MAGECODE: Machine-Generated Code Detection Method Using Large Language Models by Hung Pham, Huyen Ha, van Tong, Dung Hoang, Duc Tran, Tuyen Ngoc Le

“…The model-based MGT methods often encounter difficulties when dealing with source code due to disparities in semantics compared to natural languages. …”
Get full text

Finetuning Large Language Models for Vulnerability Detection by Aleksei Shestov, Rodion Levichev, Ravil Mussabayev, Evgeny Maslov, Pavel Zadorozhny, Anton Cheshkov, Rustam Mussabayev, Alymzhan Toleu, Gulmira Tolegen, Alexander Krassovitskiy

“…This demonstrates the potential for transfer learning by finetuning large pretrained language models for specialized source code analysis tasks.…”
Get full text

Smell-ML: A Machine Learning Framework for Detecting Rarely Studied Code Smells by Esraa Hamouda, Abeer El-Korany, Soha Makady

“…Furthermore, some machine learning classification models were evaluated on a subset of the source code features while ignoring significant features during classification. …”
Get full text

Smart contract vulnerability detection method based on Bi-modal cross-attention mechanism by CHEN Jinfu, HU Xinyi, CAI Saihua, MIN Xirun

“…A specific attention mechanism was designed that simultaneously analyzed both contract source code and bytecode, achieving bidirectional mapping and complementary enhancement between high-level semantic features in source code and low-level execution flows in bytecode, thereby enriching feature representation. …”
Get full text

IMM4HT:an identification method of malicious mirror website for high-speed network traffic by Lei ZHANG, Peng ZHANG, Wei SUN, Xingdong YANG, Lichao XING

“…Aiming at the problem that some information causing harm to the network environment was transmitted through the mirror website so as to bypass the detection,an identification method of malicious mirror website for high-speed network traffic was proposed.At first,fragmented data from the traffic was extracted,and the source code of the webpage was restored.Next,a standardized processing module was utilized to improve the accuracy.Additionally,the source code of the webpage was divided into blocks,and the hash value of each block was calculated by the simhash algorithm.Therefore,the simhash value of the webpage source codes was obtained,and the similarity between the webpage source codes was calculated by the Hamming distance.The page snapshot was then taken and SIFT feature points were extracted.The perceptual hash value was obtained by clustering analysis and mapping processing.Finally,the similarity of webpages was calculated by the perceptual hash values.Experiments under real traffic show that the accuracy of the method is 93.42%,the recall rate is 90.20%,the F value is 0.92,and the processing delay is 20 μs.Through the proposed method,malicious mirror website can be effectively detected in the high-speed network traffic environment.…”
Get full text

Decoding the Source of Wealth Creation by Arpita Basak, A. Srihari Krishna

“…Especially, in the software sector where source code holds the key to wealth creation majority chose to keep it closed to mint wealth. …”
Get full text

Software Defect Prediction Based on Effective Fusion of Multiple Features by Chaozheng Zhang, Junhua Wu

“…Therefore, this paper proposes a software defect prediction model based on the effective fusion of multiple features, named DP-SSCT (Semantics, Source Code, and Tradition). The model integrates traditional features, source code features, and semantic features. …”
Get full text

Nonplanar Crack Growth Simulation of Multiple Cracks Using Finite Element Method by Yahya Ali Fageehi, Abdulnaser M. Alshoaibi

“…This analysis was performed by using the developed source code software written by Visual Fortran Language. …”
Get full text

Predicting Fluid Properties in the MUFITS Reservoir Simulator with User-Supplied Modules by Andrey Afanasyev, Ivan Utkin

“…Furthermore, we supplement the article with the source code of two simple EoS-modules that can serve as templates in other modelling and software development efforts. …”
Get full text

A Novel Approach to Automate Complex Software Modularization Using a Fact Extraction System by Muhammad Zakir Khan, Rashid Naseem, Aamir Anwar, Ijaz Ul Haq, Ahmad Alturki, Syed Sajid Ullah, Suheer A. Al-Hadhrami

“…To this goal, information extraction tools use exact approaches to extract entities and their corresponding relationships from source code. Such exact approaches extract all features, including those that are less prominent and may not be significant for modularization. …”
Get full text

A tool-supported approach to integrate cognitive indicators into the Visual Studio Code by Roger Vieira, Kleinner Farias

“…Addressing this crucial gap, CognIDE enriches VS Code by offering actionable contextual cues alongside dynamic source code. The evaluation of CognIDE, involving a survey with six industry professionals and in-depth interviews, examined its perceived utility, ease of use, and real-world applicability. …”
Get full text

An enhanced approach for automatic annotation of error codes based on Seq2edit by Jian Wang, Tao Lin, Rongsen Zhao, Huiling Zhao

“…Experimental results show that this method can fully utilize the contextual information of the source code during the automatic annotation process, leading to a significant improvement in annotation accuracy.…”
Get full text

A Fuzzing Tool Based on Automated Grammar Detection by Jia Song, Jim Alves-Foss

“…Fuzzing is a security testing technique that finds vulnerabilities automatically without accessing the source code. We built a fuzzer, called JIMA-Fuzzing, which is an effective fuzzing tool that utilizes grammar detected from sample input. …”
Get full text

Enhancing smart contract security using a code representation and GAN based methodology by Dileep Kumar Murala, Samia Loucif, K. Vara Prasada Rao, Habib Hamam

“…Synthesizing contract vector data using GANs alleviates data scarcity and facilitates source code acquisition for training our detection system. …”
Get full text

Bytecode-based approach for Ethereum smart contract classification by Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG

“…In recent years, blockchain technology has been widely used and concerned in many fields, including finance, medical care and government affairs.However, due to the immutability of smart contracts and the particularity of the operating environment, various security issues occur frequently.On the one hand, the code security problems of contract developers when writing contracts, on the other hand, there are many high-risk smart contracts in Ethereum, and ordinary users are easily attracted by the high returns provided by high-risk contracts, but they have no way to know the risks of the contracts.However, the research on smart contract security mainly focuses on code security, and there is relatively little research on the identification of contract functions.If the smart contract function can be accurately classified, it will help people better understand the behavior of smart contracts, while ensuring the ecological security of smart contracts and reducing or recovering user losses.Existing smart contract classification methods often rely on the analysis of the source code of smart contracts, but contracts released on Ethereum only mandate the deployment of bytecode, and only a very small number of contracts publish their source code.Therefore, an Ethereum smart contract classification method based on bytecode was proposed.Collect the Ethereum smart contract bytecode and the corresponding category label, and then extract the opcode frequency characteristics and control flow graph characteristics.The characteristic importance is analyzed experimentally to obtain the appropriate graph vector dimension and optimal classification model, and finally the multi-classification task of smart contract in five categories of exchange, finance, gambling, game and high risk is experimentally verified, and the F1 score of the XGBoost classifier reaches 0.913 8.Experimental results show that the algorithm can better complete the classification task of Ethereum smart contracts, and can be applied to the prediction of smart contract categories in reality.…”
Get full text

Evaluating and Securing Text-Based Java Code through Static Code Analysis by Jeong Yang, Young Lee, Amanda Fernandez, Joshua Sanchez

“…The resources include the methods of source code analysis and relevant tools, categorized bugs detected in the code, and compliant code examples with fixing the bugs. …”
Get full text

Simulation of Shock-to-Detonation Transition by OpenFOAM by Thien Xuan Dinh, Masatake Yoshida, Shuichi Ishikura

“…In addition, it is a cost-effective simulation, since the code was developed on open-source code, so massive computation can then be run without license costs.…”
Get full text

SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS by Vladislav K. Kuchmin, Grigory O. Krylov

“…The article presents a methodological approach to assessing the security of software components within the Moodle-based distance learning system using automated static source code analysis methods. The increasing importance of securing educational information systems is emphasized in light of the widespread adoption of LMS platforms that process personal and service-related data of participants in the educational process, including assessment results. …”
Get full text

Code generation system based on MDA and convolutional neural networks by Gabriel Vargas-Monroy, Daissi-Bibiana Gonzalez-Roldan, Carlos Enrique Montenegro-Marín, Alejandro-Paolo Daza-Corredor, Daniel-David Leal-Lara, Daniel-David Leal-Lara

“…The implementation of image recognition, text analysis, and neural network construction yields promising outcomes in generating source code from diagrams. Despite some challenges related to hardware limitations during the training of the neural network, the system successfully interprets the diagrams and produces artifacts using the MDA approach. …”
Get full text

Software diversification method based on binary rewriting by Benwei HE, Yunfei GUO, Yawen WANG, Qingfeng WANG, Hongchao HU

“…Software diversity is an effective defense against code-reuse attacks, but most existing software diversification technologies are based on source code.Obtaining program source code may be difficult, while binary files are challenging to disassemble accurately and distinguish between code pointers and data constants.This makes binary file diversification difficult to generate high levels of randomization entropy, and easily compromised by attackers.To overcome these challenges, a binary file oriented software diversification method was proposed based on static binary rewriting technology, namely instruction offset randomization.This method inserted NOP instructions of varying byte lengths before program instructions with a certain probability, reducing the number of unintended gadgets in the program and randomly offsetting the original instruction address.This disrupts the program’s original memory layout and increases the cost of code-reuse attacks.At the same time, an optimization strategy based on hot code was designed for this method.The execution times of basic blocks in binary files were obtained by dynamic pile insertion, so as to adjust the NOP instruction insertion probability in each basic block.The higher the execution frequency, the fewer NOP instructions were inserted into the basic block, which can ensure lower performance overhead and produce higher randomization entropy.In the experimental part, the SPEC benchmark program was used to test the optimized method from the aspects of performance overhead, gadget survival rate and file size.The results show that a 15% insertion probability achieves the best effect, with an average gadget survival rate of less than 1.49%, increasing attackers’ difficulty in reusing the same gadget attack chain.Furthermore, only a 4.1% operation overhead and 7.7% space overhead are added, maintaining high levels of security.…”
Get full text