|
ИСТИНА |
Войти в систему Регистрация |
ИСТИНА ПсковГУ |
||
Accurate code fragment clone detection and its application in identifying known CVE clonesстатья
Информация о цитировании статьи получена из
Scopus
Статья опубликована в журнале из списка Web of Science и/или Scopus
Дата последнего поиска статьи во внешних источниках: 28 мая 2025 г.
- Авторы: Arutunian Mariam, Sargsyan Sevak, Hovhannisyan Hripsime, Khroyan Garnik, Mkrtchyan Albert, Movsisyan Hovhannes, Avetisyan Arutyun, Aslanyan Hayk
- Журнал: International Journal of Information Security
- Том: 24
- Номер: 1
- Год издания: 2025
- Издательство: Springer Verlag
- Местоположение издательства: Germany
- Номер статьи: 55
- DOI: 10.1007/s10207-024-00968-z
- Аннотация: This article presents a novel method for detecting copied code fragments called clones, which is then utilized to identify known common vulnerabilities and exposures copies. The proposed method is versatile and applicable to both source and binary code. It overcomes the limitations of existing tools that typically focus on detecting entire function clones and specializing in either source or binary code, but not both. The method outputs all the detected clones by comparing the provided code fragment against the target project. It employs program dependence graphs—a data structure that unifies data and control dependencies for the function to achieve high accuracy. Experimental evaluations of real-world projects and benchmarks demonstrate the high precision of the proposed method. Furthermore, we successfully applied this method to detect clones of known common vulnerabilities and exposures in source code and uncovered vulnerabilities in actual software. The detected vulnerabilities were confirmed by the community, validating the effectiveness of the proposed method.
- Добавил в систему: Аветисян Арутюн Ишханович