1 code implementation • 2 Feb 2024 • Roberto Natella, Pietro Liguori, Cristina Improta, Bojan Cukic, Domenico Cotroneo
Recent advances of artificial intelligence (AI) code generators are opening new opportunities in software security research, including misuse by malicious actors.
no code implementations • 28 Oct 2023 • Domenico Cotroneo, Alessio Foggia, Cristina Improta, Pietro Liguori, Roberto Natella
Finally, since it is a fully automated solution that does not require any human intervention, the proposed method performs the assessment of every code snippet in ~0. 17s on average, which is definitely lower than the average time required by human analysts to manually inspect the code, based on our experience.
1 code implementation • 4 Aug 2023 • Domenico Cotroneo, Cristina Improta, Pietro Liguori, Roberto Natella
To address this threat, this work investigates the security of AI code generators by devising a targeted data poisoning strategy.
no code implementations • 8 Jun 2023 • Cristina Improta, Pietro Liguori, Roberto Natella, Bojan Cukic, Domenico Cotroneo
Then, we use the method to assess the robustness of three state-of-the-art code generators against the newly perturbed inputs, showing that the performance of these AI-based solutions is highly affected by perturbations in the NL descriptions.
no code implementations • 12 Dec 2022 • Pietro Liguori, Cristina Improta, Roberto Natella, Bojan Cukic, Domenico Cotroneo
The current practice uses output similarity metrics, i. e., automatic metrics that compute the textual similarity of generated code with ground-truth references.
1 code implementation • 25 Aug 2022 • Vittorio Orbinato, Mariarosaria Barbaraci, Roberto Natella, Domenico Cotroneo
Proactive approaches to security, such as adversary emulation, leverage information about threat actors and their techniques (Cyber Threat Intelligence, CTI).
no code implementations • 29 Mar 2022 • Pietro Liguori, Cristina Improta, Simona De Vivo, Roberto Natella, Bojan Cukic, Domenico Cotroneo
Neural Machine Translation (NMT) has reached a level of maturity to be recognized as the premier method for the translation between different languages and aroused interest in different research areas, including software engineering.
1 code implementation • 8 Feb 2022 • Pietro Liguori, Erfan Al-Hossami, Domenico Cotroneo, Roberto Natella, Bojan Cukic, Samira Shaikh
Writing software exploits is an important practice for offensive security analysts to investigate and prevent attacks.
Ranked #1 on Code Generation on Shellcode_IA32
1 code implementation • 29 Jun 2021 • Domenico Cotroneo, Luigi De Simone, Pietro Liguori, Roberto Natella
Identifying the failure modes of cloud computing systems is a difficult and time-consuming task, due to the growing complexity of such systems, and the large volume and noisiness of failure data.
1 code implementation • ACL (NLP4Prog) 2021 • Pietro Liguori, Erfan Al-Hossami, Domenico Cotroneo, Roberto Natella, Bojan Cukic, Samira Shaikh
We take the first step to address the task of automatically generating shellcodes, i. e., small pieces of code used as a payload in the exploitation of a software vulnerability, starting from natural language comments.
Ranked #3 on Code Generation on Shellcode_IA32
1 code implementation • 3 Jun 2019 • Domenico Cotroneo, Antonio Ken Iannillo, Roberto Natella
In this paper, we propose a coverage-guided fuzzing platform (Chizpurfle) based on evolutionary algorithms to test proprietary Android system services.
Software Engineering Cryptography and Security