Abdulaziz Alhumam^*

CMC-Computers, Materials & Continua, Vol.73, No.1, pp. 1463-1482, 2022, DOI:10.32604/cmc.2022.029473

Abstract The most resource-intensive and laborious part of debugging is finding the exact location of the fault from the more significant number of code snippets. Plenty of machine intelligence models has offered the effective localization of defects. Some models can precisely locate the faulty with more than 95% accuracy, resulting in demand for trustworthy models in fault localization. Confidence and trustworthiness within machine intelligence-based software models can only be achieved via explainable artificial intelligence in Fault Localization (XFL). The current study presents a model for generating counterfactual interpretations for the fault localization model's decisions. Neural system approximations and disseminated presentation of… More >

Qingbing Ji^1,2,*, Zhihong Rao^1,2, Lvlin Ni², Wei Zhao², Jing Fu³

CMC-Computers, Materials & Continua, Vol.73, No.1, pp. 817-829, 2022, DOI:10.32604/cmc.2022.026949

Abstract MEGA is an end-to-end encrypted cloud storage platform controlled by users. Moreover, the communication between MEGA client and server is carried out under the protection of Transport Layer Security (TLS) encryption, it is difficult to intercept the key data packets in the process of MEGA registration, login, file data upload, and download. These characteristics of MEGA have brought great difficulties to its forensics. This paper presents a method to attack MEGA to provide an effective method for MEGA’s forensics. By debugging the open-source code of MEGA and analyzing the security white paper published, this paper first clarifies the encryption mechanism… More >

Yingchao Yu^*, Shuitao Gan, Xiaojun Qin

Journal on Internet of Things, Vol.4, No.1, pp. 1-20, 2022, DOI:10.32604/jiot.2022.019469

Abstract In recent years, with the development of the natural language processing (NLP) technologies, security analyst began to use NLP directly on assembly codes which were disassembled from binary executables in order to examine binary similarity, achieved great progress. However, we found that the existing frameworks often ignored the complex internal structure of instructions and didn’t fully consider the long-term dependencies of instructions. In this paper, we propose firmVulSeeker—a vulnerability search tool for embedded firmware images, based on BERT and Siamese network. It first builds a BERT MLM task to observe and learn the semantics of different instructions in their context… More >

Wenjing Wang¹, Tengteng Zhao¹, Xiaolong Li^1,*, Lei Huang¹, Wei Zhang¹, Hui Guo²

Journal of Cyber Security, Vol.4, No.1, pp. 1-15, 2022, DOI:10.32604/jcs.2022.026816

Abstract At present, the network security situation is becoming more and more serious. Malicious network attacks such as computer viruses, Trojans and hacker attacks are becoming more and more rampant. National and group network attacks such as network information war and network terrorism have a serious damage to the production and life of the whole society. At the same time, with the rapid development of Internet of Things and the arrival of 5G era, IoT devices as an important part of industrial Internet system, have become an important target of infiltration attacks by hostile forces. This paper describes the challenges facing… More >

Hang He^1,*, Wanggen Liu¹, Zhenhan Zhao¹, Shan He¹, Jinghui Zhang²

Computer Systems Science and Engineering, Vol.43, No.2, pp. 643-655, 2022, DOI:10.32604/csse.2022.027211

Abstract To enhance the accuracy of performance analysis of regional airline network, this study applies complex network theory and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithm to investigate the topology of regional airline network, constructs node importance index system, and clusters 161 airport nodes of regional airline network. Besides, entropy power method and approximating ideal solution method (TOPSIS) is applied to comprehensively evaluate the importance of airport nodes and complete the classification of nodes and identification of key points; adopt network efficiency, maximum connectivity subgraph and network connectivity as vulnerability measurement indexes, and observe the changes of vulnerability indexes… More >

Navneet Bhatt¹, Jasmine Kaur², Adarsh Anand², Omar H. Alhazmi^3,*

CMC-Computers, Materials & Continua, Vol.72, No.2, pp. 3613-3629, 2022, DOI:10.32604/cmc.2022.026554

Abstract Software developers endeavor to build their products with the least number of bugs. Despite this, many vulnerabilities are detected in software that threatens its integrity. Various automated software i.e., vulnerability scanners, are available in the market which helps detect and manage vulnerabilities in a computer, application, or a network. Hence, the choice of an appropriate vulnerability scanner is crucial to ensure efficient vulnerability management. The current work serves a dual purpose, first, to identify the key factors which affect the vulnerability discovery process in a network. The second, is to rank the popular vulnerability scanners based on the identified attributes.… More >

Pengzhi Xu^1,2, Zetian Mai^1,2, Yuhao Lin¹, Zhen Guo^1,2,*, Victor S. Sheng³

Journal of Information Hiding and Privacy Protection, Vol.3, No.4, pp. 165-179, 2021, DOI:10.32604/jihpp.2021.027280

Abstract With the increase of software complexity, the security threats faced by the software are also increasing day by day. So people pay more and more attention to the mining of software vulnerabilities. Although source code has rich semantics and strong comprehensibility, source code vulnerability mining has been widely used and has achieved significant development. However, due to the protection of commercial interests and intellectual property rights, it is difficult to obtain source code. Therefore, the research on the vulnerability mining technology of binary code has strong practical value. Based on the investigation of related technologies, this article firstly introduces the… More >

Thien-Phuc Doan, Souhwan Jung^*

CMC-Computers, Materials & Continua, Vol.72, No.1, pp. 1699-1711, 2022, DOI:10.32604/cmc.2022.025096

Abstract Container technology plays an essential role in many Information and Communications Technology (ICT) systems. However, containers face a diversity of threats caused by vulnerable packages within container images. Previous vulnerability scanning solutions for container images are inadequate. These solutions entirely depend on the information extracted from package managers. As a result, packages installed directly from the source code compilation, or packages downloaded from the repository, etc., are ignored. We introduce DAVS–A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing solutions. DAVS performs static analysis using file extraction based on Dockerfile information to… More >

Adnan Alam Khan^1,2,*, Qamar-ul-Arfeen¹

Journal of Cyber Security, Vol.3, No.4, pp. 201-205, 2021, DOI:10.32604/jcs.2021.024614

Abstract Technology is expanding like a mushroom, there are various benefits of technology, in contrary users are facing serious losses by this technology. Furthermore, people lost their lives, their loved ones, brain-related diseases, etc. The industry is eager to get one technology that can secure their finance-related matters, personal videos or pictures, precious contact numbers, and their current location. Things are going worst because every software has some sort of legacy, deficiency, and shortcomings through which exploiters gain access to any software. There are various ways to get illegitimate access but on the top is Linux Kali with QRLjacker by user… More >

Mamoona Humayun¹, NZ Jhanjhi^2,*, Maram Fahhad Almufareh¹, Muhammad Ibrahim Khalil³

CMC-Computers, Materials & Continua, Vol.71, No.3, pp. 5039-5059, 2022, DOI:10.32604/cmc.2022.019289

Abstract Security is critical to the success of software, particularly in today's fast-paced, technology-driven environment. It ensures that data, code, and services maintain their CIA (Confidentiality, Integrity, and Availability). This is only possible if security is taken into account at all stages of the SDLC (Software Development Life Cycle). Various approaches to software quality have been developed, such as CMMI (Capability maturity model integration). However, there exists no explicit solution for incorporating security into all phases of SDLC. One of the major causes of pervasive vulnerabilities is a failure to prioritize security. Even the most proactive companies use the “patch and… More >