Yongbo Jiang, Shengnan Huang, Tao Feng, Baofeng Duan^*

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-22, 2026, DOI:10.32604/cmc.2025.069423 - 10 November 2025

Abstract In the context of modern software development characterized by increasing complexity and compressed development cycles, traditional static vulnerability detection methods face prominent challenges including high false positive rates and missed detections of complex logic due to their over-reliance on rule templates. This paper proposes a Syntax-Aware Hierarchical Attention Network (SAHAN) model, which achieves high-precision vulnerability detection through grammar-rule-driven multi-granularity code slicing and hierarchical semantic fusion mechanisms. The SAHAN model first generates Syntax Independent Units (SIUs), which slices the code based on Abstract Syntax Tree (AST) and predefined grammar rules, retaining vulnerability-sensitive contexts. Following this, through More >

Xiaohu Song¹, Zhiliang Zhu^2,*

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-19, 2026, DOI:10.32604/cmc.2025.068930 - 10 November 2025

Abstract Vulnerabilities are a known problem in modern Open Source Software (OSS). Most developers often rely on third-party libraries to accelerate feature implementation. However, these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code, posing security risks to dependent projects. Existing research addresses these challenges through Software Composition Analysis (SCA) for vulnerability detection and remediation. Nevertheless, current solutions may introduce additional issues, such as incompatibilities, dependency conflicts, and additional vulnerabilities. To address this, we propose Vulnerability Scan and Protection (), a robust solution for detection and remediation vulnerabilities in Java projects. Specifically, builds… More >

Brian Mweu^1,*, John Ndia²

Journal of Cyber Security, Vol.7, pp. 417-437, 2025, DOI:10.32604/jcs.2025.071765 - 10 October 2025

Abstract Static analysis methods are crucial in developing secure software, as they allow for the early identification of vulnerabilities before the software is executed. This systematic review follows Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) 2020 guidelines to assess static analysis techniques for software security enhancement. We systematically searched IEEE Xplore, Association for Computing Machinery (ACM) Digital Library, SpringerLink, and ScienceDirect for journal articles published between 2017 and 2025. The review examines hybrid analyses and machine learning integration to enhance vulnerability detection accuracy. Static analysis tools enable early fault detection but face persistent challenges. More >

Myoung-oh Choi¹, Mincheol Shin¹, Hyonjun Kang¹, Ka Lok Man², Mucheol Kim^1,*

CMES-Computer Modeling in Engineering & Sciences, Vol.144, No.3, pp. 3191-3212, 2025, DOI:10.32604/cmes.2025.068723 - 30 September 2025

Abstract The escalating complexity and heterogeneity of modern energy systems—particularly in smart grid and distributed energy infrastructures—has intensified the need for intelligent and scalable security vulnerability classification. To address this challenge, we propose Vulnerability2Vec, a graph-embedding-based framework designed to enhance the automated classification of security vulnerabilities that threaten energy system resilience. Vulnerability2Vec converts Common Vulnerabilities and Exposures (CVE) text explanations to semantic graphs, where nodes represent CVE IDs and key terms (nouns, verbs, and adjectives), and edges capture co-occurrence relationships. Then, it embeds the semantic graphs to a low-dimensional vector space with random-walk sampling and skip-gram More >

Nouman Ahmad^*, Changsheng Zhang

CMC-Computers, Materials & Continua, Vol.85, No.2, pp. 3321-3334, 2025, DOI:10.32604/cmc.2025.067044 - 23 September 2025

Abstract Source code vulnerabilities present significant security threats, necessitating effective detection techniques. Rigid rule-sets and pattern matching are the foundation of traditional static analysis tools, which drown developers in false positives and miss context-sensitive vulnerabilities. Large Language Models (LLMs) like BERT, in particular, are examples of artificial intelligence (AI) that exhibit promise but frequently lack transparency. In order to overcome the issues with model interpretability, this work suggests a BERT-based LLM strategy for vulnerability detection that incorporates Explainable AI (XAI) methods like SHAP and attention heatmaps. Furthermore, to ensure auditable and comprehensible choices, we present a… More >

Hoon Ko¹, Marek R. Ogiela², Libor Mesicek³, Sangheon Kim^4,*

CMC-Computers, Materials & Continua, Vol.85, No.2, pp. 2985-2997, 2025, DOI:10.32604/cmc.2025.065885 - 23 September 2025

Abstract The rapid evolution of AI-driven cybersecurity solutions has led to increasingly complex network infrastructures, which in turn increases their exposure to sophisticated threats. This study proposes a Graph Neural Network (GNN)-based feature selection strategy specifically tailored for Network Intrusion Detection Systems (NIDS). By modeling feature correlations and leveraging their topological relationships, this method addresses challenges such as feature redundancy and class imbalance. Experimental analysis using the KDDTest+ dataset demonstrates that the proposed model achieves 98.5% detection accuracy, showing notable gains in both computational efficiency and minority class detection. Compared to conventional machine learning methods, the More >

Fatima Tanveer¹, Faisal Iradat^1,*, Waseem Iqbal^2,*, Awais Ahmad³

CMC-Computers, Materials & Continua, Vol.84, No.3, pp. 4223-4257, 2025, DOI:10.32604/cmc.2025.067536 - 30 July 2025

Abstract RESTful APIs have been adopted as the standard way of developing web services, allowing for smooth communication between clients and servers. Their simplicity, scalability, and compatibility have made them crucial to modern web environments. However, the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability, confidentiality, and integrity of web services. This survey focuses exclusively on RESTful APIs, providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP. We highlight concrete threats—such as injection attacks and insecure direct object references… More >

Xi Peng, Peng Jia^*, Ximing Fan, Jiayong Liu^*

CMC-Computers, Materials & Continua, Vol.84, No.3, pp. 4601-4625, 2025, DOI:10.32604/cmc.2025.065162 - 30 July 2025

Abstract Memory leak is a common software vulnerability that can decrease the reliability of an application and, in severe cases, even cause program crashes. If there are intentionally triggerable memory leak vulnerabilities in a program, attackers can exploit these bugs to launch denial-of-service attacks or induce the program to exhibit unexpected behaviors due to low memory conditions. Existing fuzzing techniques primarily focus on improving code coverage, and specialized fuzzing techniques for individual memory-related defects like uncontrolled memory allocation do not address memory leak vulnerabilities. MemLock is the first fuzzing technique to address memory consumption vulnerabilities including… More >

Harri Renney^1,*, Isaac V Chenchiah², Maxim Nethercott¹, Rohini Paligadu¹, James Lang¹

Journal of Cyber Security, Vol.7, pp. 221-238, 2025, DOI:10.32604/jcs.2025.064958 - 14 July 2025

Abstract In recent years, the field of cybersecurity has expanded to encompass a deeper understanding of best practices, user behaviour, and the tactics, motivations, and targets of threat actors. At the same time, there is growing interest in how cyber data analytics can support informed decision-making at senior levels. Despite the broader advancements, the field still lacks a robust scientific foundation for accurately calculating cyber vulnerability risk. Consequently, vulnerabilities in hardware and software systems often remain unaddressed for extended periods, undermining the effectiveness of risk mitigation efforts. This paper seeks to address the gap in vulnerability… More >

Dong-Hyuk Shin¹, Jae-Jun Ha¹, Ieck-Chae Euom^2,*

CMES-Computer Modeling in Engineering & Sciences, Vol.143, No.3, pp. 3795-3838, 2025, DOI:10.32604/cmes.2025.066727 - 30 June 2025

Abstract The accelerated global adoption of electric vehicles (EVs) is driving significant expansion and increasing complexity within the EV charging infrastructure, consequently presenting novel and pressing cybersecurity challenges. While considerable effort has focused on preventative cybersecurity measures, a critical deficiency persists in structured methodologies for digital forensic analysis following security incidents, a gap exacerbated by system heterogeneity, distributed digital evidence, and inconsistent logging practices which hinder effective incident reconstruction and attribution. This paper addresses this critical need by proposing a novel, data-driven forensic framework tailored to the EV charging infrastructure, focusing on the systematic identification, classification,… More >