerabilities. CodeScene reveals strong positive correlation between the total number of security errors within IoT OSs and SLOC, as well as strong negative correlation between the total number of security errors and Code Health. CodeScene also indicates strong positive correlation between security error density (errors per 1K SLOC) and the presence of hotspots (frequency of code changes and code complexity), as well as strong negative correlation between security error density and the Qualitative Team Experience, which is a measure of the experience of the IoT OS developers. Full article

Ordinal patterns are the common basis of various techniques used in the study of dynamical systems and nonlinear time series analysis. The present article focusses on the computational problem of turning time series into sequences of ordinal patterns. In a first step, a numerical encoding scheme for ordinal patterns is proposed. Utilising the classical Lehmer code, it enumerates ordinal patterns by consecutive non-negative integers, starting from zero. This compact representation considerably simplifies working with ordinal patterns in the digital domain. Subsequently, three algorithms for the efficient extraction of ordinal patterns from time series are discussed, including previously published approaches that can be adapted to the Lehmer code. The respective strengths and weaknesses of those algorithms are discussed, and further substantiated by benchmark results. One of the algorithms stands out in terms of scalability: its run-time increases linearly with both the pattern order and the sequence length, while its memory footprint is practically negligible. These properties enable the study of high-dimensional pattern spaces at low computational cost. In summary, the tools described herein may improve the efficiency of virtually any ordinal pattern-based analysis method, among them quantitative measures like permutation entropy and symbolic transfer entropy, but also techniques like forbidden pattern identification. Moreover, the concepts presented may allow for putting ideas into practice that up to now had been hindered by computational burden. To enable smooth evaluation, a function library written in the C programming language, as well as language bindings and native implementations for various numerical computation environments are provided in the supplements. Full article