Abstract: A method for testing a computer program. The method includes: executing the computer program until a memory allocation command is activated for allocating a memory region; expanding the memory region by a protection zone having at least one memory location; allocating the expanded memory region; setting a watchpoint on each of one or more memory locations of the protection zone; continuing the execution of the computer program; and displaying, for each set watchpoint, that the computer program has a bug if the set watchpoint is triggered.

Abstract: The disclosure relates to a method for analyzing target software with respect to potential vulnerabilities, using a machine learning model, in particular a large language model, including: providing first instruction information for the machine learning model, including: an instruction, based on information about the target software and information about the vulnerability, specifying how the vulnerability can be exploited; determining, based on the first instruction information, a first set of possibilities for how the vulnerability can be exploited; determining, based on reference information, for each of the first set of possibilities, a respective probability that the respective possibility is used; providing second instruction information, including: an instruction specifying how the first selected possibility can be implemented; determining, based on the second instruction information, a second set of possibilities for how the first selected possibility can be implemented; determining, based on one or mo

Abstract: A method for testing a computer program. The method includes executing the computer program until a subprogram is called, ascertaining a memory location of the call stack in which the return address or the stack base pointer of the called subprogram is stored, setting a watchpoint on the ascertained memory location, setting breakpoints on return instructions of the called subprogram, continuing the execution of the computer program and indicating that the computer program has an error if the set watchpoint has been triggered before one of the set breakpoints due to a write to the memory location.

Abstract: A computer-implemented method for obtaining an access notification as part of a taint analysis when testing a software program. The software program is executed on a hardware target. The hardware target has a memory. During execution of the software program, the software program stores data at least in part of the memory. The method includes: generating input data for the software program by means of a test module; transmitting the generated input data to the software program by means of the test module; monitoring at least one address of the memory by means of a debugger while the software program at least partially processes the transmitted input data; transmitting an access notification to the test module if at least one access is detected at the at least one address of the monitored memory.

Abstract: A computer-implemented method for preventing loss of function in a local instance when there is a disturbance of a connection to a backend in a communication system that has a local instance having a local agent and a backend acting in part as a global agent, an agent designating a unit that is designed to achieve defined goals through autonomous behavior. The method includes, when there is a connection to the backend, the providing of the function by the global agent, which receives backend information from the backend during the providing of the function, and, if a connection to the backend is disturbed, the providing of the function by the local agent.

Abstract: A method for generating training data for use in training a machine learning model used to detect malware, in particular in operating software for a technical system. The method includes: providing malware data, which include a plurality of decompositions, wherein each decomposition comprises function blocks that are or have been obtained by decomposing an attack vector; providing good software data, which comprise a plurality of decompositions, wherein each decomposition comprises function blocks that are or have been obtained by decomposing a good software sample; generating the training data, on the basis of the malware data and the good software data, wherein the training data comprise adapted good software samples, which are each based on function blocks of a corresponding good software sample that are supplemented with one or more function blocks of the malware data; and providing the training data for use in training the machine learning model.

Abstract: A method for detecting attacks on a computer system. The method includes ascertaining an input grammar, according to which a program running on the computer system processes inputs, by observing how the program processes a set of inputs; receiving one or more further inputs to the program; checking whether the ascertained input grammar can generate the one or more further inputs; and triggering a security measure depending on whether the ascertained input grammar can generate the one or more further inputs.

Abstract: A method for learning a state machine for a program including executing, via a host computer system, a state machine learning algorithm, wherein the host computer system controls an embedded system via a debugging interface by means of a debugger such that it executes the program several times. The host computer system detects for each execution of the program whether a program section has been reached which has not yet been reached during the previous executions of the program; and, when it detects this, an input to the program which was not supplied to the program by the host computer system and which caused the program to reach the program section, by using the debugger to determine a memory area of the embedded system into which the input was written, reading it out, and adding the determined input to an alphabet.

Abstract: A method for determining correctness and/or for generating an assessment of the risk of cyber attacks on a particular system. The method includes receiving a request to carry out cyber attack(s) on the system and invoking a machine learning agent. The machine learning agent accesses a generative machine learning model. The method further includes carrying out one or more cyber attacks on the system using the machine learning agent in response to the request, evaluating the results of the one or more carried out cyber attacks and determining, based on a finding of the step of evaluating the result, whether a predetermined assessment of the risk of cyber attacks on the particular system is correct or generating, based on a finding of the step of evaluating the result, an assessment of the risk of cyber attacks on the particular system.

Abstract: A method for detecting attacks on a computer system. The method includes, for each of one or more security vulnerabilities, extracting at least one exploit string assigned to the security vulnerability from code of a program that exploits the security vulnerability, wherein each of the extracted exploit strings is a string sent by the particular program to exploit the security vulnerability to which the exploit string is assigned, receiving messages by a computer system, searching for the extracted exploit strings in payload data of the received messages, and in response to one of the extracted exploit strings being found in one of the received messages, issuing an alarm indicating that an attack to exploit the security vulnerability to which the found exploit string is assigned has occurred, and alarm information indicating the message and the security vulnerability.

Abstract: A computer-implemented method for automatically generating a patch of software or of a part of the software designed to control, regulate and/or monitor a technical system or a part thereof. The method includes generating, via a machine learning model, at least one patch for a vulnerability of the software or the part thereof based on a prompt and a binary code of the software or the part thereof. A computer-implemented method for further training a machine learning model is also described, the machine learning model being designed to generate at least one patch for a vulnerability of software or a part of the software based on a prompt and a binary code of the software or the part thereof. The method includes adapting the machine learning model based on at least one generated patch and at least one evaluation result resulting from evaluating the at least one patch.

Abstract: A method for generating a honeypot. The method includes: sending messages to a target system, observing responses of the target system to the messages, generating, according to the observed responses of the target system, a state machine model for one or more interfaces of the target system, ascertaining, for each one or more known vulnerabilities, a chain of states of the state machine model that, when followed, makes it possible to exploit the vulnerability, removing, for each of the one or more vulnerabilities, at least one state of the chain from the state machine model, and generating a honeypot that responds to messages according to the state machine model.

Abstract: A method for configuring a honeypot. The method includes: implementing a honeypot, conducting at least one attack on the honeypot by means of a large language model, ascertaining an assessment of the at least one attack; and configuring the honeypot depending on the assessment of the at least one attack.

Abstract: A computer-implemented method for maintaining a function of a local entity upon connection disruption to a backend in a communication system including a backend and a plurality of local entities. The backend provides backend information for the function. The method includes reception of local behavior models from a plurality of local entities by the backend, wherein the local behavior models provide the function in the local entities if particular backend information is not available; creation of a behavior model based on the received local behavior models; and transmission of the behavior model to a local entity of the plurality of the local entities by the backend.

Abstract: A method for generating fuzz drivers for a fuzz setup. The method includes: inputting documentation of a fuzz target into a language understanding Artificial Intelligence (AI); generating, by the language understanding AI, Application Programming Interface (API) calls and their arguments from the documentation; generating at least one fuzz driver from the API calls and their arguments.

Abstract: A computer-implemented method for mitigating anomalous activity in an embedded computer system including a plurality of communicably coupled embedded processing elements. The method includes: detecting a transmission of an anomalous message in the embedded computer system; transmitting at least one notification to a plurality of embedded processing elements in the embedded computer system, wherein the notification is encrypted using a cryptographic key; in at least one embedded processing element of the plurality of processing elements: receiving the at least one notification; identifying, at the at least one embedded processing element, that the at least one notification has been encrypted using the cryptographic key; and reconfiguring the at least one processing element from a first mode into a second mode, wherein the at least one processing element presents a reduced functionality to the embedded computer system in the second mode.

Abstract: A method for improving the memory allocation of code generated using a language model. The method includes: providing a program code generated using a language model, if a new version of the program code is available; generating an executable file using compilation and instrumentation, wherein a memory sanitizer inserts instructions into the program code and/or the executable file; execution of fuzzing by a fuzzer, wherein the fuzzer injects inputs into the executable file; monitoring the memory performance and optionally runtime information, the behavior and/or the output of the executable file; storing metadata generated from the allocated and freed memory in a memory metadata database, wherein the metadata are based on the instructions and are stored when the executable file is generated and/or when the fuzzing is executed; outputting the program code if no memory performance degradation or other errors are found.

Abstract: An apparatus and computer-implemented method for allocating computing resources in a method for protecting a computer-aided development environment in a distributed development process from damage and threats. In the method for protecting, multiple methods for identifying damage and/or a threat in the computer-aided development environment are carried out, wherein a metric which quantifies a quality and/or informative value of the method is determined for each method, wherein a respective offer for allocating computing resources for the execution of the respective method is determined for the methods depending on said metric, wherein the computing resources are allocated to the methods depending on the respective offer.

Abstract: A method for checking the dynamic behavior of code generated using a language model. Th method includes: providing a first executable file from a program code generated using a language model; providing a second executable file, wherein the second executable file is a previous first executable file or is an original source code of the program code; executing differential fuzzing using a fuzzer, wherein the fuzzer injects identical inputs into the first executable file and into the second executable file; monitoring the behavior and the output of the first executable file and the second executable file; outputting the program code if the fuzzing found no inconsistencies, no errors and/or no worse runtime behavior of the first executable file compared to the second executable file.

Abstract: A method for verifying static warnings of code generated by a language model includes (i) providing an executable file from a program code generated by a language model, (ii) providing warning points in the program code originating from static testing, (iii) performing directed fuzzing by a fuzzer, wherein the fuzzer injects inputs into the executable file to reach a warning point, (iv) monitoring the behavior and output of the executable file, and (v) rating the warning point based on the behavior and the output.