Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced commercial security tools automatically screen Java programs to detect misuses. To compare their accuracy guarantees, we develop two comprehensive benchmarks named CryptoAPI-Bench ApacheCryptoAPI-Bench. consists 181 unit test cases co...

vulnerability and contamination risk assessment is of great importance in karst aquifer management. because of vastness of karst in zagros, natural conditions and human activity within the region of aquifer, pollution emission has become one of the most important challenges in front of zagros aquifers. the purpose of this study is to assess marab aquifer vulnerability, using riske model and, de...

according to non-existence of accurate inspection tools on various steps of design and construction of buildings in the past, also due to any change in function of some structures and finally of seismic activities of residential regions of the country, vulnerability assessment of existing structures is necessary. evaluation of vulnerability of the structures is classified in two categories, qua...

The vulnerability of collaborative recommender systems has been well established; particularly to reverse-engineered attacks designed to bias the system in an attacker’s favor. Recent research has begun to examine detection schemes to recognize and defeat the effects of known attack models. In this paper we propose several techniques an attacker might use to modify an attack to avoid detection,...

Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker’s goals. This work proposes an a...

Since the DARPA Intrusion Detection Evaluation Data Set [2] was made available in 1998, and then updated in 1999 and 2000, it seems that no other significant freely available data sets have been provided to allow benchmarking of Intrusion Detection Systems (IDS). Even if those traffic traces are still used by the security research community, they have not been updated since. The absence of addi...

if we think of the graph as modeling a network, the vulnerability measure the resistance of the network to disruption of operation after the failure of certain stations or communication links. many graph theoretical parameters have been used to describe the vulnerability of communication networks, including connectivity, integrity, toughness, binding number and tenacity.in this paper we discuss...

Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed...

Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be expl...

The focus of this paper is to give an overview of current vulnerability scanner (VS) products and to provide ideas for future improvements. Since each VS product available on the software market today is developed by a separate vendor, there are significant differences in these VS products. VS products differ extensively from each other. The main differences between state of the art VS products...