A New Framework for Software Vulnerability Detection Based on an Advanced Computing

The detection of software vulnerabilities written in C and C++languages takes a lot of attention and interest today.This paper proposes a new framework called DrCSE to improve software vulnerability detection.It uses an intelligent computation technique based on the combination of two methods:Rebalancing data and representation learning to analyze and evaluate the code property graph(CPG)of the source code for detecting abnormal behavior of software vulnerabilities.To do that,DrCSE performs a combination of 3 main processing techniques:(i)building the source code feature profiles,(ii)rebalancing data,and(iii)contrastive learning.In which,the method(i)extracts the source code’s features based on the vertices and edges of the CPG.The method of rebalancing data has the function of supporting the training process by balancing the experimental dataset.Finally,contrastive learning techniques learn the important features of the source code by finding and pulling similar ones together while pushing the outliers away.The experiment part of this paper demonstrates the superiority of the DrCSE Framework for detecting source code security vulnerabilities using the Verum dataset.As a result,the method proposed in the article has brought a pretty good performance in all metrics,especially the Precision and Recall scores of 39.35%and 69.07%,respectively,proving the efficiency of the DrCSE Framework.It performs better than other approaches,with a 5%boost in Precision and a 5%boost in Recall.Overall,this is considered the best research result for the software vulnerability detection problem using the Verum dataset according to our survey to date.

Socio-economic vulnerability level in the Jeneberang watershed in Gowa Regency,South Sulawesi Province,Indonesia

Jeneberang watershed is vital,particularly for people living in Gowa Regency(South Sulawesi Province,Indonesia),who benefit from its many advantages.Landslides and floods occur every year in the Jeneberang watershed,so it is imperative to understand the socio-economic vulnerability of this region.This research aims to identify the vulnerability level of the Jeneberang watershed so that the government can prioritize areas with high vulnerability level and formulate effective strategies to reduce these the vulnerability.Specifically,this study was conducted in 12 districts located in the Jeneberang watershed.The primary data were collected from questionnaires completed by community members,community leaders,and various stakeholders,and the secondary data were from the Landsat satellite imagery in 2020,the Badan Push Statistic of Gowa Regency,and some governmental agencies.The socio-economic vulnerability variables were determined using the Multiple Criteria Decision Analysis(MCDA)method,and each variable was weighted and analyzed using the Geographical Information System(GIS).The study reveals that the levels of socio-economic vulnerability are affected by variables such as population density,vulnerable groups(disabled people,elderly people,and young people),road network and settlement,percentage of poor people,and productive land area in the Jeneberang watershed.Moreover,all of the 12 districts in the Jeneberang watershed are included in the medium vulnerability level,with the mean percentage of socio-economic vulnerability around 50.92%.The socio-economic vulnerability of Bajeng,Pallangga,and Somba Opu districts is categorized at high level,the socio-economic vulnerability of Bungaya,Parangloe,and Tombolo Pao districts is classified as medium level,and the remaining 6 districts(Barombong,Bontolempangan,Bontomarannu,Manuju,Parigi,and Tinggimoncong)are ranked as low socio-economic vulnerability.This study can help policy-makers to formulate strategy that contributes to the protection of biodiversity and sustainable development of the Jeneberang watershed,while improving disaster resilience and preparedness of the watershed.

Vulnerability assessment of UAV engine to laser based on improved shotline method

Laser anti-drone technology is entering the sequence of actual combat,and it is necessary to consider the vulnerability of typical functional parts of UAVs.Since the concept of"vulnerability"was proposed,a variety of analysis programs for battlefield targets to traditional weapons have been developed,but a comprehensive assessment methodology for targets'vulnerability to laser is still missing.Based on the shotline method,this paper proposes a method that equates laser beam to shotline array,an efficient vulnerability analysis program of target to laser is established by this method,and the program includes the circuit board and the wire into the vulnerability analysis category,which improves the precision of the vulnerability analysis.Taking the UAV engine part as the target of vulnerability analysis,combine with the"life-death unit method"to calculate the laser penetration rate of various materials of the UAV,and the influence of laser weapon system parameters and striking orientation on the killing probability is quantified after introducing the penetration rate into the vulnerability analysis program.The quantitative analysis method proposed in this paper has certain general expansibility,which can provide a fresh idea for the vulnerability analysis of other targets to laser.

Systematic Security Guideline Framework through Intelligently Automated Vulnerability Analysis

This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.

Understanding livelihood vulnerability:a perspective from Western Sichuan’s ethnic rural settings

To explore the livelihood status and key influencing factors of rural households in the minority areas,we collected flat data from 284 rural households in 32 villages across 12 counties of Western Sichuan from 2021 to 2022.We conducted participatory household survey on the livelihood status of the rural households and try to identify the key factors to influence their livelihood vulnerability using multiple linear regression.The results showed that:the livelihood situation of the rural households is relatively vulnerable.The vulnerability varies significantly with the income levels,education levels,and income sources.The vulnerability of farm households,categorized from low to high livelihood types,follows the sequence:non-agricultural dominant households,non-agricultural households,agricultural dominant households,and pure agricultural households.The degree of damage to the natural environment,education costs,loan opportunities,the proportion of agricultural income to annual household income,and the presence of sick people in the household have significant positive effects on the livelihood vulnerability index(LVI)of rural households;while help from relatives and friends,net income per capita,household size,household education,agricultural land area,participation in industrial organizations,number of livestock,purchase of commercial houses,drinking water source,and self-supply of food have significant negative effects.Based on the findings,we believe that local rural households operate in a complex livelihood system and recommend continuous interventions targeting key influences to provide empirical research support for areas facing similar situations.

Automated Vulnerability Detection of Blockchain Smart Contacts Based on BERT Artificial Intelligent Model

The widespread adoption of blockchain technology has led to the exploration of its numerous applications in various fields.Cryptographic algorithms and smart contracts are critical components of blockchain security.Despite the benefits of virtual currency,vulnerabilities in smart contracts have resulted in substantial losses to users.While researchers have identified these vulnerabilities and developed tools for detecting them,the accuracy of these tools is still far from satisfactory,with high false positive and false negative rates.In this paper,we propose a new method for detecting vulnerabilities in smart contracts using the BERT pre-training model,which can quickly and effectively process and detect smart contracts.More specifically,we preprocess and make symbol substitution in the contract,which can make the pre-training model better obtain contract features.We evaluate our method on four datasets and compare its performance with other deep learning models and vulnerability detection tools,demonstrating its superior accuracy.

HCRVD: A Vulnerability Detection System Based on CST-PDG Hierarchical Code Representation Learning

Prior studies have demonstrated that deep learning-based approaches can enhance the performance of source code vulnerability detection by training neural networks to learn vulnerability patterns in code representations.However,due to limitations in code representation and neural network design,the validity and practicality of the model still need to be improved.Additionally,due to differences in programming languages,most methods lack cross-language detection generality.To address these issues,in this paper,we analyze the shortcomings of previous code representations and neural networks.We propose a novel hierarchical code representation that combines Concrete Syntax Trees(CST)with Program Dependence Graphs(PDG).Furthermore,we introduce a Tree-Graph-Gated-Attention(TGGA)network based on gated recurrent units and attention mechanisms to build a Hierarchical Code Representation learning-based Vulnerability Detection(HCRVD)system.This system enables cross-language vulnerability detection at the function-level.The experiments show that HCRVD surpasses many competitors in vulnerability detection capabilities.It benefits from the hierarchical code representation learning method,and outperforms baseline in cross-language vulnerability detection by 9.772%and 11.819%in the C/C++and Java datasets,respectively.Moreover,HCRVD has certain ability to detect vulnerabilities in unknown programming languages and is useful in real open-source projects.HCRVD shows good validity,generality and practicality.

Binary Program Vulnerability Mining Based on Neural Network

Software security analysts typically only have access to the executable program and cannot directly access the source code of the program.This poses significant challenges to security analysis.While it is crucial to identify vulnerabilities in such non-source code programs,there exists a limited set of generalized tools due to the low versatility of current vulnerability mining methods.However,these tools suffer from some shortcomings.In terms of targeted fuzzing,the path searching for target points is not streamlined enough,and the completely random testing leads to an excessively large search space.Additionally,when it comes to code similarity analysis,there are issues with incomplete code feature extraction,which may result in information loss.In this paper,we propose a cross-platform and cross-architecture approach to exploit vulnerabilities using neural network obfuscation techniques.By leveraging the Angr framework,a deobfuscation technique is introduced,along with the adoption of a VEX-IR-based intermediate language conversion method.This combination allows for the unified handling of binary programs across various architectures,compilers,and compilation options.Subsequently,binary programs are processed to extract multi-level spatial features using a combination of a skip-gram model with self-attention mechanism and a bidirectional Long Short-Term Memory(LSTM)network.Finally,the graph embedding network is utilized to evaluate the similarity of program functionalities.Based on these similarity scores,a target function is determined,and symbolic execution is applied to solve the target function.The solved content serves as the initial seed for targeted fuzzing.The binary program is processed by using the de-obfuscation technique and intermediate language transformation method,and then the similarity of program functions is evaluated by using a graph embedding network,and symbolic execution is performed based on these similarity scores.This approach facilitates cross-architecture analysis of executable programs without their source codes and concurrently reduces the risk of symbolic execution path explosion.

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerability detection has become particularly important.With the popular use of neural network model,there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts.This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts.Subsequently,it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection.These tools are categorized based on their open-source status,the data format and the type of feature extraction they employ.Then we conduct a comprehensive comparative analysis of these tools,selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy.Finally,Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools,we suppose to provide a reference standard for developers of contract vulnerability detection tools.Meanwhile,forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.

Groundwater vulnerability assessment using a GIS-based DRASTIC method in the Erbil Dumpsite area (Kani Qirzhala), Central Erbil Basin, North Iraq

Groundwater vulnerability assessment is a crucial step in the efficient management of groundwater resources,especially in areas with intensive anthropogenic activities and groundwater pollution.In the present study,the DRASTIC method was applied using Geographic Information System(GIS)to delineate groundwater vulnerability zones in the Erbil Dumpsite area,Central Erbil Basin,North Iraq.Results showed that the area was classified into four vulnerability classes:Very low(16.97%),low(27.67%),moderate(36.55%)and high(18.81%).The southern,south-eastern and northern parts of the study area exhibited the highest vulnerability potential,while the central-northern,northern and north-western regions displayed the lowest vulnerability potential.Moreover,results of the single-parameter sensitivity analysis indicated that amongst the seven DRASTIC parameters,the unsaturated zone and the aquifer media were the most influencing parameters.In conclustion,the correlation of 25 nitrate concentration values with the final vulnerability map,assessed using the Pearson correlation coefficient,yielded a satisfactory result of R=0.72.

An Analysis of Liberia’s Vulnerability to Climate Change in the Context of Least Developed Countries (LDCs): A Review

Climate change is an alarming global challenge, particularly affecting the least developed countries (LDCs) including Liberia. These countries, located in regions prone to unpredictable temperature and precipitation changes, are facing significant challenges, particularly in climate-sensitive sectors such as mining and agriculture. LDCs need more resilience to adverse climate shocks but have limited capacity for adaptation compared to other developed and developing nations. This paper examines Liberia’s susceptibility to climate change as a least developed country, focusing on its exposure, sensitivity, and adaptive capacity. It provides an overview of LDCs and outlines the global distribution of carbon dioxide emissions. The paper also evaluates specific challenges that amplify Liberia’s vulnerability and constrain sustainable adaptation, providing insight into climate change’s existing and potential effects. The paper emphasizes the urgency of addressing climate impacts on Liberia and calls for concerted local and international efforts for effective and sustainable mitigation efforts. It provides recommendations for policy decisions and calls for further research on climate change mitigation and adaptation.

Security Vulnerability Analyses of Large Language Models (LLMs) through Extension of the Common Vulnerability Scoring System (CVSS) Framework

Large Language Models (LLMs) have revolutionized Generative Artificial Intelligence (GenAI) tasks, becoming an integral part of various applications in society, including text generation, translation, summarization, and more. However, their widespread usage emphasizes the critical need to enhance their security posture to ensure the integrity and reliability of their outputs and minimize harmful effects. Prompt injections and training data poisoning attacks are two of the most prominent vulnerabilities in LLMs, which could potentially lead to unpredictable and undesirable behaviors, such as biased outputs, misinformation propagation, and even malicious content generation. The Common Vulnerability Scoring System (CVSS) framework provides a standardized approach to capturing the principal characteristics of vulnerabilities, facilitating a deeper understanding of their severity within the security and AI communities. By extending the current CVSS framework, we generate scores for these vulnerabilities such that organizations can prioritize mitigation efforts, allocate resources effectively, and implement targeted security measures to defend against potential risks.

Application of Hazard Vulnerability Analysis Based on Kaiser Model in Neonatal Breast Milk Management

Objective:To analyze the existing risks in breast milk management at the neonatal department and provide corresponding countermeasures.Methods:22 risk events were identified in 7 risk links in the process of bottle-feeding of breast milk.Hazard Vulnerability Analysis based on the Kaiser model was applied to investigate and evaluate the risk events.Results:High-risk events include breast milk quality inspection,hand hygiene during collection,disinfection of collectors,cold chain management,hand hygiene during the reception,breast milk closed-loop management,and post-collection disposal.Root cause analysis of high-risk events was conducted and breast milk management strategies outside the hospital and within the neonatal department were proposed.Conclusion:Hazard Vulnerability Analysis based on the Kaiser model can identify and assess neonatal breast milk management risks effectively,which helps improve the management of neonatal breast milk.It is conducive to the safe development and promotion of bottle feeding of breast milk for neonates,ensuring the quality of medical services and the safety of children.

Critical Relation Path Aggregation-Based Industrial Control Component Exploitable Vulnerability Reasoning

With the growing discovery of exposed vulnerabilities in the Industrial Control Components(ICCs),identification of the exploitable ones is urgent for Industrial Control System(ICS)administrators to proactively forecast potential threats.However,it is not a trivial task due to the complexity of the multi-source heterogeneous data and the lack of automatic analysis methods.To address these challenges,we propose an exploitability reasoning method based on the ICC-Vulnerability Knowledge Graph(KG)in which relation paths contain abundant potential evidence to support the reasoning.The reasoning task in this work refers to determining whether a specific relation is valid between an attacker entity and a possible exploitable vulnerability entity with the help of a collective of the critical paths.The proposed method consists of three primary building blocks:KG construction,relation path representation,and query relation reasoning.A security-oriented ontology combines exploit modeling,which provides a guideline for the integration of the scattered knowledge while constructing the KG.We emphasize the role of the aggregation of the attention mechanism in representation learning and ultimate reasoning.In order to acquire a high-quality representation,the entity and relation embeddings take advantage of their local structure and related semantics.Some critical paths are assigned corresponding attentive weights and then they are aggregated for the determination of the query relation validity.In particular,similarity calculation is introduced into a critical path selection algorithm,which improves search and reasoning performance.Meanwhile,the proposed algorithm avoids redundant paths between the given pairs of entities.Experimental results show that the proposed method outperforms the state-of-the-art ones in the aspects of embedding quality and query relation reasoning accuracy.

Towards rapid and automated vulnerability classification of concrete buildings

With the overwhelming number of older reinforced concrete buildings that need to be assessed for seismic vulnerability in a city,local governments face the question of how to assess their building inventory.By leveraging engineering drawings that are stored in a digital format,a well-established method for classification reinforced concrete buildings with respect to seismic vulnerability,and machine learning techniques,we have developed a technique to automatically extract quantitative information from the drawings to classify vulnerability.Using this technique,stakeholders will be able to rapidly classify buildings according to their seismic vulnerability and have access to information they need to prioritize a large building inventory.The approach has the potential to have significant impact on our ability to rapidly make decisions related to retrofit and improvements in our communities.In the Los Angeles County alone it is estimated that several thousand buildings of this type exist.The Hassan index is adopted here as the method for automation due to its simple application during the classification of the vulnerable reinforced concrete buildings.This paper will present the technique used for automating information extraction to compute the Hassan index for a large building inventory.

Agricultural Vulnerability to Drought in China's Agro-pastoral Ecotone:A Case Study of Yulin City,Shaanxi Province

Agro-pastoral ecotone of northern China is the prominent area for agricultural production,but it is also the most typical ecological fragile area with frequent drought disasters.Taking Yulin City at Shaanxi Province in China as the case area,the paper aims to investigate the spatio-temporal changes of agricultural vulnerability to drought in China’s agro-pastoral ecotone in the period 2000 to2020.The results show that:1)the agricultural vulnerability to drought in Yulin City has shifted from high vulnerability in the period2000–2010 to low vulnerability in the period 2011–2020.2)There exist obvious spatio-temporal differences of the agricultural vulnerability to drought in Yulin City during the research period.3)Four sensitive events and 14 resilient events were identified in the research and the crops of Yulin had become more resilient to drought.Finally,the paper put forward with policy implications to make adaptive strategies of agriculture to climate change in China’s agro-pastoral ecotone in the future,e.g.,carrying out agricultural zoning based on agricultural production conditions,intensifying the construction of disaster prevention and relief system,and integrating with modern agricultural technology to develop new type agriculture.

Consortium Chain Consensus Vulnerability and Chain Generation Mechanism

Effectively identifying and preventing the threat of Byzantine nodes to the security of distributed systems is a challenge in applying consortium chains.Therefore,this paper proposes a new consortium chain generation model,deeply analyzes the vulnerability of the consortium chain consensus based on the behavior of the nodes,and points out the effects of Byzantine node proportion and node state verification on the consensus process and system security.Furthermore,the normalized verification node aggregation index that represents the consensus ability of the consortium organization and the trust evaluation function of the verification node set is derived.When either of the two is lower than the threshold,the consortium institution or the verification node set members are dynamically adjusted.On this basis,an innovative consortium chain generation mechanism based on the Asynchronous Binary Byzantine Consensus Mechanism(ABBCM)is proposed.Based on the extended consortium chain consensus mechanism,a certain consensus value set can be combined into multiple proposals,which can realize crossdomain asynchronous message passing between multi-consortium chains without reducing the system’s security.In addition,experiments are carried out under four classical Byzantine Attack(BA)behaviors,BA1 to BA4.The results show that the proposed method can obtain better delay than the classical random Byzantine consensus algorithm Coin,effectively improving the consensus efficiency based on asynchronous message passing in the consortium chain and thus meeting the throughput of most Internet of Things(IoT)applications.

Vulnerability assessment of coastal wetlands in Minjiang River Estuary based on cloud model under sea level rise

The change of coastal wetland vulnerability affects the ecological environment and the economic development of the estuary area.In the past,most of the assessment studies on the vulnerability of coastal ecosystems stayed in static qualitative research,lacking predictability,and the qualitative and quantitative relationship was not objective enough.In this study,the“Source-Pathway-Receptor-Consequence”model and the Intergovernmental Panel on Climate Change vulnerability definition were used to analyze the main impact of sea level rise caused by climate change on coastal wetland ecosystem in Minjiang River Estuary.The results show that:(1)With the increase of time and carbon emission,the area of high vulnerability and the higher vulnerability increased continuously,and the area of low vulnerability and the lower vulnerability decreased.(2)The eastern and northeastern part of the Culu Island in the Minjiang River Estuary of Fujian Province and the eastern coastal wetland of Meihua Town in Changle District are areas with high vulnerability risk.The area of high vulnerability area of coastal wetland under high emission scenario is wider than that under low emission scenario.(3)Under different sea level rise scenarios,elevation has the greatest impact on the vulnerability of coastal wetlands,and slope has less impact.The impact of sea level rise caused by climate change on the coastal wetland ecosystem in the Minjiang River Estuary is mainly manifested in the sea level rise,which changes the habitat elevation and daily flooding time of coastal wetlands,and then affects the survival and distribution of coastal wetland ecosystems.

GRATDet:Smart Contract Vulnerability Detector Based on Graph Representation and Transformer

Smart contracts have led to more efficient development in finance and healthcare,but vulnerabilities in contracts pose high risks to their future applications.The current vulnerability detection methods for contracts are either based on fixed expert rules,which are inefficient,or rely on simplistic deep learning techniques that do not fully leverage contract semantic information.Therefore,there is ample room for improvement in terms of detection precision.To solve these problems,this paper proposes a vulnerability detector based on deep learning techniques,graph representation,and Transformer,called GRATDet.The method first performs swapping,insertion,and symbolization operations for contract functions,increasing the amount of small sample data.Each line of code is then treated as a basic semantic element,and information such as control and data relationships is extracted to construct a new representation in the form of a Line Graph(LG),which shows more structural features that differ from the serialized presentation of the contract.Finally,the node information and edge information of the graph are jointly learned using an improved Transformer-GP model to extract information globally and locally,and the fused features are used for vulnerability detection.The effectiveness of the method in reentrancy vulnerability detection is verified in experiments,where the F1 score reaches 95.16%,exceeding stateof-the-art methods.

COCKPIT-PLUS:A proposed method for rapid groundwater vulnerability-driven land use zoning in tropical cockpit karst areas

Karst groundwater is highly vulnerable to contamination,which urges better land use zoning.This paper proposes a new approach,called COCKPIT-PLUS,to minimize groundwater contamination within cockpit karst regions.The method employed four parameters:P(the existence of ponor/swallow hole),L(lineament density),U(sinking stream to an underground river),and S(distance to spring/pumping site).These parameters are essential for identifying contaminant pathways and transport from the surface to the karst groundwater/springs.COCKPIT-PLUS has been developed and validated in the Gunungsewu karst in Java,Indonesia.This research considers a cockpit as a single hydrological unit that uniquely recharges karst groundwater.We analyzed 2,811 cockpits and 81 other closed depressions to develop a land use planning map.The research used the time to first arrival(Ta),time to peak(Tp),and Q_(max/min)ratio parameters of two karst springs and two underground pumping sites for validation.Cockpits with ponors/swallow holes,sinking streams,high lineament density,and short distances to springs are vulnerable to groundwater and thus must be restricted areas for any land uses.The findings show that though the COCKPIT-PLUS uses a limited karst dataset,the proposed method seems reliable enough for a rapid land-use zoning approach in cockpit karst areas.