AI-Based Software Vulnerability Detection: a Systematic Literature Review

Software vulnerabilities in source code pose serious cybersecurity risks, prompting a shift from traditional detection methods e.g., static analysis, rule-based matching to AI-driven approaches. This study presents a systematic review of software vulnerability detection SVD research from 2018 to...

Empirical Quantification of Spurious Correlations in Malware Detection

End-to-end deep learning exhibits unmatched performance for detecting malware, but such an achievement is reached by exploiting spurious correlations -- features with high relevance at inference time, but known to be useless through domain knowledge. While previous work highlighted that deep...

ContextBuddy: AI-Enhanced Contextual Insights for Security Alert Investigation (Applied to Intrusion Detection)

Modern Security Operations Centres SOCs integrate diverse tools, such as SIEM, IDS, and XDR systems, offering rich contextual data, including alert enrichments, flow features, and similar case histories. Yet, analysts must still manually determine which of these contextual cues are most relevant...

Mono: Is Your "Clean" Vulnerability Dataset Really Solvable? Exposing and Trapping Undecidable Patches and Beyond

The quantity and quality of vulnerability datasets are essential for developing deep learning solutions to vulnerability-related tasks. Due to the limited availability of vulnerabilities, a common approach to building such datasets is analyzing security patches in source code. However, existing...

LLMs Caught in the Crossfire: Malware Requests and Jailbreak Challenges

The widespread adoption of Large Language Models LLMs has heightened concerns about their security, particularly their vulnerability to jailbreak attacks that leverage crafted prompts to generate malicious outputs. While prior research has been conducted on general security capabilities of LLMs,...

Profiling Electric Vehicles Via Early Charging Voltage Patterns

Electric Vehicles EVs are rapidly gaining adoption as a sustainable alternative to fuel-powered vehicles, making secure charging infrastructure essential. Despite traditional authentication protocols, recent results showed that attackers may steal energy through tailored relay attacks. One...

Towards Generalized Source Tracing for Codec-Based Deepfake Speech

Recent attempts at source tracing for codec-based deepfake speech CodecFake, generated by neural audio codec-based speech generation CoSG models, have exhibited suboptimal performance. However, how to train source tracing models using simulated CoSG data while maintaining strong performance on re...

STAMP Your Content: Proving Dataset Membership Via Watermarked Rephrasings

Given how large parts of publicly available text are crawled to pretrain large language models LLMs, data creators increasingly worry about the inclusion of their proprietary data for model training without attribution or licensing. Their concerns are also shared by benchmark curators whose...

CVE-2025-4966

The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hkdatasetresults function. This makes it possible for unauthenticated attackers to inject malicious web script...

Obfuscation-Resilient Binary Code Similarity Analysis Using Dominance Enhanced Semantic Graph

Binary code similarity analysis BCSA serves as a core technique for binary analysis tasks such as vulnerability detection. While current graph-based BCSA approaches capture substantial semantics and show strong performance, their performance suffers under code obfuscation due to the unstable...

Rethinking Machine Unlearning in Image Generation Models

With the surge and widespread application of image generation models, data privacy and content safety have become major concerns and attracted great attention from users, service providers, and policymakers. Machine unlearning MU is recognized as a cost-effective and promising means to address...

EMBER2024 -- a Benchmark Dataset for Holistic Evaluation of Malware Classifiers

A lack of accessible data has historically restricted malware analysis research, and practitioners have relied heavily on datasets provided by industry sources to advance. Existing public datasets are limited by narrow scope - most include files targeting a single platform, have labels supporting...

Sentinel: SOTA Model to Protect against Prompt Injections

Large Language Models LLMs are increasingly powerful but remain vulnerable to prompt injection attacks, where malicious inputs cause the model to deviate from its intended instructions. This paper introduces Sentinel, a novel detection model, qualifire/prompt-injection-sentinel, based on the...

Incentivizing Collaborative Breach Detection

Decoy passwords, or "honeywords," alert a site to its breach if they are ever entered in a login attempt on that site. However, an attacker can identify a user-chosen password from among the decoys, without risk of alerting the site to its breach, by performing credential stuffing, i.e., entering...

Data Flows in You: Benchmarking and Improving Static Data-Flow Analysis on Binary Executables

Data-flow analysis is a critical component of security research. Theoretically, accurate data-flow analysis in binary executables is an undecidable problem, due to complexities of binary code. Practically, many binary analysis engines offer some data-flow analysis capability, but we lack...

Shadow Defense against Gradient Inversion Attack in Federated Learning

Federated learning FL has emerged as a transformative framework for privacy-preserving distributed training, allowing clients to collaboratively train a global model without sharing their local data. This is especially crucial in sensitive fields like healthcare, where protecting patient data is...

Adversarial Machine Learning for Robust Password Strength Estimation

Passwords remain one of the most common methods for securing sensitive data in the digital age. However, weak password choices continue to pose significant risks to data security and privacy. This study aims to solve the problem by focusing on developing robust password strength estimation models...

Hunting the Ghost: Towards Automatic Mining of IoT Hidden Services

In this paper, we proposes an automatic firmware analysis tool targeting at finding hidden services that may be potentially harmful to the IoT devices. Our approach uses static analysis and symbolic execution to search and filter services that are transparent to normal users but explicit to...

VulBinLLM: LLM-Powered Vulnerability Detection for Stripped Binaries

Recognizing vulnerabilities in stripped binary files presents a significant challenge in software security. Although some progress has been made in generating human-readable information from decompiled binary files with Large Language Models LLMs, effectively and scalably detecting vulnerabilitie...

Uncovering Black-Hat SEO Based Fake E-Commerce Scam Groups from Their Redirectors and Websites

While law enforcements agencies and cybercrime researchers are working hard, fake E-commerce scam is still a big threat to Internet users. One of the major techniques to victimize users is luring them by black-hat search-engine-optimization SEO; making search engines display their lure pages as i...