In this summary, we present our paper "Divide and Conquer the EmpiRE: A Community-Maintainable knowledge Graph of Empirical Research in Requirements engineering" [Ka23b] which received the best paper award o...
详细信息
Osseous fractures account for 16% of all musculoskeletal injuries in the U.S. annually. Various tissue engineering methods have emerged for bone repair, including additive biomanufacturing techniques like extrusion-ba...
详细信息
Code completion is an integral component of modern integrated development environments, as it not only facilitates the software development process but also enhances the quality of software products. By leveraging lar...
详细信息
the proceedings contain 19 papers. the special focus in this conference is on integrated Formal Methods. the topics include: Implementing, Specifying, and Verifying the QOI Format in Dafny: A Case Study...
ISBN:
(纸本)9783031765537
the proceedings contain 19 papers. the special focus in this conference is on integrated Formal Methods. the topics include: Implementing, Specifying, and Verifying the QOI Format in Dafny: A Case Study;veriCode: Correct Translation of Abstract Specifications to C Code;proving Termination via Measure Transfer in Equivalence Checking;PLACIDUS: engineering Product Lines of Rigorous Assurance Cases;stateful Functional Modeling with Refinement (a Lean4 Framework);modeling Register Pairs in CompCert;monitoring Extended Hypernode Logic;towards Quantitative Analysis of Simulink Models Using Stochastic Hybrid Automata;monitoring Real-Time Systems Under Parametric Delay;veyMont: Choreography-Based Generation of Correct Concurrent Programs with Shared Memory;correct and Complete Symbolic Execution for Free;solvent: Liquidity Verification of Smart Contracts;StEVe: A Rational Verification Tool for Stackelberg Security Games;PyQBF: A Python Framework for Solving Quantified Boolean Formulas;Improving SAT Solver Performance through MLP-Predicted Genetic Algorithm Parameters;active Learning of Runtime Monitors Under Uncertainty;specify What? Enhancing Neural Specification Synthesis by Symbolic Methods.
software Process Improvement (SPI) aims to achieve quality in software products for software organizations, as it helps to manage and improve the development processes. the success of software products highly depends ...
详细信息
Despite significant progresses in single-label class incremental learning (CIL), its multi-label counterpart remains relatively understudied which is called multi-label class incremental learning (MLCIL). In MLCIL, ne...
详细信息
Service caching is an emerging solution to addressing massive service request in a distributed environment for supporting rapidly growing services and applications. Withthe explosive increases in global mobile data t...
详细信息
the exponential growth of open-source package ecosystems, particularly NPM and PyPI, has led to an alarming increase in software supply chain poisoning attacks. Existing static analysis methods struggle with high fals...
详细信息
ISBN:
(数字)9798400712487
ISBN:
(纸本)9798400712487
the exponential growth of open-source package ecosystems, particularly NPM and PyPI, has led to an alarming increase in software supply chain poisoning attacks. Existing static analysis methods struggle with high false positive rates and are easily thwarted by obfuscation and dynamic code execution techniques. While dynamic analysis approaches offer improvements, they often suffer from capturing non-package behaviors and employing simplistic testing strategies that fail to trigger sophisticated malicious behaviors. To address these challenges, we present OSCAR, a robust dynamic code poisoning detection pipeline for NPM and PyPI ecosystems. OSCAR fully executes packages in a sandbox environment, employs fuzz testing on exported functions and classes, and implements aspect-based behavior monitoring with tailored API hook points. We evaluate OSCAR against six existing tools using a comprehensive benchmark dataset of real-world malicious and benign packages. OSCAR achieves an F1 score of 0.95 in NPM and 0.91 in PyPI, confirming that OSCAR is as effective as the current state-of-the-art technologies. Furthermore, for benign packages exhibiting characteristics typical of malicious packages, OSCAR reduces the false positive rate by an average of 32.06% in NPM (from 34.63% to 2.57%) and 39.87% in PyPI (from 41.10% to 1.23%), compared to other tools, significantly reducing the workload of manual reviews in real-world deployments. In cooperation with Ant Group, a leading financial technology company, we have deployed OSCAR on its NPM and PyPI mirrors since January 2023, identifying 10,404 malicious NPM packages and 1,235 malicious PyPI packages over 18 months. this work not only bridges the gap between academic research and industrial application in code poisoning detection but also provides a robust and practical solution that has been thoroughly tested in a real-world industrial setting.
the upward progress in Data-Information-knowledge-Wisdom (DIKW) has advanced manufacturing from digitalization to networking in Industry 3.0, and to intelligence and even wisdom in Industry 4.0, which reveals the inev...
详细信息
According to Eurocontrol’s latest research, by year 2035 airports across Europe are expected to handle 14.4 million flights and 1.4 billion passengers. However, current Air Traffic Management (ATM) system is not adeq...
详细信息
暂无评论