检索结果-内蒙古大学图书馆

Contrastive Learning for Robust Android Malware Familial Classification

IEEE Transactions on Dependable and Secure computing 2022年 1-14页

作者： Wu, Yueming Dou, Shihan Zou, Deqing Yang, Wei Qiang, Weizhong Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Shanghai Key Laboratory of Intelligent Information Processing School of Computer Science Fudan University Shanghai China University of Texas at Dallas Dallas USA National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

Due to its open-source nature, Android operating system has been the main target of attackers to exploit. Malware creators always perform different code obfuscations on their apps to hide malicious activities. Features extracted from these obfuscated samples through program analysis contain many useless and disguised features, which leads to many false negatives. To address the issue, in this paper, we demonstrate that obfuscation-resilient malware family analysis can be achieved through contrastive learning. The key insight behind our analysis is that contrastive learning can be used to reduce the difference introduced by obfuscation while amplifying the difference between malware and other types of malware. Based on the proposed analysis, we design a system that can achieve robust and interpretable classification of Android malware. To achieve robust classification, we perform contrastive learning on malware samples to learn an encoder that can automatically extract robust features from malware samples. To achieve interpretable classification, we transform the function call graph of a sample into an image by centrality analysis. Then the corresponding heatmaps can be obtained by visualization techniques. These heatmaps can help users understand why the malware is classified as this family. We implement IFDroid and perform extensive evaluations on two datasets. Experimental results show that IFDroid is superior to state-of-the-art Android malware familial classification systems. Moreover, IFDroid is capable of maintaining a 98.4% F1 on classifying 69,421 obfuscated malware samples. IEEE

关键词： Semantics

来源：评论

学校读者我要写书评

暂无评论

Gradient Boosting-Accelerated Evolution for Multiple-Fault Diagnosis

Gradient Boosting-Accelerated Evolution for Multiple-Fault D...

引用

Design, Automation and Test in Europe Conference and Exhibition

作者： Hongfei Wang Chenliang Luo Deqing Zou Hai Jin Wenjie Cai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Wuhan China Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering Wuhan China Huazhong University of Science and Technology Wuhan China Cluster and Grid Computing Lab School of Computer Science and Technology Wuhan China College of Public Administration Wuhan China

ISBN: (数字)9783981926385

ISBN: (纸本)9798350348606

Logic diagnosis is a key step in yield learning. Multiple faults diagnosis is challenging because of several reasons, including error masking, fault reinforcement, and huge search space for possible fault combinations. This work proposes a two-phase method for multiple-fault diagnosis. The first phase efficiently reduces the potential number of fault candidates through machine learning. The second phase obtains the final diagnosis results, by formulating the task as an combinational optimization problem that is later iteratively solved using binary evolution computation. Experiments shows that our method outperforms two existing methods for multiple-fault diagnosis, and achieves better diagnosability (improved by $1.87\times$ ) and resolution (improved by $1.42\times$ ) compared with a state-of-the-art commercial diagnosis tool.

关键词： Fault diagnosis Adaptation models Computational modeling Fitting Filtering algorithms Boosting Computational efficiency

来源：评论

学校读者我要写书评

暂无评论

EdgeDis: Enabling Fast, Economical, and Reliable Data Dissemination for Mobile Edge computing

arXiv

引用

arXiv 2023年

作者： Li, Bo He, Qiang Chen, Feifei Lyu, Lingjuan Bouguettaya, Athman Yang, Yun The College of Arts Business Law Education and Information Technology Victoria University MelbourneVIC3122 Australia The National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab. Cluster and Grid Computing Lab. School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China The Department of Computing Technologies Swinburne University of Technology MelbourneVIC3122 Australia The School of Information Technology Deakin University Geelong Australia SONY AI Inc. Tokyo108-0075 Japan The School of Computer Science University of Sydney CamperdownNSW2006 Australia

Mobile edge computing (MEC) enables web data caching in close geographic proximity to end users. Popular data can be cached on edge servers located less than hundreds of meters away from end users. This ensures bounded latency guarantees for various latency-sensitive web applications. However, transmitting a large volume of data out of the cloud onto many geographically-distributed web servers individually can be expensive. In addition, web content dissemination may be interrupted by various intentional and accidental events in the volatile MEC environment, which undermines dissemination efficiency and subsequently incurs extra transmission costs. To tackle the above challenges, we present a novel scheme named EdgeDis that coordinates data dissemination by distributed consensus among those servers. We analyze EdgeDis’s validity theoretically and evaluate its performance experimentally. Results demonstrate that compared with baseline and state-of-the-art schemes, EdgeDis: 1) is 5.97x - 7.52x faster;2) reduces dissemination costs by 48.21% to 91.87%;and 3) reduces performance loss caused by dissemination failures by up to 97.30% in time and 96.35% in costs. © 2023, CC BY-NC-SA.

关键词： Efficiency

来源：评论

学校读者我要写书评

暂无评论

Unlearnable 3D Point Clouds: Class-wise Transformation Is All You Need

arXiv

引用

arXiv 2024年

作者： Wang, Xianlong Li, Minghui Liu, Wei Zhang, Hangtao Hu, Shengshan Zhang, Yechao Zhou, Ziqi Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China

Traditional unlearnable strategies have been proposed to prevent unauthorized users from training on the 2D image data. With more 3D point cloud data containing sensitivity information, unauthorized usage of this new type data has also become a serious concern. To address this, we propose the first integral unlearnable framework for 3D point clouds including two processes: (i) we propose an unlearnable data protection scheme, involving a class-wise setting established by a category-adaptive allocation strategy and multi-transformations assigned to samples;(ii) we propose a data restoration scheme that utilizes class-wise inverse matrix transformation, thus enabling authorized-only training for unlearnable data. This restoration process is a practical issue overlooked in most existing unlearnable literature, i.e., even authorized users struggle to gain knowledge from 3D unlearnable data. Both theoretical and empirical results (including 6 datasets, 16 models, and 2 tasks) demonstrate the effectiveness of our proposed unlearnable framework. Our code is availab.e at https://***/CGCL-codes/UnlearnablePC Copyright © 2024, The Authors. All rights reserved.

关键词：

来源：评论

学校读者我要写书评

暂无评论

NumbOD: A Spatial-Frequency Fusion Attack Against Object Detectors

arXiv

引用

arXiv 2024年

作者： Zhou, Ziqi Li, Bowen Song, Yufei Yu, Zhifei Hu, Shengshan Wan, Wei Zhang, Leo Yu Yao, Dezhong Jin, Hai National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Computer Science and Technology Huazhong University of Science and Technology China School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia

With the advancement of deep learning, object detectors (ODs) with various architectures have achieved significant success in complex scenarios like autonomous driving. Previous adversarial attacks against ODs have been focused on designing customized attacks targeting their specific structures (e.g., NMS and RPN), yielding some results but simultaneously constraining their scalab.lity. Moreover, most efforts against ODs stem from image-level attacks originally designed for classification tasks, resulting in redundant computations and disturbances in object-irrelevant areas (e.g., background). Consequently, how to design a model-agnostic efficient attack to comprehensively evaluate the vulnerabilities of ODs remains challenging and unresolved. In this paper, we propose NumbOD, a brand-new spatial-frequency fusion attack against various ODs, aimed at disrupting object detection within images. We directly leverage the features output by the OD without relying on its internal structures to craft adversarial examples. Specifically, we first design a dual-track attack target selection strategy to select high-quality bounding boxes from OD outputs for targeting. Subsequently, we employ directional perturbations to shift and compress predicted boxes and change classification results to deceive ODs. Additionally, we focus on manipulating the high-frequency components of images to confuse ODs' attention on critical objects, thereby enhancing the attack efficiency. Our extensive experiments on nine ODs and two datasets show that NumbOD achieves powerful attack performance and high stealthiness. Copyright © 2024, The Authors. All rights reserved.

关键词： Object detection

来源：评论

学校读者我要写书评

暂无评论

Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability

Why Does Little Robustness Help? A Further Step Towards Unde...

引用

IEEE Symposium on Security and Privacy

作者： Yechao Zhang Shengshan Hu Leo Yu Zhang Junyu Shi Minghui Li Xiaogeng Liu Wei Wan Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering Huazhong University of Science and Technology School of Information and Communication Technology Griffith University School of Software Engineering Huazhong University of Science and Technology Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology

ISBN: (数字)9798350331301

ISBN: (纸本)9798350331318

Adversarial examples for deep neural networks (DNNs) are transferable: examples that successfully fool one white-box surrogate model can also deceive other black-box models with different architectures. Although a bunch of empirical studies have provided guidance on generating highly transferable adversarial examples, many of these findings fail to be well explained and even lead to confusing or inconsistent advice for practical *** this paper, we take a further step towards understanding adversarial transferability, with a particular focus on surrogate aspects. Starting from the intriguing "little robustness" phenomenon, where models adversarially trained with mildly perturbed adversarial samples can serve as better surrogates for transfer attacks, we attribute it to a trade-off between two dominant factors: model smoothness and gradient similarity. Our research focuses on their joint effects on transferability, rather than demonstrating the separate relationships alone. Through a combination of theoretical and empirical analyses, we hypothesize that the data distribution shift induced by off-manifold samples in adversarial training is the reason that impairs gradient *** on these insights, we further explore the impacts of prevalent data augmentation and gradient regularization on transferability and analyze how the trade-off manifests in various training methods, thus building a comprehensive blueprint for the regulation mechanisms behind transferability. Finally, we provide a general route for constructing superior surrogates to boost transferability, which optimizes both model smoothness and gradient similarity simultaneously, e.g., the combination of input gradient regularization and sharpness-aware minimization (SAM), validated by extensive experiments. In summary, we call for attention to the united impacts of these two factors for launching effective transfer attacks, rather than optimizing one while ignoring the other, and emphasize the

关键词： Training Privacy Buildings Closed box Minimization Data augmentation Robustness

来源：评论

学校读者我要写书评

暂无评论

Machine Learning is All You Need: A Simple Token-Based Approach for Effective Code Clone Detection

Machine Learning is All You Need: A Simple Token-Based Appro...

引用

International Conference on Software Engineering (ICSE)

作者： Siyue Feng Wenqi Suo Yueming Wu Deqing Zou Yang Liu Hai Jin Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab Jinyinhu Laboratory Wuhan China School of Cyber Science and Engineering HUST Wuhan China Nanyang Technological University Singapore School of Computer Science and Technology HUST Wuhan China

ISBN: (数字)9798400702174

ISBN: (纸本)9798350382143

As software engineering advances and the code demand rises, the prevalence of code clones has increased. This phenomenon poses risks like vulnerability propagation, underscoring the growing importance of code clone detection techniques. While numerous code clone detection methods have been proposed, they often fall short in real-world code environments. They either struggle to identify code clones effectively or demand substantial time and computational resources to handle complex clones. This paper introduces a code clone detection method namely Toma using tokens and machine learning. Specifically, we extract token type sequences and employ six similarity calculation methods to generate feature vectors. These vectors are then input into a trained machine learning model for classification. To evaluate the effectiveness and scalab.lity of Toma, we conduct experiments on the widely used BigCloneBench dataset. Results show that our tool outperforms token-based code clone detectors and most tree-based clone detectors, demonstrating high effectiveness and significant time savings.

关键词： Codes Scalab.lity Computational modeling Cloning Machine learning Detectors Feature extraction

来源：评论

学校读者我要写书评

暂无评论

Securely Fine-tuning Pre-trained Encoders Against Adversarial Examples

Securely Fine-tuning Pre-trained Encoders Against Adversaria...

引用

IEEE Symposium on Security and Privacy

作者： Ziqi Zhou Minghui Li Wei Liu Shengshan Hu Yechao Zhang Wei Wan Lulu Xue Leo Yu Zhang Dezhong Yao Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology School of Software Engineering Huazhong University of Science and Technology Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering Huazhong University of Science and Technology School of Information and Communication Technology Griffith University

ISBN: (数字)9798350331301

ISBN: (纸本)9798350331318

With the evolution of self-supervised learning, the pre-training paradigm has emerged as a predominant solution within the deep learning landscape. Model providers furnish pre-trained encoders designed to function as versatile feature extractors, enabling downstream users to harness the benefits of expansive models with minimal effort through fine-tuning. Nevertheless, recent works have exposed a vulnerability in pre-trained encoders, highlighting their susceptibility to downstream-agnostic adversarial examples (DAEs) meticulously crafted by attackers. The lingering question pertains to the feasibility of fortifying the robustness of downstream models against DAEs, particularly in scenarios where the pre-trained encoders are publicly accessible to the *** this paper, we initially delve into existing defensive mechanisms against adversarial examples within the pre-training paradigm. Our findings reveal that the failure of current defenses stems from the domain shift between pre-training data and downstream tasks, as well as the sensitivity of encoder parameters. In response to these challenges, we propose Genetic Evolution-Nurtured Adversarial Fine-tuning (Gen-AF), a two-stage adversarial fine-tuning approach aimed at enhancing the robustness of downstream models. Gen-AF employs a genetic-directed dual-track adversarial fine-tuning strategy in its first stage to effectively inherit the pre-trained encoder. This involves optimizing the pre-trained encoder and classifier separately while incorporating genetic regularization to preserve the model’s topology. In the second stage, Gen-AF assesses the robust sensitivity of each layer and creates a dictionary, based on which the top-k robust redundant layers are selected with the remaining layers held fixed. Upon this foundation, we conduct evolutionary adaptability fine-tuning to further enhance the model’s generalizability. Our extensive experiments, conducted across ten self-supervised training methods and six d

关键词： Training Adaptation models Sensitivity Accuracy Self-supervised learning Genetics Feature extraction

来源：评论

学校读者我要写书评

暂无评论

JSRevealer: A Robust Malicious JavaScript Detector against Obfuscation

JSRevealer: A Robust Malicious JavaScript Detector against O...

引用

International Conference on Dependable Systems and Networks (DSN)

作者： Kunlun Ren Weizhong Qiang Yueming Wu Yi Zhou Deqing Zou Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Jinyinhu Laboratory Wuhan China Nanyang Technological University Singapore National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

Due to the convenience and popularity of Web applications, they have become a prime target for attackers. As the main programming language for Web applications, many methods have been proposed for detecting malicious JavaScript, among which static analysis-based methods play an important role because of their high effectiveness and efficiency. However, obfuscation techniques are commonly used in JavaScript, which makes the features extracted by static analysis contain many useless and disguised features, leading to many false positives and false negatives in detection results. In this paper, we propose a novel method to find out the essential features related to the semantics of JavaScript code. Specifically, we develop JS-Revealer, a robust, effective, scalab.e, and interpretable detector for malicious JavaScript. To test the capabilities of JSRevealer, we conduct comparative experiments with four other state-of-the-art malicious JavaScript detection tools. The experimental results show that JSRevealer has an average F1 of 84.8% on the data obfuscated by different obfuscators, which is 21.6%, 22.3%, 18.7%, and 22.9% higher than the tools CUJO, ZOZZLE, JAST, and JSTAP, respectively. Moreover, the detection results of JSRevealer can be interpreted, which can provide meaningful insights for further security research.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Towards Effective and Efficient Error Handling Code Fuzzing Based on Software Fault Injection

Towards Effective and Efficient Error Handling Code Fuzzing ...

引用

IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)

作者： Kang Chen Ming Wen Haoxiang Jia Rongxin Wu Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology (HRUST) Wuhan China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security Jin YinHu Laboratory Wuhan China School of Informatics Xiamen University Xiamen China School of Computer Science and Technology HUST Wuhan China Cluster and Grid Computing Lab

ISBN: (数字)9798350330663

ISBN: (纸本)9798350330670

Software systems often encounter various errors or exceptions in practice, and thus proper error handling code is essential to ensure the reliability of software systems. Unfortunately, error handling code is often bug-prone, while sufficiently testing them is challenging as such code often cannot be triggered under normal conditions. Motivated by this, recent studies have proposed to leverage software fault injection (SFI) based fuzzing to discover potential bugs in complicated error handling code. Despite the promising results achieved, their effectiveness and efficiency are still compromised in practice due to the huge search space of error sites, inadequate fuzzing guidance, and the overhead induced by context-sensitive SFI. To achieve effective and efficient testing of error handling code, this study presents AFL-FI, which first utilizes a similarity-based method to identify suspicious error sites, and then incorporates the idea of error site coverage to guide the fuzzing process. Finally, the design of lightweight context-sensitive SFI enables AFL-FI to execute test cases efficiently. We evaluate AFL-FI on eight large-scale open-source projects, and the results show that it can outperform existing state-of-the-art fuzzing tools significantly in terms of branch code coverage. More importantly, AFL-FI has discovered 13 previously unknown bugs, and all of them have been confirmed while 12 of them have been fixed. Besides, our evaluation also demonstrates that all the key designs of AFL- F I are effective that contribute significantly to its overall performance.

关键词： Codes Computer bugs Fuzzing Software systems Software reliability Testing

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：