[目的/意义]梳理国际国家安全情报研究发展脉络与知识生产特征,揭示关键学者的群体画像、职业发展模式、合作网络结构与核心研究议题演进,以期为推动我国安全情报学科建设提供借鉴。[方法/过程]基于发文量标准,从Intelligence and Natio...[目的/意义]梳理国际国家安全情报研究发展脉络与知识生产特征,揭示关键学者的群体画像、职业发展模式、合作网络结构与核心研究议题演进,以期为推动我国安全情报学科建设提供借鉴。[方法/过程]基于发文量标准,从Intelligence and National Security期刊中筛选出核心著者,运用履历分析法将国外核心著者履历划分为学科背景、研究方向、科研成果和工作经历4个核心类属进行比较分析,采用LDA主题模型对发文进行主题挖掘,系统识别出情报研究者关注的核心议题。[结果/结论]核心著者群体呈现显著的男性主导、中老年资深学者为主、机构高度集中、学科背景偏重传统人文社科的特征;安全情报研究面临跨学科深度融合不足、学界与实践存在隔阂、技术伦理与法律探讨滞后等问题。展开更多
Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a cr...Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a critical objective,aiming for comprehensive indigenous replacement through rapid technological iteration.Consequently,Xinchuang systems and Windows platforms are expected to coexist over an extended period.This study seeks to establish an automated verification framework for multi-version operating systems and validate the efficacy of baseline hardening in mitigating security risks.Design/methodology/approach-Based on the Classified Protection 2.0 framework and relevant national standards for endpoint security,this study proposes an endpoint security baseline verification scheme applicable to multiple operating systems.The scheme addresses divergent security policies and implementation methodologies across heterogeneous environments.It automates the inspection of core baselines,including account password complexity,default shared service status and patch installation status.Furthermore,a comprehensive scoring model is established by incorporating differentiated weights for account security,patch management and log auditing,ultimately generating visualized risk reports to facilitate remediation prioritization.Findings-This study reveals that baseline configuration serves as the fundamental prerequisite in endpoint security practices.Through a scalable detection engine and quantitative scoring model,the system can promptly identify and remediate potential risks,thereby reducing the attack surface and mitigating intrusion risks.However,on certain domestic chip architectures,compatibility issues persist in detecting specific configuration items.Further improvement in hardware-software co-adaptation for domestic platforms is required to advance the development of localized security protection systems.Originality/value-Through in-depth research on security baseline configurations across multiple operating systems,this study implements an automated and visualized baseline verification methodology.This approach significantly strengthens the security posture of domestic operating systems and supports the establishment of a more robust,national-level cybersecurity defense framework.展开更多
Malnutrition remains a significant global challenge,particularly in developing countries.Policymakers have increasingly focused on improving household food security and nutrition through farm production diversity(FPD)...Malnutrition remains a significant global challenge,particularly in developing countries.Policymakers have increasingly focused on improving household food security and nutrition through farm production diversity(FPD).While research indicates that FPD correlates positively with reduced malnutrition,other studies emphasize the importance of market access for improved nutritional outcomes.However,this evidence varies by region and remains inconsistent.To address this knowledge gap,this study analyzed survey data from 450 smallholder farmers in Punjab,Pakistan,using regression models to examine the relationship between FPD and dietary diversity,as well as the underlying impact pathways.The findings demonstrate that FPD significantly correlates with increased household dietary diversity score(HDDS).FPD influences dietary diversification through both own-farm production and market food consumption pathways,with the ownfarm production pathway showing greater impact.The increase in food expenditure through own-farm production yielded a marginal return of 8% in household dietary diversity compared to 5.3% through marketing.Gender differences emerged as significant,with male-headed households showing relatively lower dietary diversity.These findings have substantial implications for countries with smallholder farming systems,providing valuable insights for the formation of agricultural policies,resource optimization,and rural development initiatives.展开更多
Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,B...Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,Bukyiende Subcounty in Uganda where he has been cultivating plantain,coffee and Irish potatoes for the past 16 years.展开更多
The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreser...The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.展开更多
This paper presents an intelligent patrol and security robot integrating 2D LiDAR and RGB-D vision sensors to achieve semantic simultaneous localization and mapping(SLAM),real-time object recognition,and dynamic obsta...This paper presents an intelligent patrol and security robot integrating 2D LiDAR and RGB-D vision sensors to achieve semantic simultaneous localization and mapping(SLAM),real-time object recognition,and dynamic obstacle avoidance.The system employs the YOLOv7 deep-learning framework for semantic detection and SLAM for localization and mapping,fusing geometric and visual data to build a high-fidelity 2D semantic map.This map enables the robot to identify and project object information for improved situational awareness.Experimental results show that object recognition reached 95.4%mAP@0.5.Semantic completeness increased from 68.7%(single view)to 94.1%(multi-view)with an average position error of 3.1 cm.During navigation,the robot achieved 98.0%reliability,avoided moving obstacles in 90.0%of encounters,and replanned paths in 0.42 s on average.The integration of LiDAR-based SLAMwith deep-learning–driven semantic perception establishes a robust foundation for intelligent,adaptive,and safe robotic navigation in dynamic environments.展开更多
As artificial Intelligence(AI)continues to expand exponentially,particularly with the emergence of generative pre-trained transformers(GPT)based on a transformer’s architecture,which has revolutionized data processin...As artificial Intelligence(AI)continues to expand exponentially,particularly with the emergence of generative pre-trained transformers(GPT)based on a transformer’s architecture,which has revolutionized data processing and enabled significant improvements in various applications.This document seeks to investigate the security vulnerabilities detection in the source code using a range of large language models(LLM).Our primary objective is to evaluate the effectiveness of Static Application Security Testing(SAST)by applying various techniques such as prompt persona,structure outputs and zero-shot.To the selection of the LLMs(CodeLlama 7B,DeepSeek coder 7B,Gemini 1.5 Flash,Gemini 2.0 Flash,Mistral 7b Instruct,Phi 38b Mini 128K instruct,Qwen 2.5 coder,StartCoder 27B)with comparison and combination with Find Security Bugs.The evaluation method will involve using a selected dataset containing vulnerabilities,and the results to provide insights for different scenarios according to the software criticality(Business critical,non-critical,minimum effort,best effort)In detail,the main objectives of this study are to investigate if large language models outperform or exceed the capabilities of traditional static analysis tools,if the combining LLMs with Static Application Security Testing(SAST)tools lead to an improvement and the possibility that local machine learning models on a normal computer produce reliable results.Summarizing the most important conclusions of the research,it can be said that while it is true that the results have improved depending on the size of the LLM for business-critical software,the best results have been obtained by SAST analysis.This differs in“NonCritical,”“Best Effort,”and“Minimum Effort”scenarios,where the combination of LLM(Gemini)+SAST has obtained better results.展开更多
The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)...The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)is increasingly measured by technical performance,operational usability,and adaptability.This study introduces and rigorously evaluates a Human-Computer Interaction(HCI)-Integrated IDS with the utilization of Convolutional Neural Network(CNN),CNN-Long Short Term Memory(LSTM),and Random Forest(RF)against both a Baseline Machine Learning(ML)and a Traditional IDS model,through an extensive experimental framework encompassing many performance metrics,including detection latency,accuracy,alert prioritization,classification errors,system throughput,usability,ROC-AUC,precision-recall,confusion matrix analysis,and statistical accuracy measures.Our findings consistently demonstrate the superiority of the HCI-Integrated approach utilizing three major datasets(CICIDS 2017,KDD Cup 1999,and UNSW-NB15).Experimental results indicate that the HCI-Integrated model outperforms its counterparts,achieving an AUC-ROC of 0.99,a precision of 0.93,and a recall of 0.96,while maintaining the lowest false positive rate(0.03)and the fastest detection time(~1.5 s).These findings validate the efficacy of incorporating HCI to enhance anomaly detection capabilities,improve responsiveness,and reduce alert fatigue in critical smart city applications.It achieves markedly lower detection times,higher accuracy across all threat categories,reduced false positive and false negative rates,and enhanced system throughput under concurrent load conditions.The HCIIntegrated IDS excels in alert contextualization and prioritization,offering more actionable insights while minimizing analyst fatigue.Usability feedback underscores increased analyst confidence and operational clarity,reinforcing the importance of user-centered design.These results collectively position the HCI-Integrated IDS as a highly effective,scalable,and human-aligned solution for modern threat detection environments.展开更多
Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widel...Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.展开更多
The integration of artificial intelligence(AI)technology,particularly large language models(LLMs),has become essential across various sectors due to their advanced language comprehension and generation capabilities.De...The integration of artificial intelligence(AI)technology,particularly large language models(LLMs),has become essential across various sectors due to their advanced language comprehension and generation capabilities.Despite their transformative impact in fields such as machine translation and intelligent dialogue systems,LLMs face significant challenges.These challenges include safety,security,and privacy concerns that undermine their trustworthiness and effectiveness,such as hallucinations,backdoor attacks,and privacy leakage.Previous works often conflated safety issues with security concerns.In contrast,our study provides clearer and more reasonable definitions for safety,security,and privacy within the context of LLMs.Building on these definitions,we provide a comprehensive overview of the vulnerabilities and defense mechanisms related to safety,security,and privacy in LLMs.Additionally,we explore the unique research challenges posed by LLMs and suggest potential avenues for future research,aiming to enhance the robustness and reliability of LLMs in the face of emerging threats.展开更多
Software security poses substantial risks to our society because software has become part of our life. Numerous techniques have been proposed to resolve or mitigate the impact of software security issues. Among them, ...Software security poses substantial risks to our society because software has become part of our life. Numerous techniques have been proposed to resolve or mitigate the impact of software security issues. Among them, software testing and analysis are two of the critical methods, which significantly benefit from the advancements in deep learning technologies. Due to the successful use of deep learning in software security, recently,researchers have explored the potential of using large language models(LLMs) in this area. In this paper, we systematically review the results focusing on LLMs in software security. We analyze the topics of fuzzing, unit test, program repair, bug reproduction, data-driven bug detection, and bug triage. We deconstruct these techniques into several stages and analyze how LLMs can be used in the stages. We also discuss the future directions of using LLMs in software security, including the future directions for the existing use of LLMs and extensions from conventional deep learning research.展开更多
文摘[目的/意义]梳理国际国家安全情报研究发展脉络与知识生产特征,揭示关键学者的群体画像、职业发展模式、合作网络结构与核心研究议题演进,以期为推动我国安全情报学科建设提供借鉴。[方法/过程]基于发文量标准,从Intelligence and National Security期刊中筛选出核心著者,运用履历分析法将国外核心著者履历划分为学科背景、研究方向、科研成果和工作经历4个核心类属进行比较分析,采用LDA主题模型对发文进行主题挖掘,系统识别出情报研究者关注的核心议题。[结果/结论]核心著者群体呈现显著的男性主导、中老年资深学者为主、机构高度集中、学科背景偏重传统人文社科的特征;安全情报研究面临跨学科深度融合不足、学界与实践存在隔阂、技术伦理与法律探讨滞后等问题。
基金supported by scientific research projects of China Academy of Railway Sciences Co.,Ltd.(grant no.2024YJ117).
文摘Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a critical objective,aiming for comprehensive indigenous replacement through rapid technological iteration.Consequently,Xinchuang systems and Windows platforms are expected to coexist over an extended period.This study seeks to establish an automated verification framework for multi-version operating systems and validate the efficacy of baseline hardening in mitigating security risks.Design/methodology/approach-Based on the Classified Protection 2.0 framework and relevant national standards for endpoint security,this study proposes an endpoint security baseline verification scheme applicable to multiple operating systems.The scheme addresses divergent security policies and implementation methodologies across heterogeneous environments.It automates the inspection of core baselines,including account password complexity,default shared service status and patch installation status.Furthermore,a comprehensive scoring model is established by incorporating differentiated weights for account security,patch management and log auditing,ultimately generating visualized risk reports to facilitate remediation prioritization.Findings-This study reveals that baseline configuration serves as the fundamental prerequisite in endpoint security practices.Through a scalable detection engine and quantitative scoring model,the system can promptly identify and remediate potential risks,thereby reducing the attack surface and mitigating intrusion risks.However,on certain domestic chip architectures,compatibility issues persist in detecting specific configuration items.Further improvement in hardware-software co-adaptation for domestic platforms is required to advance the development of localized security protection systems.Originality/value-Through in-depth research on security baseline configurations across multiple operating systems,this study implements an automated and visualized baseline verification methodology.This approach significantly strengthens the security posture of domestic operating systems and supports the establishment of a more robust,national-level cybersecurity defense framework.
基金appreciation to the National Natural Science Foundation of China(72071074)Natural Science Foundation of Hunan Province,China(2025JJ30031)for their financial support。
文摘Malnutrition remains a significant global challenge,particularly in developing countries.Policymakers have increasingly focused on improving household food security and nutrition through farm production diversity(FPD).While research indicates that FPD correlates positively with reduced malnutrition,other studies emphasize the importance of market access for improved nutritional outcomes.However,this evidence varies by region and remains inconsistent.To address this knowledge gap,this study analyzed survey data from 450 smallholder farmers in Punjab,Pakistan,using regression models to examine the relationship between FPD and dietary diversity,as well as the underlying impact pathways.The findings demonstrate that FPD significantly correlates with increased household dietary diversity score(HDDS).FPD influences dietary diversification through both own-farm production and market food consumption pathways,with the ownfarm production pathway showing greater impact.The increase in food expenditure through own-farm production yielded a marginal return of 8% in household dietary diversity compared to 5.3% through marketing.Gender differences emerged as significant,with male-headed households showing relatively lower dietary diversity.These findings have substantial implications for countries with smallholder farming systems,providing valuable insights for the formation of agricultural policies,resource optimization,and rural development initiatives.
文摘Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,Bukyiende Subcounty in Uganda where he has been cultivating plantain,coffee and Irish potatoes for the past 16 years.
文摘The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.
基金supported by the National Science and Technology Council of under Grant NSTC 114-2221-E-130-007.
文摘This paper presents an intelligent patrol and security robot integrating 2D LiDAR and RGB-D vision sensors to achieve semantic simultaneous localization and mapping(SLAM),real-time object recognition,and dynamic obstacle avoidance.The system employs the YOLOv7 deep-learning framework for semantic detection and SLAM for localization and mapping,fusing geometric and visual data to build a high-fidelity 2D semantic map.This map enables the robot to identify and project object information for improved situational awareness.Experimental results show that object recognition reached 95.4%mAP@0.5.Semantic completeness increased from 68.7%(single view)to 94.1%(multi-view)with an average position error of 3.1 cm.During navigation,the robot achieved 98.0%reliability,avoided moving obstacles in 90.0%of encounters,and replanned paths in 0.42 s on average.The integration of LiDAR-based SLAMwith deep-learning–driven semantic perception establishes a robust foundation for intelligent,adaptive,and safe robotic navigation in dynamic environments.
文摘As artificial Intelligence(AI)continues to expand exponentially,particularly with the emergence of generative pre-trained transformers(GPT)based on a transformer’s architecture,which has revolutionized data processing and enabled significant improvements in various applications.This document seeks to investigate the security vulnerabilities detection in the source code using a range of large language models(LLM).Our primary objective is to evaluate the effectiveness of Static Application Security Testing(SAST)by applying various techniques such as prompt persona,structure outputs and zero-shot.To the selection of the LLMs(CodeLlama 7B,DeepSeek coder 7B,Gemini 1.5 Flash,Gemini 2.0 Flash,Mistral 7b Instruct,Phi 38b Mini 128K instruct,Qwen 2.5 coder,StartCoder 27B)with comparison and combination with Find Security Bugs.The evaluation method will involve using a selected dataset containing vulnerabilities,and the results to provide insights for different scenarios according to the software criticality(Business critical,non-critical,minimum effort,best effort)In detail,the main objectives of this study are to investigate if large language models outperform or exceed the capabilities of traditional static analysis tools,if the combining LLMs with Static Application Security Testing(SAST)tools lead to an improvement and the possibility that local machine learning models on a normal computer produce reliable results.Summarizing the most important conclusions of the research,it can be said that while it is true that the results have improved depending on the size of the LLM for business-critical software,the best results have been obtained by SAST analysis.This differs in“NonCritical,”“Best Effort,”and“Minimum Effort”scenarios,where the combination of LLM(Gemini)+SAST has obtained better results.
基金funded and supported by the Ongoing Research Funding program(ORF-2025-314),King Saud University,Riyadh,Saudi Arabia.
文摘The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)is increasingly measured by technical performance,operational usability,and adaptability.This study introduces and rigorously evaluates a Human-Computer Interaction(HCI)-Integrated IDS with the utilization of Convolutional Neural Network(CNN),CNN-Long Short Term Memory(LSTM),and Random Forest(RF)against both a Baseline Machine Learning(ML)and a Traditional IDS model,through an extensive experimental framework encompassing many performance metrics,including detection latency,accuracy,alert prioritization,classification errors,system throughput,usability,ROC-AUC,precision-recall,confusion matrix analysis,and statistical accuracy measures.Our findings consistently demonstrate the superiority of the HCI-Integrated approach utilizing three major datasets(CICIDS 2017,KDD Cup 1999,and UNSW-NB15).Experimental results indicate that the HCI-Integrated model outperforms its counterparts,achieving an AUC-ROC of 0.99,a precision of 0.93,and a recall of 0.96,while maintaining the lowest false positive rate(0.03)and the fastest detection time(~1.5 s).These findings validate the efficacy of incorporating HCI to enhance anomaly detection capabilities,improve responsiveness,and reduce alert fatigue in critical smart city applications.It achieves markedly lower detection times,higher accuracy across all threat categories,reduced false positive and false negative rates,and enhanced system throughput under concurrent load conditions.The HCIIntegrated IDS excels in alert contextualization and prioritization,offering more actionable insights while minimizing analyst fatigue.Usability feedback underscores increased analyst confidence and operational clarity,reinforcing the importance of user-centered design.These results collectively position the HCI-Integrated IDS as a highly effective,scalable,and human-aligned solution for modern threat detection environments.
文摘Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.
基金supported by the National Key R&D Program of China under Grant No.2022YFB3103500the National Natural Science Foundation of China under Grants No.62402087 and No.62020106013+3 种基金the Sichuan Science and Technology Program under Grant No.2023ZYD0142the Chengdu Science and Technology Program under Grant No.2023-XT00-00002-GXthe Fundamental Research Funds for Chinese Central Universities under Grants No.ZYGX2020ZB027 and No.Y030232063003002the Postdoctoral Innovation Talents Support Program under Grant No.BX20230060.
文摘The integration of artificial intelligence(AI)technology,particularly large language models(LLMs),has become essential across various sectors due to their advanced language comprehension and generation capabilities.Despite their transformative impact in fields such as machine translation and intelligent dialogue systems,LLMs face significant challenges.These challenges include safety,security,and privacy concerns that undermine their trustworthiness and effectiveness,such as hallucinations,backdoor attacks,and privacy leakage.Previous works often conflated safety issues with security concerns.In contrast,our study provides clearer and more reasonable definitions for safety,security,and privacy within the context of LLMs.Building on these definitions,we provide a comprehensive overview of the vulnerabilities and defense mechanisms related to safety,security,and privacy in LLMs.Additionally,we explore the unique research challenges posed by LLMs and suggest potential avenues for future research,aiming to enhance the robustness and reliability of LLMs in the face of emerging threats.
文摘Software security poses substantial risks to our society because software has become part of our life. Numerous techniques have been proposed to resolve or mitigate the impact of software security issues. Among them, software testing and analysis are two of the critical methods, which significantly benefit from the advancements in deep learning technologies. Due to the successful use of deep learning in software security, recently,researchers have explored the potential of using large language models(LLMs) in this area. In this paper, we systematically review the results focusing on LLMs in software security. We analyze the topics of fuzzing, unit test, program repair, bug reproduction, data-driven bug detection, and bug triage. We deconstruct these techniques into several stages and analyze how LLMs can be used in the stages. We also discuss the future directions of using LLMs in software security, including the future directions for the existing use of LLMs and extensions from conventional deep learning research.
