Search Results for author:
Found 11 papers, 6 papers with code
AI Code Generators for Security: Friend or Foe?
Recent advances of artificial intelligence (AI) code generators are opening new opportunities in software security research, including misuse by malicious actors.
Automating the Correctness Assessment of AI-generated Code for Security Contexts
Finally, since it is a fully automated solution that does not require any human intervention, the proposed method performs the assessment of every code snippet in ~0. 17s on average, which is definitely lower than the average time required by human analysts to manually inspect the code, based on our experience.
Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning Attacks
To address this threat, this work investigates the security of AI code generators by devising a targeted data poisoning strategy.
Enhancing Robustness of AI Offensive Code Generators via Data Augmentation
Then, we use the method to assess the robustness of three state-of-the-art code generators against the newly perturbed inputs, showing that the performance of these AI-based solutions is highly affected by perturbations in the NL descriptions.
Who Evaluates the Evaluators? On Automatic Metrics for Assessing AI-based Offensive Code Generators
The current practice uses output similarity metrics, i. e., automatic metrics that compute the textual similarity of generated code with ground-truth references.
Automatic Mapping of Unstructured Cyber Threat Intelligence: An Experimental Study
Proactive approaches to security, such as adversary emulation, leverage information about threat actors and their techniques (Cyber Threat Intelligence, CTI).
Can NMT Understand Me? Towards Perturbation-based Evaluation of NMT Models for Code Generation
Neural Machine Translation (NMT) has reached a level of maturity to be recognized as the premier method for the translation between different languages and aroused interest in different research areas, including software engineering.
Can We Generate Shellcodes via Natural Language? An Empirical Study
Writing software exploits is an important practice for offensive security analysts to investigate and prevent attacks.
Ranked #1 on
Code Generation
on Shellcode_IA32
Enhancing the Analysis of Software Failures in Cloud Computing Systems with Deep Learning
Identifying the failure modes of cloud computing systems is a difficult and time-consuming task, due to the growing complexity of such systems, and the large volume and noisiness of failure data.
Shellcode_IA32: A Dataset for Automatic Shellcode Generation
We take the first step to address the task of automatically generating shellcodes, i. e., small pieces of code used as a payload in the exploitation of a software vulnerability, starting from natural language comments.
Ranked #3 on
Code Generation
on Shellcode_IA32
Evolutionary Fuzzing of Android OS Vendor System Services
In this paper, we propose a coverage-guided fuzzing platform (Chizpurfle) based on evolutionary algorithms to test proprietary Android system services.
Software Engineering Cryptography and Security
