惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
O
OpenAI News
Project Zero
Project Zero
博客园 - 聂微东
博客园 - 叶小钗
V
V2EX
S
Schneier on Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
Check Point Blog
Hugging Face - Blog
Hugging Face - Blog
L
LangChain Blog
S
Secure Thoughts
Microsoft Security Blog
Microsoft Security Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
G
GRAHAM CLULEY
Scott Helme
Scott Helme
T
The Exploit Database - CXSecurity.com
博客园 - 司徒正美
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
Simon Willison's Weblog
Simon Willison's Weblog
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
月光博客
月光博客
T
Tailwind CSS Blog
The GitHub Blog
The GitHub Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
N
Netflix TechBlog - Medium
C
Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
腾讯CDC
Blog — PlanetScale
Blog — PlanetScale
D
Docker
D
DataBreaches.Net
WordPress大学
WordPress大学
G
Google Developers Blog
美团技术团队
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
T
Tor Project blog
H
Help Net Security
罗磊的独立博客
H
Hacker News: Front Page
T
The Blog of Author Tim Ferriss
Jina AI
Jina AI
NISL@THU
NISL@THU
W
WeLiveSecurity
P
Proofpoint News Feed
AWS News Blog
AWS News Blog
MyScale Blog
MyScale Blog

cs.CR updates on arXiv.org

An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response From Privacy to Workflow Integrity: Communication-Graph Metadata in Autonomous Agent Interoperability Learn from Your Mistakes: Tree-like Self-Play for Secure Code LLMs Send a SCOUT First: Pre-hoc Reasoning for Adaptive Detector Allocation in Prompt-Injection Defense QSignAI: Quantum-Randomness-Seeded Identity Signatures at the Intersection of AI for Science and Science for AI A Standardized Ontology for Intent-Based Security Management in Autonomous Networks Code as a Weapon: A Consensus-Labeled Prompt Bank for Measuring Coding-Model Compliance with Malicious-Code Requests Cordyceps: Covert Control Attacks on LLMs via Data Poisoning SAMark: A Self-Anchored Text Watermarking with Paragraph-Level Paraphrase Robustness Mechanistic origins of catastrophic forgetting: why RL preserves circuits better than SFT? Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents Vendor-Conditioned Contrastive Learning for Predicting Organizational Cyber Threat Targets Anomaly Detection in XML-Structured SOAP Messages Using Tree-Based Association Rule Mining A Formal Calculus for International Relations Computation and Evaluation On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis Moving Target Defense for Web Applications using Bayesian Stackelberg Games A Mathematical Trust Algebra for International Nation Relations Computation and Evaluation A First Attempt to Cloud-Based User Verification in Distributed System Some Experimental Issues in Financial Fraud Detection: An Investigation Using Data Analytics to Detect Anomalous States in Vehicles On the Differential Privacy of Bayesian Inference Building and Measuring Privacy-Preserving Predictive Blacklists Novel Feature Extraction, Selection and Fusion for Effective Malware Family Classification Security Games with Ambiguous Beliefs of Agents Generating and Exploring S-Box Multivariate Quadratic Equation Systems with SageMath Private Disclosure of Information in Health Tele-monitoring Applications of Artificial Intelligence Techniques to Combating Cyber Crimes: A Review Implicit Contextual Integrity in Online Social Networks Phishing Detection in IMs using Domain Ontology and CBA - An innovative Rule Generation Approach Detecting fraudulent activity in a cloud using privacy-friendly data aggregates The Application of Differential Privacy for Rank Aggregation: Privacy and Accuracy An Evasion and Counter-Evasion Study in Malicious Websites Detection Hybrid Epidemics - A Case Study on Computer Worm Conficker A Self-Adaptive Network Protection System An Argumentation-Based Framework to Address the Attribution Problem in Cyber-Warfare Protecting Privacy through Distributed Computation in Multi-agent Decision Making Using Neural Network to Propose Solutions to Threats in Attack Patterns A Utility-Theoretic Approach to Privacy in Online Services Intrusion Detection using Continuous Time Bayesian Networks A DDoS-Aware IDS Model Based on Danger Theory and Mobile Agents Mining Malware Specifications through Static Reachability Analysis Subjective Logic Operators in Trust Assessment: an Empirical Study GOTCHA Password Hackers! On estimating total time to solve SAT in distributed computing environments: Application to the SAT@home project POMDPs Make Better Hackers: Accounting for Uncertainty in Penetration Testing Les POMDP font de meilleurs hackers: Tenir compte de l'incertitude dans les tests de penetration Automated Attack Planning Penetration Testing == POMDP Solving? Attack Planning in the Real World An Algorithm to Find Optimal Attack Paths in Nondeterministic Scenarios A Fuzzy Logic Based Certain Trust Model for E-Commerce Predicting Network Attacks Using Ontology-Driven Inference Semantic Matching of Security Policies to Support Security Experts A formalization of re-identification in terms of compatible probabilities A trust-based security mechanism for nomadic users in pervasive systems Intrusion Detection on Smartphones Obesity Heuristic, New Way On Artificial Immune Systems Secured Wireless Communication using Fuzzy Logic based High Speed Public-Key Cryptography (FLHSPKC) Mining Permission Request Patterns from Android and Facebook Applications (extended author version) Building a Chaotic Proved Neural Network Detecting Danger: The Dendritic Cell Algorithm Detecting Anomalous Process Behaviour using Second Generation Artificial Immune Systems Outrepasser les limites des techniques classiques de Prise d'Empreintes grace aux Reseaux de Neurones Building Computer Network Attacks ToLeRating UR-STD The DCA:SOMe Comparison A comparative study between two biologically-inspired algorithms Real-Time Alert Correlation with Type Graphs Performance Evaluation of DCA and SRC on a Single Bot Detection Behavioural Correlation for Detecting P2P Bots Malicious Code Execution Detection and Response Immune System inspired by the Danger Theory Integrating Real-Time Analysis With The Dendritic Cell Algorithm Through Segmentation Integrating Innate and Adaptive Immunity for Intrusion Detection Information Fusion for Anomaly Detection with the Dendritic Cell Algorithm Further Exploration of the Dendritic Cell Algorithm: Antigen Multiplier and Time Windows Detecting Bots Based on Keylogging Activities Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems Detecting Motifs in System Call Sequences Dendritic Cells for SYN Scan Detection Detecting Botnets Through Log Correlation DCA for Bot Detection Cooperative Automated Worm Response and Detection Immune Algorithm Cryptographic Implications for Artificially Mediated Games Differentially Private Empirical Risk Minimization An Immune Inspired Network Intrusion Detection System Utilising Correlation Context An Immune Inspired Approach to Anomaly Detection Hybrid Intrusion Detection and Prediction multiAgent System HIDPAS Artificial Dendritic Cells: Multi-faceted Perspectives AIS for Misbehavior Detection in Wireless Sensor Networks: Performance and Design Principles The Role of Self-Forensics in Vehicle Crash Investigations and Event Reconstruction Beyond Nash Equilibrium: Solution Concepts for the 21st Century From Qualitative to Quantitative Proofs of Security Properties Using First-Order Conditional Logic Danger Theory: The Link between AIS and IDS? Dempster-Shafer for Anomaly Detection The Danger Theory and Its Application to Artificial Immune Systems ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System Analyzing and Improving Performance of a Class of Anomaly-based Intrusion Detectors Soft Constraint Programming to Analysing Security Protocols A Method for Clustering Web Attacks Using Edit Distance Encoding a Taxonomy of Web Attacks with Different-Length Vectors
Example-Based Vulnerability Detection and Repair in Java Code
Ying Zhang</name> <arxiv:affiliation>Daphne</arxiv:affilia · 2022-03-17 · via cs.CR updates on arXiv.org

The Java libraries JCA and JSSE offer cryptographic APIs to facilitate secure coding. When developers misuse some of the APIs, their code becomes vulnerable to cyber-attacks. To eliminate such vulnerabilities, people built tools to detect security-API misuses via pattern matching. However, most tools do not (1) fix misuses or (2) allow users to extend tools' pattern sets. To overcome both limitations, we created Seader-an example-based approach to detect and repair security-API misuses. Given an exemplar <insecure, secure>code pair, Seader compares the snippets to infer any API-misuse template and corresponding fixing edit. Based on the inferred info, given a program, Seader performs inter-procedural static analysis to search for security-API misuses and to propose customized fixes. For evaluation, we applied Seader to 28 <insecure, secure> codepairs; Seader successfully inferred 21 unique API-misuse templates and related fixes. With these <vulnerability, fix> patterns, we applied SEADER to a program benchmark that has 86 known vulnerabilities. Seader detected vulnerabilities with 95% precision, 72% recall, and82% F-score. We also applied Seader to 100 open-source projects and manually checked 77 suggested repairs; 76 of the repairs were correct. Seader can help developers correctly use security APIs.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。