Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers

no code implementations • 22 Mar 2024 • Sivana Hamer, Marcelo d'Amorim, Laurie Williams

Our findings suggest developers are under-educated on insecure code propagation from both platforms, as we found 274 unique vulnerabilities and 25 types of CWE.

Shifting the Lens: Detecting Malware in npm Ecosystem with Large Language Models

no code implementations • 18 Mar 2024 • Nusrat Zahan, Philipp Burckhardt, Mikola Lysenko, Feross Aboukhadijeh, Laurie Williams

Our baseline comparison demonstrates a notable improvement over static analysis in precision scores above 25% and F1 scores above 15%.

Malware Detection

Mining Temporal Attack Patterns from Cyberthreat Intelligence Reports

no code implementations • 3 Jan 2024 • Md Rayhanur Rahman, Brandon Wroblewski, Quinn Matthews, Brantley Morgan, Tim Menzies, Laurie Williams

The goal of this paper is to aid security practitioners in prioritizing and proactive defense against cyberattacks by mining temporal attack patterns from cyberthreat intelligence reports.

From Threat Reports to Continuous Threat Intelligence: A Comparison of Attack Technique Extraction Methods from Textual Artifacts

no code implementations • 5 Oct 2022 • Md Rayhanur Rahman, Laurie Williams

\textit{The goal of this study is to aid cybersecurity researchers and practitioners choose attack technique extraction methods for monitoring and sharing threat intelligence by comparing the underlying methods from the TTP extraction studies in the literature.}

Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue

no code implementations • 22 Mar 2022 • Rui Shu, Tianpei Xia, Laurie Williams, Tim Menzies

Conclusion: Based on this study, we would suggest the use of optimized GANs as an alternative method for security vulnerability data class imbalanced issues.

Bayesian Optimization

What are the attackers doing now? Automating cyber threat intelligence extraction from text on pace with the changing threat landscape: A survey

no code implementations • 14 Sep 2021 • Md Rayhanur Rahman, Rezvan Mahdavi-Hezaveh, Laurie Williams

Cybersecurity researchers have contributed to the automated extraction of CTI from textual sources, such as threat reports and online articles, where cyberattack strategies, procedures, and tools are described.

Decision Making Dependency Parsing +3

Omni: Automated Ensemble with Unexpected Models against Adversarial Evasion Attack

no code implementations • 23 Nov 2020 • Rui Shu, Tianpei Xia, Laurie Williams, Tim Menzies

Conclusion: When employing ensemble defense against adversarial evasion attacks, we suggest creating an ensemble with unexpected models that are distant from the attacker's expected model (i. e., target model) through methods such as hyperparameter optimization.

BIG-bench Machine Learning Ensemble Learning +2

How to Better Distinguish Security Bug Reports (using Dual Hyperparameter Optimization

no code implementations • 4 Nov 2019 • Rui Shu, Tianpei Xia, Jianfeng Chen, Laurie Williams, Tim Menzies

For example, in a study of security bug reports from the Chromium dataset, the median recalls of FARSEC and Swift were 15. 7% and 77. 4%, respectively.

Software Engineering

Security Smells in Infrastructure as Code Scripts

1 code implementation • 16 Jul 2019 • Akond Rahman, Md. Rayhanur Rahman, Chris Parnin, Laurie Williams

We observe agreement for 130 of the responded 187 bug reports, which suggests the relevance of security smells for IaC scripts amongst practitioners.

Cryptography and Security Software Engineering