检索结果-内蒙古大学图书馆

SSRN 2023年

作者： Ruambo, Francis A. Zou, Deqing Lopes, Ivandro O. Yuan, Bin School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China Hubei Key Laboratory of Distributed System Security Wuhan China Hubei Engineering Research Center on Big Data Security Wuhan China National Engineering Research Center for Big Data Technology and System Wuhan China Services Computing Technology and System Lab Wuhan China Cluster and Grid Computing Lab Wuhan China Mbeya university of Science and Technology Mbeya131 Tanzania United Republic of Nucleo Operacional para a Sociedade de Informacao Cape Verde Songshan Laboratory Zhengzhou China

Network softwarization is a breakthrough in designing modern networks and providing numerous new network operations and services. This change is exemplified by Software Defined Networks (SDN) and Network Function Virtualization (NFV). As a result, the combination of SDN and NFV (SDN/NFV) frameworks and individual SDN and NFV frameworks have gained substantial traction in network security over the past decade, significantly supporting on-demand protection measures. However, the inherent security shortcomings of SDN, NFV, and SDN/NFV frameworks provide the fundamental issue in implementing security procedures via network softwarization. To solve this issue, we present a Software-Defined Perimeter (SDP)-powered Zero-Trust Architecture (ZTA) to improve security in the SDN/NFV-enabled campus network holistically. In addition to this, we also propose a threat model and quantitatively assess the suggested approach's performance and security. Furthermore, we highlight potential zero-trust network security function implementations in SDN/NFV-enabled infrastructure to increase protection for endpoint devices, network resources, and flows for detecting threats and responding effectively with minimal latency and overhead. © 2023, The Authors. All rights reserved.

关键词： Access control

来源：评论

学校读者我要写书评

暂无评论

On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities

arXiv

引用

arXiv 2024年

作者： Li, Zhen Wang, Ning Zou, Deqing Li, Yating Zhang, Ruqian Xu, Shouhuai Zhang, Chao Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Department of Computer Science University of Colorado Colorado Springs Colorado SpringsCO United States Institute for Network Sciences and Cyberspace Tsinghua University Beijing China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab China JinYinHu Laboratory Wuhan China

Software vulnerabilities are a major cyber threat and it is important to detect them. One important approach to detecting vulnerabilities is to use deep learning while treating a program function as a whole, known as function-level vulnerability detectors. However, the limitation of this approach is not understood. In this paper, we investigate its limitation in detecting one class of vulnerabilities known as inter-procedural vulnerabilities, where the to-be-patched statements and the vulnerability-triggering statements belong to different functions. For this purpose, we create the first Inter-Procedural Vulnerability Dataset (InterPVD) based on C/C++ open-source software, and we propose a tool dubbed VulTrigger for identifying vulnerability-triggering statements across functions. Experimental results show that VulTrigger can effectively identify vulnerability-triggering statements and inter-procedural vulnerabilities. Our findings include: (i) inter-procedural vulnerabilities are prevalent with an average of 2.8 inter-procedural layers;and (ii) function-level vulnerability detectors are much less effective in detecting to-be-patched functions of inter-procedural vulnerabilities than detecting their counterparts of intra-procedural vulnerabilities. Copyright © 2024, The Authors. All rights reserved.

关键词： Open source software

来源：评论

学校读者我要写书评

暂无评论

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

Detecting Backdoors During the Inference Stage Based on Corr...

引用

Conference on Computer Vision and Pattern Recognition (CVPR)

作者： Xiaogeng Liu Minghui Li Haoyu Wang Shengshan Hu Dengpan Ye Hai Jin Libing Wu Chaowei Xiao School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Software Engineering Huazhong University of Science and Technology School of Cyber Science and Engineering Wuhan University School of Computer Science and Technology Huazhong University of Science and Technology Cluster and Grid Computing Lab Arizona State University

Deep neural networks are proven to be vulnerable to backdoor attacks. Detecting the trigger samples during the inference stage, i.e., the test-time trigger sample detection, can prevent the backdoor from being triggered. However, existing detection methods often require the defenders to have high accessibility to victim models, extra clean data, or knowledge about the appearance of backdoor triggers, limiting their practicality. In this paper, we propose the test-time corruption robustness consistency evaluation (TeCo) 1 1 https://***/CGCL-codes/TeCo, a novel test-time trigger sample detection method that only needs the hard-label outputs of the victim models without any extra information. Our journey begins with the intriguing observation that the backdoor-infected models have similar performance across different image corruptions for the clean images, but perform discrepantly for the trigger samples. Based on this phenomenon, we design TeCo to evaluate test-time robustness consistency by calculating the deviation of severity that leads to predictions' transition across different corruptions. Extensive experiments demonstrate that compared with state-of-the-art defenses, which even require either certain information about the trigger types or accessibility of clean data, TeCo outperforms them on different backdoor attacks, datasets, and model architectures, enjoying a higher AUROC by 10% and 5 times of stability.

关键词：

来源：评论

学校读者我要写书评

暂无评论

On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities

On the Effectiveness of Function-Level Vulnerability Detecto...

引用

International Conference on Software Engineering (ICSE)

作者： Zhen Li Ning Wang Deqing Zou Yating Li Ruqian Zhang Shouhuai Xu Chao Zhang Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Jin YinHu Laboratory Wuhan China Department of Computer Science University of Colorado Colorado Springs Colorado Springs Colorado USA Institute for Network Sciences and Cyberspace Tsinghua University Beijing China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

ISBN: (数字)9798400702174

ISBN: (纸本)9798350382143

Software vulnerabilities are a major cyber threat and it is important to detect them. One important approach to detecting vulnerabilities is to use deep learning while treating a program function as a whole, known as function-level vulnerability detectors. However, the limitation of this approach is not understood. In this paper, we investigate its limitation in detecting one class of vulnerabilities known as inter-procedural vulnerabilities, where the to-be-patched statements and the vulnerability-triggering statements belong to different functions. For this purpose, we create the first Inter -Procedural Vulnerability Dataset (InterPVD) based on C/C++ open-source software, and we propose a tool dubbed VulTrigger for identifying vulnerability-triggering statements across functions. Experimental results show that VulTrigger can effectively identify vulnerability-triggering statements and inter-procedural vulnerabilities. Our findings include: (i) inter-procedural vulnerabilities are prevalent with an average of 2.8 inter-procedural layers; and (ii) function-level vulner-ability detectors are much less effective in detecting to-be-patched functions of inter-procedural vulnerabilities than detecting their counterparts of intra-procedural vulnerabilities.

关键词： Deep learning Detectors Open source software Software engineering

来源：评论

学校读者我要写书评

暂无评论

VulDeeLocator: A deep learning-based fine-grained vulnerability detector

arXiv

引用

arXiv 2020年

作者： Li, Zhen Zou, Deqing Xu, Shouhuai Chen, Zhaoxuan Zhu, Yawei Jin, Hai The National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab Big Data Security Engineering Research Center School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China School of Cyber Security and Computer Hebei University Baoding071002 China The Department of Computer Science University of Colorado Colorado Springs CO80918 United States University of Texas San Antonio United States

Automatically detecting software vulnerabilities is an important problem that has attracted much attention from the academic research community. However, existing vulnerability detectors still cannot achieve the vulnerability detection capability and the locating precision that would warrant their adoption for real-world use. In this paper, we present a vulnerability detector that can simultaneously achieve a high detection capability and a high locating precision, dubbed Vulnerability Deep learning-based Locator (VulDeeLocator). In the course of designing VulDeeLocator, we encounter difficulties including how to accommodate semantic relations between the definitions of types as well as macros and their uses across files, how to accommodate accurate control flows and variable define-use relations, and how to achieve high locating precision. We solve these difficulties by using two innovative ideas: (i) leveraging intermediate code to accommodate extra semantic information, and (ii) using the notion of granularity refinement to pin down locations of vulnerabilities. When applied to 200 files randomly selected from three real-world software products, VulDeeLocator detects 18 confirmed vulnerabilities (i.e., true-positives). Among them, 16 vulnerabilities correspond to known vulnerabilities;the other two are not reported in the National Vulnerability Database (NVD) but have been "silently" patched by the vendor of Libav when releasing newer versions. Copyright © 2020, The Authors. All rights reserved.

关键词： Location

来源：评论

学校读者我要写书评

暂无评论

Survey on overcoming free riding in peer-to-peer networks

引用

Jisuanji Xuebao/Chinese Journal of Computers 2008年第1期31卷 1-15页

作者： Yu, Yi-Jiao Jin, Hai Key Laboratory of Services Computing Technology and System Huazhong University of Science and Technology Wuhan 430074 China Key Laboratory of Cluster and Grid Computing of Hubei Province Huazhong University of Science and Technology Wuhan 430074 China

Since the first report of free riding on Gnutella in 2000, large amounts of network measurement results show that free riding is prevalent in almost all Peer-to-Peer (P2P) networks, which reduces the robustness, availability and lifetime of P2P networks. Overcoming free riding becomes a hot research issue both in academic and industrial communities. The traffic measurement mechanisms in P2P networks are overviewed, which include active measurement and passive measurement. Some detailed traffic measurement results of Gnutella overlay network are illustrated, which indicate the development of free riding in P2P network in recent 6 years. The modeling of P2P network is introduced, and the impacts to system performance of free riding are discussed. Moreover, the authors focus on the mechanisms avoiding free riding and categorize the proposed approaches into incentive mechanisms, game theoretical approaches, and social network or economic models based methods. Each category is discussed in detail, and some typical work is introduced. Especially, the features of these three categories of solutions are analyzed and compared from the aspect of engineering implementation, which is helpful to both the P2P software developers and academic researchers. Finally, future works about the mechanisms discouraging free riding in P2P networks are outlined.

关键词： Computer networks

来源：评论

学校读者我要写书评

暂无评论

grid information integration scheme based on virtual client access mode

引用

Huazhong Keji Daxue Xuebao (Ziran Kexue Ban)/Journal of Huazhong University of Science and technology (Natural Science Edition) 2007年第SUPPL. 2期35卷 8-11页

作者： Sun, Aobing Jin, Hai Zheng, Ran Zhang, Qin Services Computing Technology and System Key Lab. College of Computer Science and Technology Huazhong University of Science and Technology Wuhan 430074 China Cluster and Grid Computing Key Lab. College of Computer Science and Technology Huazhong University of Science and Technology Wuhan 430074 China

VCA (virtual client access) based grid information integration strategy is proposed in this paper that brings forward one efficient application framework with loosely coupled architecture. It encapsulates the virtual clients that are realized based on the API of the information systems as grid services to enable the grid can access the information systems as real client. VCA mode can be combined with local access control and task management seamlessly, and solve the resource conflicts between grid and local users so as to support the information sharing and cooperation widely and efficiently. The experiment shows that VCA modes can support the information sharing and cooperation widely and efficiently.

关键词： Information management

来源：评论

学校读者我要写书评

暂无评论

Downstream-agnostic Adversarial Examples

Downstream-agnostic Adversarial Examples

引用

International Conference on Computer Vision (ICCV)

作者： Ziqi Zhou Shengshan Hu Ruizhi Zhao Qian Wang Leo Yu Zhang Junhui Hou Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Wuhan University School of Information and Communication Technology Griffith University Department of Computer Science City University of Hong Kong School of Computer Science and Technology Huazhong University of Science and Technology Cluster and Grid Computing Lab

Self-supervised learning usually uses a large amount of unlabeled data to pre-train an encoder which can be used as a general-purpose feature extractor, such that downstream users only need to perform fine-tuning operations to enjoy the benefit of "large model". Despite this promising prospect, the security of pre-trained encoder has not been thoroughly investigated yet, especially when the pre-trained encoder is publicly available for commercial *** this paper, we propose AdvEncoder, the first framework for generating downstream-agnostic universal adversarial examples based on the pre-trained encoder. AdvEncoder aims to construct a universal adversarial perturbation or patch for a set of natural images that can fool all the downstream tasks inheriting the victim pre-trained encoder. Unlike traditional adversarial example works, the pre-trained encoder only outputs feature vectors rather than classification labels. Therefore, we first exploit the high frequency component information of the image to guide the generation of adversarial examples. Then we design a generative attack framework to construct adversarial perturbations/patches by learning the distribution of the attack surrogate dataset to improve their attack success rates and transferability. Our results show that an attacker can successfully attack downstream tasks without knowing either the pre-training dataset or the downstream dataset. We also tailor four defenses for pre-trained encoders, the results of which further prove the attack ability of AdvEncoder. Our codes are available at: https://***/CGCL-codes/AdvEncoder.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Towards making deep learning-based vulnerability detectors robust

arXiv

引用

arXiv 2021年

作者： Li, Zhen Tang, Jing Zou, Deqing Chen, Qian Xu, Shouhuai Zhang, Chao Li, Yichen Jin, Hai The National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab Big Data Security Engineering Research Center School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China The University of Texas at San Antonio San AntonioTX78249 United States The University of Colorado Colorado Springs Colorado SpringsCO80918 United States Tsinghua University Beijing100084 China School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China

Automatically detecting software vulnerabilities in source code is an important problem that has attracted much attention. In particular, deep learning-based vulnerability detectors, or DL-based detectors, are attractive because they do not need human experts to define features or patterns of vulnerabilities. However, such detectors' robustness is unclear. In this paper, we initiate the study in this aspect by demonstrating that DL-based detectors are not robust against simple code transformations, dubbed attacks in this paper, as these transformations may be leveraged for malicious purposes. As a first step towards making DL-based detectors robust against such attacks, we propose an innovative framework, dubbed ZigZag, which is centered at (i) decoupling feature learning and classifier learning and (ii) using a ZigZag-style strategy to iteratively refine them until they converge to robust features and robust classifiers. Experimental results show that the ZigZag framework can substantially improve the robustness of DL-based detectors. Copyright © 2021, The Authors. All rights reserved.

关键词： Feature extraction

来源：评论

学校读者我要写书评

暂无评论

Key distribution strategy of security multicast in grid

引用

Tien Tzu Hsueh Pao/Acta Electronica Sinica 2007年第4期35卷 769-777页

作者： Li, Yun-Fa Jin, Hai Zou, De-Qing Han, Zong-Fen Services Computing Technology and System Laboratory School of Computer Science and Technology Huazhong University of Science and Technology Wuhan 430074 China Cluster and Grid Computing Laboratory School of Computer Science and Technology Huazhong University of Science and Technology Wuhan 430074 China

In grid, it is an important strategy that using multicast to realize the large-scale information resource sharing. However, it is very difficult to ensure the security of multicast. In this paper, based on the basic principles of the centralized key distributed strategy and the distributed key distribution strategy, according to the multicast mechanism in grid, considering the dynamic factors of multicast members, we present the member hierarchy method for key distribution, the member discovery protocol, the clustering protocol and the key distribution strategy, thus constituting the key distribution strategy of security multicast in grid. In order to validate the feasibility and the availability of this strategy, a simulation experiment is done. The results show that it is feasible and efficient to ensure the security multicast in grid.

关键词： Multicasting

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：