Rui Qiao, Shi Dong^*

CMC-Computers, Materials & Continua, Vol.77, No.2, pp. 2505-2527, 2023, DOI:10.32604/cmc.2023.043476

Abstract Effectively identifying and preventing the threat of Byzantine nodes to the security of distributed systems is a challenge in applying consortium chains. Therefore, this paper proposes a new consortium chain generation model, deeply analyzes the vulnerability of the consortium chain consensus based on the behavior of the nodes, and points out the effects of Byzantine node proportion and node state verification on the consensus process and system security. Furthermore, the normalized verification node aggregation index that represents the consensus ability of the consortium organization and the trust evaluation function of the verification node set is derived. When either of the… More >

Peng Gong^1,2,3, Wenzhong Yang^2,3,*, Liejun Wang^2,3, Fuyuan Wei^2,3, KeZiErBieKe HaiLaTi^2,3, Yuanyuan Liao^2,3

CMC-Computers, Materials & Continua, Vol.76, No.2, pp. 1439-1462, 2023, DOI:10.32604/cmc.2023.038878

Abstract Smart contracts have led to more efficient development in finance and healthcare, but vulnerabilities in contracts pose high risks to their future applications. The current vulnerability detection methods for contracts are either based on fixed expert rules, which are inefficient, or rely on simplistic deep learning techniques that do not fully leverage contract semantic information. Therefore, there is ample room for improvement in terms of detection precision. To solve these problems, this paper proposes a vulnerability detector based on deep learning techniques, graph representation, and Transformer, called GRATDet. The method first performs swapping, insertion, and symbolization operations for contract functions,… More >

So-Eun Jeon, Sun-Jin Lee, Il-Gu Lee^*

Intelligent Automation & Soft Computing, Vol.37, No.2, pp. 2407-2419, 2023, DOI:10.32604/iasc.2023.039937

Abstract With the development of the 5th generation of mobile communication (5G) networks and artificial intelligence (AI) technologies, the use of the Internet of Things (IoT) has expanded throughout industry. Although IoT networks have improved industrial productivity and convenience, they are highly dependent on nonstandard protocol stacks and open-source-based, poorly validated software, resulting in several security vulnerabilities. However, conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and computing power. This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy. Experimental results using a software… More >

Leilei Li¹, Yansong Wang², Dongjie Zhu^2,*, Xiaofang Li³, Haiwen Du⁴, Yixuan Lu², Rongning Qu³, Russell Higgs⁵

CMC-Computers, Materials & Continua, Vol.76, No.1, pp. 771-791, 2023, DOI:10.32604/cmc.2023.038268

Abstract With the rapid development of Internet technology, the issues of network asset detection and vulnerability warning have become hot topics of concern in the industry. However, most existing detection tools operate in a single-node mode and cannot parallelly process large-scale tasks, which cannot meet the current needs of the industry. To address the above issues, this paper proposes a distributed network asset detection and vulnerability warning platform (Dis-NDVW) based on distributed systems and multiple detection tools. Specifically, this paper proposes a distributed message subscription and publication system based on Zookeeper and Kafka, which endows Dis-NDVW with the ability to parallelly… More >

Nadia Trabelsi, Imen Hentati, Ibtissem Triki, Moncef Zairi

Revue Internationale de Géomatique, Vol.29, No.3, pp. 317-338, 2019, DOI:10.3166/rig.2019.00087

Abstract The Sfax phreatic system is an important source of water supply. The latter is constantly threatened by nitric pollution. In order to protect this aquifer, a study of the intrinsic vulnerability has been carried out using the SI (Susceptibility Index) method. The model takes into consideration the various vulnerability criteria governing the process of contaminant transfer. These are geological, hydrogeological, land use, topography, and meteorological factors. In this study, a method derived from the SI model is presented (modified SI). The model is based on an approach that integrates hydrological modeling under Agriflux and GIS. Indeed, the use of GIS… More >

Guangxia Xu^1,*, Lei Liu², Jingnan Dong³

CMES-Computer Modeling in Engineering & Sciences, Vol.137, No.1, pp. 903-922, 2023, DOI:10.32604/cmes.2023.026627

Abstract In recent years, with the great success of pre-trained language models, the pre-trained BERT model has been gradually applied to the field of source code understanding. However, the time cost of training a language model from zero is very high, and how to transfer the pre-trained language model to the field of smart contract vulnerability detection is a hot research direction at present. In this paper, we propose a hybrid model to detect common vulnerabilities in smart contracts based on a lightweight pre-trained language model BERT and connected to a bidirectional gate recurrent unit model. The downstream neural network adopts… More >

Kyungmin Sim, Jeong Hyun Yi, Haehyun Cho^*

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3257-3274, 2023, DOI:10.32604/cmc.2023.036695

Abstract Despite the advances in automated vulnerability detection approaches, security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems. Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage. Therefore, it is an essential task to discover unrestricted and misimplemented behaviors of a system. However, it is a daunting task for security experts to discover such vulnerabilities in advance because it is time-consuming and error-prone to analyze the whole code in detail. Also, most of the existing vulnerability… More >

Jihyeon Yu¹, Juhwan Kim¹, Youngwoo Lee¹, Fayozbek Rustamov², Joobeom Yun^1,*

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3291-3315, 2023, DOI:10.32604/cmc.2023.035835

Abstract Internet of things (IoT) devices are being increasingly used in numerous areas. However, the low priority on security and various IoT types have made these devices vulnerable to attacks. To prevent this, recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments. However, these studies focused only on major firmware architectures and rarely considered exotic firmware. In addition, because of the diversity of firmware, the emulation success rate is not high in terms of large-scale analyses. In this study, we propose the adaptive emulation framework for multi-architecture (AEMA). In… More >

Zibo Wang^1,3, Chaobin Huo², Yaofang Zhang^1,3, Shengtao Cheng^1,3, Yilu Chen^1,3, Xiaojie Wei⁵, Chao Li⁴, Bailing Wang^1,3,*

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 2957-2979, 2023, DOI:10.32604/cmc.2023.035694

Abstract With the growing discovery of exposed vulnerabilities in the Industrial Control Components (ICCs), identification of the exploitable ones is urgent for Industrial Control System (ICS) administrators to proactively forecast potential threats. However, it is not a trivial task due to the complexity of the multi-source heterogeneous data and the lack of automatic analysis methods. To address these challenges, we propose an exploitability reasoning method based on the ICC-Vulnerability Knowledge Graph (KG) in which relation paths contain abundant potential evidence to support the reasoning. The reasoning task in this work refers to determining whether a specific relation is valid between an… More >

LiangJun Deng¹, Hang Lei¹, Zheng Yang¹, WeiZhong Qian^1,*, XiaoYu Li¹, Hao Wu², Sihao Deng³, RuChao Sha¹, WeiDong Deng⁴

Computer Systems Science and Engineering, Vol.45, No.2, pp. 2155-2170, 2023, DOI:10.32604/csse.2023.027680

Abstract In order to realize a general-purpose automatic formal verification platform based on WebAssembly technology as a web service (FVPS), which aims to provide an automated report of vulnerability detections, this work builds a Hyperledger Fabric blockchain runtime model. It proposes an optimized methodology of the functional equivalent translation from source program languages to formal languages. This methodology utilizes an external application programming interface (API) table to replace the source codes in compilation, thereby pruning the part of housekeeping codes to ease code inflation. Code inflation is a significant metric in formal language translation. Namely, minor code inflation enhances verification scale… More >