Breast cancer is very popular between females all over the world. However, detecting this in its first stages helps saving lives. Radiologists can predict if mammography images have or not, but they may miss about 15% of them. In paper, we propose a new method to detect breast with high accuracy. This consists two main parts, part image processing techniques are used prepare for feature and pattern extraction process. The second presented by utilizing extracted features as an input types...

Internet-of-Things IoT devices are increasingly targeted Uy adversaries due to their unique characteristics such as constant online connection, lack of protection, and full integration in people's daily life. As attackers shift targets towards devices, malware has been developed compromise equipped with different CPU architectures. While detection a well-studied area for desktop PCs, heterogeneous processor architecture brings challenges. Existing approaches utilize static or dynamic binary...

The ubiquity of Internet Things (IoT) and our growing reliance on IoT apps are leaving us more vulnerable to safety security threats than ever before. Many these manifested at the interaction level, where undesired or malicious coordinations between physical devices can lead intricate issues. This paper presents IoTCOM, an approach automatically discover such hidden unsafe in a compositional scalable fashion. It is backed with auto-mated program analysis formally rigorous violation detection...

Automatic Program Repair (APR) has garnered significant attention as a practical research domain focused on automatically fixing bugs in programs. While existing APR techniques primarily target imperative programming languages like C and Java, there is growing need for effective solutions applicable to declarative software specification languages. This paper presents systematic investigation into the capacity of Large Language Models (LLMs) repairing specifications Alloy, formal language...

A large and rapidly increasing number of services are offered through the Internet, in cloud. This enables users to utilize remotely, without even knowing service provider. However, before putting their trust a provider, need be able evaluate how trustworthy is. can daunting task, as many factors considered analyzed. The current paper aims at helping selection provider by presenting taxonomy outlining its application practical scenarios. brief description framework built on this is also given.

Today's software is bloated with both code and features that are not used by most users. This bloat prevalent across the entire stack, from operating systems applications to containers. Containers lightweight virtualization technologies package dependencies, providing portable, reproducible isolated environments. For their ease of use, data scientists often utilize machine learning containers simplify workflow. However, this convenience comes at a cost: unnecessary resulting in very large...

Due to the growing presence of Internet Things (IoT) apps and devices in smart homes cities, there are more concerns about their security privacy risks. IoT normally interact with each other physical world offer utility users. In this paper, we investigate safety risks brought by interactive behaviors apps. Two major challenges ensue identifying interaction threats: i) how discover threats across both cyber channels; ii) ensure scalability detection approach. To address these challenges,...

Android inter-app communication (IAC) allows apps to request functionalities from other apps, which has been extensively used provide a better user experience. However, IAC also become an enticing target by attackers launch malicious activities. Dynamic class loading (DCL) and reflection are effective features enhance the functionality of apps. In this paper, we expose new attack that leverages these in conjunction with conceal attacks ability bypass existing security mechanisms. To...

Program debloating aims to enhance the performance and reduce attack surface of bloated applications. Several techniques have been recently proposed specialize programs. These approaches are either based on unsound strategies or demanding techniques, leading unsafe results a high-overhead process. In this paper, we address these limitations by applying partial-evaluation principles generate specialized Our approach relies simple observation that an application typically consists...

Today's software is bloated with both code and features that are not used by most users. This bloat prevalent across the entire stack, from operating systems applications to containers. Containers lightweight virtualization technologies package dependencies, providing portable, reproducible isolated environments. For their ease of use, data scientists often utilize machine learning containers simplify workflow. However, this convenience comes at a cost: unnecessary resulting in very large...

Security is considered a significant deficiency in cloud computing, and insider threats problem exacerbate security concerns the cloud. In addition to that, computing very complex by itself, because it encompasses numerous technologies concepts. Apparently, overcoming these challenges requires substantial efforts from information researchers develop powerful mitigation solutions for this emerging problem. This entails developing taxonomy of environments encompassing all potential abnormal...

Java reflection and dynamic class loading (DCL) are effective features for enhancing the functionalities of Android apps. However, these can be abused by sophisticated malware to bypass detection schemes. Advanced utilize DCL in conjunction with Inter-App Communication (IAC) launch collusion attacks using two or more Such dynamically revealed malicious behaviors enable a new type stealthy, collusive attacks, bypassing all existing mechanisms. In this paper, we present DINA, novel hybrid...

Developers often make mistakes while incorporating SSL/TLS functionality in their applications due to the complication implementing and fast prototyping requirement. Insecure implementations of are subject different types Man The Middle (MiTM) attacks, which ultimately makes communication between two parties vulnerable eavesdropping hijacking thereby violating confidentiality integrity exchanged information. This paper aims support developers detecting insecure implementation codes by...

The rising popularity of the Internet-of-Things (IoT) devices has driven their increasing adoption in various settings, such as modern homes. IoT systems integrate physical with third-party apps, which can coordinate arbitrary ways. However, malicious or undesired coordination lead to serious vulnerabilities. This paper explores two different ways, i.e., a commonly-used state-based approach and holistic, rule-based approach, formally model app safety security thereof context platforms. less...

With the advent of Advanced Persistent Threats (APTs) and exploits such as Eurograbber, we can no longer trust user's PC or mobile phone to be honest in their transactions with banks. This paper reviews current state art protecting PCs from malware APTs that modify banking transactions, identifies strengths weaknesses. It then proposes an enhanced USB device based on speech vision. User trials a software prototype show is both user friendly users are less susceptible accepting subtly...

Managing software dependencies is a crucial maintenance task in development and becoming rapidly growing research field, especially light of the significant increase supply chain attacks. Specialized expertise substantial developer effort are required to fully comprehend reveal hidden properties about (e.g., number dependencies, dependency chains, depth dependencies). Recent advancements Large Language Models (LLMs) allow retrieval information from various data sources for response...

Today's software is bloated with both code and features that are not used by most users. This bloat prevalent across the entire stack, from operating systems applications to containers. Containers lightweight virtualization technologies package dependencies, providing portable, reproducible isolated environments. For their ease of use, data scientists often utilize machine learning containers simplify workflow. However, this convenience comes at a cost: unnecessary resulting in very large...

Software debloating seeks to mitigate security risks and improve performance by eliminating unnecessary code. In recent years, a plethora of tools have been developed, creating dense varied landscape. Several studies delved into the literature, focusing on comparative analysis these tools. To build upon efforts, this paper presents comprehensive systematization knowledge (SoK) software We conceptualize workflow, which serves as basis for developing multilevel taxonomy. This framework...

While there has been exponential improvements in hardware performance over the years, software lagged behind. The performance-gap is caused by inefficiencies, many of which are bloat. Software bloat occurs due to ever increasing, mostly unused, features and dependencies a software. Bloat exists all layers software, from operating system, application, resulting computing resource wastage. problem exacerbated both cloud edge setting as number applications running increase. To remove bloat,...

Robot Operating System (ROS) is widely used in academia and industry, importantly leveraged safety-critical robotic systems. The quality of ROS software can affect the safety security properties robotics systems; therefore, reliability are imperative to guarantee. Source code static analysis a key approach formally perform verification. We address two concerns this paper: (1) conducting systematic literature review study provide complete picture existing methods that analyze different...

Multiple Perspective attack Investigation ( <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">MPI</small> ) is a technique to partition application dependencies based on high-level semantics. It facilitates provenance analysis by generating succinct causal graphs. involves an annotation process that identifies variables and data structures corresponding the partitions communication channels between them. Though amount of small, this requires...

Software debloating techniques are applied to craft a specialized version of the program based on user's requirements and remove irrelevant code accordingly. The debloated programs presumably maintain better performance reduce attack surface in contrast original programs. This work unleashes effectiveness applying software robustness machine learning systems malware classification domain. We empirically study how an adversarial can leverage mislead models. apply generate examples demonstrate...