Cyber threat intelligence mining for proactive cybersecurity defense: a survey and new perspectives
Today's cyber attacks have become more severe and frequent, which calls for a new line of
security defenses to protect against them. The dynamic nature of new-generation threats …
security defenses to protect against them. The dynamic nature of new-generation threats …
Survey of software vulnerability mining methods based on machine learning
李韵, 黄辰林, 王中锋, 袁露, 王晓川 - Journal of Software, 2020 - jos.org.cn
软件复杂性的增加给软件安全性带来极大的挑战. 随着软件规模不断增大以及漏洞形态多样化,
传统漏洞挖掘方法由于存在高误报率和高漏报率的问题, 已无法满足复杂软件的安全性分析需求 …
传统漏洞挖掘方法由于存在高误报率和高漏报率的问题, 已无法满足复杂软件的安全性分析需求 …
Burglars' iot paradise: Understanding and mitigating security risks of general messaging protocols on iot clouds
With the increasing popularity of the Internet of Things (IoT), many IoT cloud platforms have
emerged to help the IoT manufacturers connect their devices to their users. Serving the …
emerged to help the IoT manufacturers connect their devices to their users. Serving the …
Shattered Chain of Trust: Understanding Security Risks in {Cross-Cloud}{IoT} Access Delegation
IoT clouds facilitate the communication between IoT devices and users, and authorize users'
access to their devices. In this paradigm, an IoT device is usually managed under a …
access to their devices. In this paradigm, an IoT device is usually managed under a …
基于机器学习的软件漏洞挖掘方法综述
李韵, 黄辰林, 王中锋, 袁露, 王晓川 - 软件学报, 2020 - jos.org.cn
软件复杂性的增加给软件安全性带来极大的挑战. 随着软件规模不断增大以及漏洞形态多样化,
传统漏洞挖掘方法由于存在高误报率和高漏报率的问题, 已无法满足复杂软件的安全性分析需求 …
传统漏洞挖掘方法由于存在高误报率和高漏报率的问题, 已无法满足复杂软件的安全性分析需求 …
Automated attack synthesis by extracting finite state machines from protocol specification documents
Automated attack discovery techniques, such as attacker synthesis or model-based fuzzing,
provide powerful ways to ensure network protocols operate correctly and securely. Such …
provide powerful ways to ensure network protocols operate correctly and securely. Such …
Sherlock on Specs: Building {LTE} Conformance Tests through Automated Reasoning
Conformance tests are critical for finding security weaknesses in carrier network systems.
However, building a conformance test procedure from specifications is challenging, as …
However, building a conformance test procedure from specifications is challenging, as …
Rtfm! automatic assumption discovery and verification derivation from library document for api misuse detection
To use library APIs, a developer is supposed to follow guidance and respect some
constraints, which we call integration assumptions (IAs). Violations of these assumptions can …
constraints, which we call integration assumptions (IAs). Violations of these assumptions can …
{TLS-Anvil}: Adapting Combinatorial Testing for {TLS} Libraries
Although the newest versions of TLS are considered secure, flawed implementations may
undermine the promised security properties. Such implementation flaws result from the TLS …
undermine the promised security properties. Such implementation flaws result from the TLS …
Detecting and Measuring Misconfigured Manifests in Android Apps
The manifest file of an Android app is crucial for app security as it declares sensitive app
configurations, such as access permissions required to access app components …
configurations, such as access permissions required to access app components …