IEEE Transactions on Software Engineering最新文献

筛选
英文 中文
A Systematic Literature Review of Machine Learning Approaches for Migrating Monolithic Systems to Microservices 将单片系统迁移到微服务的机器学习方法的系统文献综述
IF 7.4 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-29 DOI: 10.1109/tse.2025.3603897
Imen Trabelsi, Brahim Mahmoudi, Jean Baptiste Minani, Naouel Moha, Yann-Gaël Guéhéneuc
{"title":"A Systematic Literature Review of Machine Learning Approaches for Migrating Monolithic Systems to Microservices","authors":"Imen Trabelsi, Brahim Mahmoudi, Jean Baptiste Minani, Naouel Moha, Yann-Gaël Guéhéneuc","doi":"10.1109/tse.2025.3603897","DOIUrl":"https://doi.org/10.1109/tse.2025.3603897","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"27 1","pages":""},"PeriodicalIF":7.4,"publicationDate":"2025-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144918991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
From Tea Leaves to System Maps: A Survey and Framework on Context-aware Machine Learning Monitoring 从茶叶到系统地图:上下文感知机器学习监测的调查和框架
IF 7.4 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-26 DOI: 10.1109/tse.2025.3602520
Joran Leest, Claudia Raibulet, Patricia Lago, Ilias Gerostathopoulos
{"title":"From Tea Leaves to System Maps: A Survey and Framework on Context-aware Machine Learning Monitoring","authors":"Joran Leest, Claudia Raibulet, Patricia Lago, Ilias Gerostathopoulos","doi":"10.1109/tse.2025.3602520","DOIUrl":"https://doi.org/10.1109/tse.2025.3602520","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"299 1","pages":""},"PeriodicalIF":7.4,"publicationDate":"2025-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144905930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
T4PC: Training Deep Neural Networks for Property Conformance T4PC:训练属性一致性的深度神经网络
IF 5.6 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-25 DOI: 10.1109/TSE.2025.3601591
Felipe Toledo;Trey Woodlief;Sebastian Elbaum;Matthew B. Dwyer
{"title":"T4PC: Training Deep Neural Networks for Property Conformance","authors":"Felipe Toledo;Trey Woodlief;Sebastian Elbaum;Matthew B. Dwyer","doi":"10.1109/TSE.2025.3601591","DOIUrl":"10.1109/TSE.2025.3601591","url":null,"abstract":"The increasing integration of Deep Neural Networks (DNNs) into safety critical systems, such as Autonomous Vehicles (AVs), where failures can lead to significant consequences, has fostered the development of many Verification and Validation (V&V) techniques. However, these techniques are applied mainly after the DNN training process is complete. This delayed application of V&V techniques means that property violations found require restarting the expensive training process, and that V&V techniques struggle in pursuit of checking increasingly large and sophisticated DNNs. To address this issue, we propose T4PC, a framework to increase property conformance <italic>during</i> DNN training. Increasing property conformance is achieved by enriching: 1) the data preparation phase to account for properties’ pre and postcondition satisfaction, and 2) the training phase to account for the property satisfaction by incorporating a new <italic>property loss</i> term that is integrated with the main loss. Our family of controlled experiments targeting a navigation DNN show that T4PC can effectively train it for conformance to single and multiple properties, and can also fine-tune for conformance an existing navigation DNN originally trained for accuracy. Our case study in simulation applying T4PC to fine-tune two open source AV systems operating in the CARLA simulator shows that it can reduce targeted driving violations while retaining its original driving capabilities.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 10","pages":"2864-2878"},"PeriodicalIF":5.6,"publicationDate":"2025-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144898562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Wolf in Sheep’s Clothing: Shearing the Camouflage of Malicious Java Components in Maven 披着羊皮的狼:在Maven中剪掉恶意Java组件的伪装
IF 5.6 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-19 DOI: 10.1109/TSE.2025.3599732
Yutong Zeng;Cheng Huang;Jiaxuan Han;Jianguo Zhao;Nannan Wang;Genpei Liang;Shuyi Jiang
{"title":"Wolf in Sheep’s Clothing: Shearing the Camouflage of Malicious Java Components in Maven","authors":"Yutong Zeng;Cheng Huang;Jiaxuan Han;Jianguo Zhao;Nannan Wang;Genpei Liang;Shuyi Jiang","doi":"10.1109/TSE.2025.3599732","DOIUrl":"10.1109/TSE.2025.3599732","url":null,"abstract":"In recent years, software supply chain attacks have become increasingly prevalent, prompting considerable research into detecting malicious packages within relevant repositories. With the popularity bolstered by the widespread adoption of open-source practices, Java become one of the preferred languages among modern developers. However, the issue of malware detection in Java components remains unresolved. Most prior approaches suffer from insufficient code coverage and coarse-grained representation, making them unsuitable for Java components. In this paper, we propose an innovative solution called <sc>Shear</small> tailored for detecting malicious Java components. <sc>Shear</small> firstly analyzes all methods in the component and locates potential malicious code snippets based on sensitive calls, as slice-level analysis provides a better understanding of the specific malicious activities. Secondly, statements depending on sensitive call sites are extracted and embedded into vectors for further detection instead of function-level representation which is coarse-grained facing the dynamic features in Java. The corresponding experimental results show that <sc>Shear</small> effectively identifies the malicious semantics hidden in the code slices by leveraging the neural network model, outperforming currently available tools to a great extent. Through real-world validation, <sc>Shear</small> detected 51 components with malicious characteristics out of 68,273, demonstrating its practical feasibility. This study introduces the first Java malicious component detection method suitable for real-world scenarios, carrying considerable practical significance in bolstering defenses within the software supply chain.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 10","pages":"2847-2863"},"PeriodicalIF":5.6,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144898565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Can Large Language Models Serve as Evaluators for Code Summarization? 大型语言模型可以作为代码总结的评估器吗?
IF 7.4 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-19 DOI: 10.1109/tse.2025.3595283
Yang Wu, Yao Wan, Zhaoyang Chu, Wenting Zhao, Ye Liu, Hongyu Zhang, Xuanhua Shi, Hai Jin, Philip S. Yu
{"title":"Can Large Language Models Serve as Evaluators for Code Summarization?","authors":"Yang Wu, Yao Wan, Zhaoyang Chu, Wenting Zhao, Ye Liu, Hongyu Zhang, Xuanhua Shi, Hai Jin, Philip S. Yu","doi":"10.1109/tse.2025.3595283","DOIUrl":"https://doi.org/10.1109/tse.2025.3595283","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"31 1","pages":"1-12"},"PeriodicalIF":7.4,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144898564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
VERCATION: Precise Vulnerable Open-source Software Version Identification based on Static Analysis and LLM 基于静态分析和LLM的开源软件漏洞版本精确识别
IF 7.4 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-19 DOI: 10.1109/tse.2025.3599581
Yiran Cheng, Ting Zhang, Lwin Khin Shar, Shouguo Yang, Chaopeng Dong, David Lo, Shichao Lv, Zhiqiang Shi, Limin Sun
{"title":"VERCATION: Precise Vulnerable Open-source Software Version Identification based on Static Analysis and LLM","authors":"Yiran Cheng, Ting Zhang, Lwin Khin Shar, Shouguo Yang, Chaopeng Dong, David Lo, Shichao Lv, Zhiqiang Shi, Limin Sun","doi":"10.1109/tse.2025.3599581","DOIUrl":"https://doi.org/10.1109/tse.2025.3599581","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"10 1","pages":"1-19"},"PeriodicalIF":7.4,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144898680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Relevance of Log Mining and Analytics Papers to IEEE Transactions on Software Engineering 日志挖掘和分析论文与IEEE软件工程学报的相关性
IF 5.6 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-18 DOI: 10.1109/TSE.2025.3591380
Massimiliano Di Penta;Domenico Bianculli;Michael R. Lyu;Sebastian Uchitel;Andy Zaidman
{"title":"Relevance of Log Mining and Analytics Papers to IEEE Transactions on Software Engineering","authors":"Massimiliano Di Penta;Domenico Bianculli;Michael R. Lyu;Sebastian Uchitel;Andy Zaidman","doi":"10.1109/TSE.2025.3591380","DOIUrl":"https://doi.org/10.1109/TSE.2025.3591380","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 8","pages":"2211-2212"},"PeriodicalIF":5.6,"publicationDate":"2025-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11126987","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144868352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Advanced Smart Contract Vulnerability Detection via LLM-Powered Multi-Agent Systems 基于llm的多代理系统的高级智能合约漏洞检测
IF 5.6 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-11 DOI: 10.1109/TSE.2025.3597319
Zhiyuan Wei;Jing Sun;Yuqiang Sun;Ye Liu;Daoyuan Wu;Zijian Zhang;Xianhao Zhang;Meng Li;Yang Liu;Chunmiao Li;Mingchao Wan;Jin Dong;Liehuang Zhu
{"title":"Advanced Smart Contract Vulnerability Detection via LLM-Powered Multi-Agent Systems","authors":"Zhiyuan Wei;Jing Sun;Yuqiang Sun;Ye Liu;Daoyuan Wu;Zijian Zhang;Xianhao Zhang;Meng Li;Yang Liu;Chunmiao Li;Mingchao Wan;Jin Dong;Liehuang Zhu","doi":"10.1109/TSE.2025.3597319","DOIUrl":"10.1109/TSE.2025.3597319","url":null,"abstract":"Blockchain’s inherent immutability, while transformative, creates critical security risks in smart contracts, where undetected vulnerabilities can result in irreversible financial losses. Current auditing tools and approaches often address specific vulnerability types, yet there is a need for a comprehensive solution that can detect a wide range of vulnerabilities with high accuracy. We propose LLM-SmartAudit, a novel framework that leverages Large Language Models (LLMs) to automate smart contract vulnerability detection and analysis. Using a multi-agent conversational architecture with a buffer-of-thought mechanism, LLM-SmartAudit maintains a dynamic record of insights generated throughout the audit process. This enables a collaborative system of specialized agents to iteratively refine their assessments, enhancing the accuracy and depth of vulnerability detection. To evaluate its effectiveness, LLM-SmartAudit was tested on three datasets: a benchmark for common vulnerabilities, a real-world project corpus, and a CVE dataset. It outperformed existing tools with 98% accuracy on common vulnerabilities and demonstrates higher accuracy in real-world scenarios. Additionally, it successfully identifies 12 out of 13 CVEs, surpassing other LLM-based methods. These results demonstrate the effectiveness of multi-agent collaboration in automated smart contract auditing, offering a scalable, adaptive, and highly efficient solution for blockchain security analysis.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 10","pages":"2830-2846"},"PeriodicalIF":5.6,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11121619","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144850471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Bug-Locating Method Based on Statistical Testing for Quantum Programs 基于统计测试的量子程序bug定位方法
IF 5.6 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-08 DOI: 10.1109/TSE.2025.3597316
Naoto Sato;Ryota Katsube
{"title":"Bug-Locating Method Based on Statistical Testing for Quantum Programs","authors":"Naoto Sato;Ryota Katsube","doi":"10.1109/TSE.2025.3597316","DOIUrl":"https://doi.org/10.1109/TSE.2025.3597316","url":null,"abstract":"When a bug is detected by testing a quantum program on a quantum computer, we want to determine its location to fix it. To locate the bug, the quantum program is divided into several segments, and each segment is tested. However, to prepare a quantum state that is input to a segment, it is necessary to execute all the segments ahead of that segment in a quantum computer. This means that the cost of testing each segment depends on its location. We can also locate a buggy segment only if it is confirmed that there are no bugs in all segments ahead of that buggy segment. Since a quantum program is tested statistically on the basis of measurement results, there is a tradeoff between testing accuracy and cost. These characteristics are unique to quantum programs and complicate locating bugs. We propose an efficient bug-locating method consisting of four approaches, i.e., cost-based binary search, early determination, finalization, and looking back, which take these characteristics into account. We present experimental results indicating that the proposed method can reduce bug-locating cost, represented as the number of executed quantum gates, compared with naive methods that do not use the four approaches. The limitations and usefulness of the proposed method are also discussed on the basis of the experimental results.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 10","pages":"2804-2829"},"PeriodicalIF":5.6,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145315500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ARAP: Demystifying Anti Runtime Analysis Code in Android Apps 揭秘Android应用程序中的反运行时分析代码
IF 5.6 1区 计算机科学
IEEE Transactions on Software Engineering Pub Date : 2025-08-06 DOI: 10.1109/TSE.2025.3596016
Dewen Suo;Lei Xue;Le Yu;Runze Tan;Weihao Huang;Guozi Sun
{"title":"ARAP: Demystifying Anti Runtime Analysis Code in Android Apps","authors":"Dewen Suo;Lei Xue;Le Yu;Runze Tan;Weihao Huang;Guozi Sun","doi":"10.1109/TSE.2025.3596016","DOIUrl":"10.1109/TSE.2025.3596016","url":null,"abstract":"With the continuous growth in the usage of Android apps, ensuring their security has become critically important. An increasing number of malicious apps adopt anti-analysis techniques to evade security measures. Although some research has started to consider anti-runtime analysis (ARA), it is unfortunate that they have not systematically examined ARA techniques. Furthermore, the rapid evolution of ARA technology exacerbates the issue, leading to increasingly inaccurate analysis results. To effectively analyze Android apps, understanding their adopted ARA techniques is necessary. However, no systematic investigation has been conducted thus far. In this paper, we conduct the first systematic study of the ARA implementations in a wide range of 117,270 Android apps (including both malicious and benign ones) collected between 2016 and 2023. Additionally, we propose a specific investigation tool named <monospace>ARAP</monospace> to assist this study by leveraging both static and dynamic analysis. According to the evaluation results, <monospace>ARAP</monospace> not only effectively identifies the ARA implementations in Android apps but also reveals many important findings. For instance, almost all apps have implemented at least one category of ARA technology (99.6% for benign apps and 97.0% for malicious apps).","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 10","pages":"2787-2803"},"PeriodicalIF":5.6,"publicationDate":"2025-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144792844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信