Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study

Automated detection of vulnerability-fixing commits VFCs is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection...

ACIArena: Toward Unified Evaluation for Agent Cascading Injection

Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...

SoK: Harmonizing Attack Graphs and Intrusion Detection Systems

Detecting and responding to cyber attacks is increasingly difficult as high-volume, complex network traffic allows threats to remain concealed. While Intrusion Detection Systems IDSs identify anomalous behavior, Attack Graphs AGs serve as the primary threat model for analyzing attacker strategies...

A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection

Cryptographic digests e.g., MD5, SHA-256 are designed to provide exact identity. Any single-bit change in the input produces a completely different hash, which is ideal for integrity verification but limits their usefulness in many real-world tasks like threat hunting, malware analysis and digita...

SoK: Security Evaluation of Wi-Fi CSI Biometrics: Attacks, Metrics, and Systemic Weaknesses

Wi-Fi Channel State Information CSI has been repeatedly proposed as a biometric modality, often with reports of high accuracy and operational feasibility. However, the field lacks a consolidated understanding of its security properties, adversarial resilience, and methodological consistency. This...

MUBox: a Critical Evaluation Framework of Deep Machine Unlearning

Recent legal frameworks have mandated the right to be forgotten, obligating the removal of specific data upon user requests. Machine Unlearning has emerged as a promising solution by selectively removing learned information from machine learning models. This paper presents MUBox, a comprehensive...

Fine-Grained Manipulation Attacks to Local Differential Privacy Protocols for Data Streams

Local Differential Privacy LDP enables massive data collection and analysis while protecting end users' privacy against untrusted aggregators. It has been applied to various data types e.g., categorical, numerical, and graph data and application settings e.g., static and streaming. Recent finding...

编号撤回

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. This CVE number has been withdrawn...