检索结果-内蒙古大学图书馆

International Conference on Software Engineering (ICSE)

作者： Zhen Li Ning Wang Deqing Zou Yating Li Ruqian Zhang Shouhuai Xu Chao Zhang Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Jin YinHu Laboratory Wuhan China Department of Computer Science University of Colorado Colorado Springs Colorado Springs Colorado USA Institute for Network Sciences and Cyberspace Tsinghua University Beijing China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

ISBN: (数字)9798400702174

ISBN: (纸本)9798350382143

Software vulnerabilities are a major cyber threat and it is important to detect them. One important approach to detecting vulnerabilities is to use deep learning while treating a program function as a whole, known as function-level vulnerability detectors. However, the limitation of this approach is not understood. In this paper, we investigate its limitation in detecting one class of vulnerabilities known as inter-procedural vulnerabilities, where the to-be-patched statements and the vulnerability-triggering statements belong to different functions. For this purpose, we create the first Inter -Procedural Vulnerability Dataset (InterPVD) based on C/C++ open-source software, and we propose a tool dubbed VulTrigger for identifying vulnerability-triggering statements across functions. Experimental results show that VulTrigger can effectively identify vulnerability-triggering statements and inter-procedural vulnerabilities. Our findings include: (i) inter-procedural vulnerabilities are prevalent with an average of 2.8 inter-procedural layers; and (ii) function-level vulner-ability detectors are much less effective in detecting to-be-patched functions of inter-procedural vulnerabilities than detecting their counterparts of intra-procedural vulnerabilities.

关键词： Deep learning Detectors Open source software Software engineering

来源：评论

学校读者我要写书评

暂无评论

ECLIPSE: Expunging Clean-label Indiscriminate Poisons via Sparse Diffusion Purification

arXiv

引用

arXiv 2024年

作者： Wang, Xianlong Hu, Shengshan Zhang, Yechao Zhou, Ziqi Zhang, Leo Yu Xu, Peng Wan, Wei Jin, Hai National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China School of Information and Communication Technology Griffith University SouthportQLD4215 Australia

Clean-label indiscriminate poisoning attacks add invisible perturbations to correctly labeled training images, thus dramatically reducing the generalization capability of the victim models. Recently, defense mechanisms such as adversarial training, image transformation techniques, and image purification have been proposed. However, these schemes are either susceptible to adaptive attacks, built on unrealistic assumptions, or only effective against specific poison types, limiting their universal applicability. In this research, we propose a more universally effective, practical, and robust defense scheme called ECLIPSE. We first investigate the impact of Gaussian noise on the poisons and theoretically prove that any kind of poison will be largely assimilated when imposing sufficient random noise. In light of this, we assume the victim has access to an extremely limited number of clean images (a more practical scene) and subsequently enlarge this sparse set for training a denoising probabilistic model (a universal denoising tool). We then introduce Gaussian noise to absorb the poisons and apply the model for denoising, resulting in a roughly purified dataset. Finally, to address the trade-off of the inconsistency in the assimilation sensitivity of different poisons by Gaussian noise, we propose a lightweight corruption compensation module to effectively eliminate residual poisons, providing a more universal defense approach. Extensive experiments demonstrate that our defense approach outperforms 10 state-of-the-art defenses. We also propose an adaptive attack against ECLIPSE and verify the robustness of our defense scheme. Our code is available at https://***/CGCL-codes/ECLIPSE. Copyright © 2024, The Authors. All rights reserved.

关键词： Deep neural networks

来源：评论

学校读者我要写书评

暂无评论

Graph Contrastive Learning with Progressive Augmentations 25

Graph Contrastive Learning with Progressive Augmentations

引用

Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V.1

作者： Yuhai Zhao Yejiang Wang Zhengkui Wang Wen Shan Miaomiao Huang Xingwei Wang School of Computer Science and Engineering Key Laboratory of Intelligent Computing in Medical Image of Ministry of Education Northeastern University Shenyang Liaoning China InfoComm Technology Cluster Singapore Institute of Technology Singapore Singapore Singapore University of Social Sciences Singapore Singapore School of Computer Science and Engineering Northeastern University Shenyang Liaoning China

ISBN: (纸本)9798400712456

To be still yet still moving. - Do Hyun ChoeGraph contrastive learning (GCL) has recently gained prominence in unsupervised graph representation learning. Traditional GCL approaches generally focus on creating a single contrastive view alongside the main graph view, targeting invariant representation learning in a static framework. Our study introduces a novel manner: despite using static graphs, we aim to learn invariant representations by generating a series of evolving contrastive views with temporal coherence and multi-viewpoint insights at various granularities. In this context, we propose the Progressive Augmentation framework for Graph Contrastive Learning (PaGCL). This framework advances beyond traditional methods by producing a sequence of augmented views, each evolving from the previous one, and assigning timestamps based on piecewise smoothness. This approach enables our model to more effectively extract invariant features from these dynamic views, capturing multi-grained structural and temporal information. Our experiments on diverse benchmark datasets demonstrate that PaGCL significantly outperforms current state-of-the-art methods.

关键词： graph representation learning}

来源：评论

学校读者我要写书评

暂无评论

On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities

arXiv

引用

arXiv 2024年

作者： Li, Zhen Wang, Ning Zou, Deqing Li, Yating Zhang, Ruqian Xu, Shouhuai Zhang, Chao Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Department of Computer Science University of Colorado Colorado Springs Colorado SpringsCO United States Institute for Network Sciences and Cyberspace Tsinghua University Beijing China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab China JinYinHu Laboratory Wuhan China

Software vulnerabilities are a major cyber threat and it is important to detect them. One important approach to detecting vulnerabilities is to use deep learning while treating a program function as a whole, known as function-level vulnerability detectors. However, the limitation of this approach is not understood. In this paper, we investigate its limitation in detecting one class of vulnerabilities known as inter-procedural vulnerabilities, where the to-be-patched statements and the vulnerability-triggering statements belong to different functions. For this purpose, we create the first Inter-Procedural Vulnerability Dataset (InterPVD) based on C/C++ open-source software, and we propose a tool dubbed VulTrigger for identifying vulnerability-triggering statements across functions. Experimental results show that VulTrigger can effectively identify vulnerability-triggering statements and inter-procedural vulnerabilities. Our findings include: (i) inter-procedural vulnerabilities are prevalent with an average of 2.8 inter-procedural layers;and (ii) function-level vulnerability detectors are much less effective in detecting to-be-patched functions of inter-procedural vulnerabilities than detecting their counterparts of intra-procedural vulnerabilities. Copyright © 2024, The Authors. All rights reserved.

关键词： Open source software

来源：评论

学校读者我要写书评

暂无评论

PSMiner: A Pattern-Aware Accelerator for High-Performance Streaming Graph Pattern Mining

PSMiner: A Pattern-Aware Accelerator for High-Performance St...

引用

Design Automation Conference

作者： Hao Qi Yu Zhang Ligang He Kang Luo Jun Huang Haoyu Lu Jin Zhao Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology China Zhejiang Lab Zhejiang-HUST Joint Research Center for Graph Processing China Department of Computer Science University of Warwick United Kingdom

Streaming Graph Pattern Mining (GPM) has been widely used in many application fields. However, the existing streaming GPM solution suffers from many unnecessary explorations and isomorphism tests, while the existing static GPM ones require many repetitive operations to compute the full graph. In this paper, we propose a pattern-aware incremental execution approach and design the first streaming GPM accelerator called PSMiner, which integrates multiple optimizations to reduce redundant computation and improve computing efficiency. We have conducted extensive experiments. The results show that compared with the state-of-the-art software and hardware solutions, PSMiner achieves the average speedups of 770.9× and 60.4×, respectively.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Effective Concurrency Testing for Go via Directional Primitive-Constrained Interleaving Exploration

Effective Concurrency Testing for Go via Directional Primiti...

引用

IEEE International Conference on Automated Software Engineering (ASE)

作者： Zongze Jiang Ming Wen Yixin Yang Chao Peng Ping Yang Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology China Hubei Key Laboratory of Distributed System Security Services Computing Technology and System Lab Cluster and Grid Computing Lab Hubei Engineering Research Center on Big Data Security National Engineering Research Center for Big Data Technology and System ByteDance Beijing China School of Computer Science and Technology Huazhong University of Science and Technology China

The Go language (Go/Golang) has been attracting increasing attention from the industry over recent years due to its strong concurrency support and ease of deployment. This programming language encourages developers to use channel-based concurrency, which simplifies the development of concurrent programs. Unfortunately, it also introduces new concurrency problems that differ from those caused by the mechanism of shared memory concurrency. However, there are only few works that aim to detect such Go-specific concurrency issues. Even state-of-the-art testing tools will miss critical concurrent bugs that require fine-grained and effective interleaving exploration. This paper presents GoPie, a novel testing approach for detecting Go concurrency bugs through primitive-constrained interleaving exploration. GoPie utilizes execution histories to identify new interleavings instead of relying on exhaustive exploration or random scheduling. To evaluate its performance, we applied GoPie to existing benchmarks and large-scale open-source projects. Results show that GoPie can effectively explore concurrent interleavings and detect significantly more bugs in the benchmark. Furthermore, it uncovered 11 unique previously unknown concurrent bugs, and 9 of which have been confirmed.

关键词：

来源：评论

学校读者我要写书评

暂无评论

SocialEdge: Socialized Learning-Based Request Scheduling for Edge-Cloud Systems

SocialEdge: Socialized Learning-Based Request Scheduling for...

引用

International Conference on Distributed computing Systems

作者： Ziwei Wang Yunfeng Zhao Chao Qiu Qiang He Xin Wang Xiaofei Wang Qinghua Hu College of Intelligence and Computing Tianjin University Tianjin China Guangdong Laboratory of Artificial Intelligence and DigitalEconomy (SZ) Shenzhen China School of Computer Science and Technology Huazhong University of Science and Technology China Department of Computing Technologies Swinburne University of Technology Australia National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab Huazhong University of Science and Technology Wuhan China

The ability for cloud data centres and edge data centres to collaborate unleashes the potential of the edge-cloud system. However, its sophistication causes unexpected issues in request scheduling, such as Insufficient intelligence, complicated hierarchy and limited cooperation. Traditional resource optimization methods for the edge-cloud system struggle to accommodate such intricate situations. In this paper, inspired by the behaviors and regulations in human society, we propose a socialized learning-based scheduling approach for the edge-cloud system, namely SocialEdge. In order to adapt to time-varying requests and dynamic service prevalence, we propose a learning-based approach, multi-agent advantage actor-critic (MAA2C) and graph convolutional networks-based MAA2C for two phases, respectively, which can improve individual intelligence to achieve optimal dispatch and orchestration decisions. Then, to make use of hierarchy correlation, we develop the socialized refining inter the layers, where inference results from one layer guide the training process of the other layer so that optimization-critical knowledge can be abstracted. Besides, we apply socialized cooperation to each layer, where federated averaging with MAA2C is implemented to ensure cooperation over private data for achieving optimal global solutions. Experimental evaluations on a proof-of-concept testbed along with two real traces demonstrate that baselines have 105% more delay than SocialEdge while being 76.6% less time efficiency and 21.6% less throughput.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Downstream-agnostic Adversarial Examples

Downstream-agnostic Adversarial Examples

引用

International Conference on computer Vision (ICCV)

作者： Ziqi Zhou Shengshan Hu Ruizhi Zhao Qian Wang Leo Yu Zhang Junhui Hou Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Wuhan University School of Information and Communication Technology Griffith University Department of Computer Science City University of Hong Kong School of Computer Science and Technology Huazhong University of Science and Technology Cluster and Grid Computing Lab

Self-supervised learning usually uses a large amount of unlabeled data to pre-train an encoder which can be used as a general-purpose feature extractor, such that downstream users only need to perform fine-tuning operations to enjoy the benefit of "large model". Despite this promising prospect, the security of pre-trained encoder has not been thoroughly investigated yet, especially when the pre-trained encoder is publicly available for commercial *** this paper, we propose AdvEncoder, the first framework for generating downstream-agnostic universal adversarial examples based on the pre-trained encoder. AdvEncoder aims to construct a universal adversarial perturbation or patch for a set of natural images that can fool all the downstream tasks inheriting the victim pre-trained encoder. Unlike traditional adversarial example works, the pre-trained encoder only outputs feature vectors rather than classification labels. Therefore, we first exploit the high frequency component information of the image to guide the generation of adversarial examples. Then we design a generative attack framework to construct adversarial perturbations/patches by learning the distribution of the attack surrogate dataset to improve their attack success rates and transferability. Our results show that an attacker can successfully attack downstream tasks without knowing either the pre-training dataset or the downstream dataset. We also tailor four defenses for pre-trained encoders, the results of which further prove the attack ability of AdvEncoder. Our codes are available at: https://***/CGCL-codes/AdvEncoder.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning

arXiv

引用

arXiv 2024年

作者： Du, Xiaohu Wen, Ming Zhu, Jiahao Xie, Zifan Ji, Bin Liu, Huijun Shi, Xuanhua Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China College of Computer National University of Defense Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab HUST Wuhan430074 China Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security HUST Wuhan430074 China JinYinHu Laboratory Wuhan430077 China Cluster and Grid Computing Lab HUST Wuhan430074 China

Code Pre-trained Models (CodePTMs) based vulnerability detection have achieved promising results over recent years. However, these models struggle to generalize as they typically learn superficial mapping from source code to labels instead of understanding the root causes of code vulnerabilities, resulting in poor performance in real-world scenarios beyond the training instances. To tackle this challenge, we introduce VulLLM, a novel framework that integrates multi-task learning with Large Language Models (LLMs) to effectively mine deep-seated vulnerability features. Specifically, we construct two auxiliary tasks beyond the vulnerability detection task. First, we utilize the vulnerability patches to construct a vulnerability localization task. Second, based on the vulnerability features extracted from patches, we leverage GPT-4 to construct a vulnerability interpretation task. VulLLM innovatively augments vulnerability classification by leveraging generative LLMs to understand complex vulnerability patterns, thus compelling the model to capture the root causes of vulnerabilities rather than overfitting to spurious features of a single task. The experiments conducted on six large datasets demonstrate that VulLLM surpasses seven state-of-the-art models in terms of effectiveness, generalization, and robustness. © 2024, CC BY.

关键词： Large datasets

来源：评论

学校读者我要写书评

暂无评论

Validating SMT Solvers via Skeleton Enumeration Empowered by Historical Bug-Triggering Inputs

Validating SMT Solvers via Skeleton Enumeration Empowered by...

引用

International Conference on Software Engineering (ICSE)

作者： Maolin Sun Yibiao Yang Ming Wen Yongcong Wang Yuming Zhou Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology China Hubei Key Laboratory of Distributed System Security Services Computing Technology and System Lab Cluster and Grid Computing Lab Hubei Engineering Research Center on Big Data Security National Engineering Research Center for Big Data Technology and System State Key Laboratory for Novel Software Technology Nanjing University China School of Computer Science and Technology Huazhong University of Science and Technology China

SMT solvers check the satisfiability of logic formulas over first-order theories, which have been utilized in a rich number of critical applications, such as software verification, test case generation, and program synthesis. Bugs hidden in SMT solvers would severely mislead those applications and further cause severe consequences. Therefore, ensuring the reliability and robustness of SMT solvers is of critical importance. Although many approaches have been proposed to test SMT solvers, it is still a challenge to discover bugs effectively. To tackle such a challenge, we conduct an empirical study on the historical bug-triggering formulas in SMT solvers' bug tracking systems. We observe that the historical bug-triggering formulas contain valuable skeletons (i.e., core structures of formulas) as well as associated atomic formulas which can cast significant impacts on formulas' ability in triggering bugs. Therefore, we propose a novel approach that utilizes the skeletons extracted from the historical bug-triggering formulas and enumerates atomic formulas under the guidance of association rules derived from historical formulas. In this study, we realized our approach as a practical fuzzing tool HistFuzz and conducted extensive testing on the well-known SMT solvers Z3 and cvc5. To date, HistFuzz has found 111 confirmed new bugs for Z3 and cvc5, of which 108 have been fixed by the developers. More notably, out of the confirmed bugs, 23 are soundness bugs and invalid model bugs found in the solvers' default mode, which are essential for SMT solvers. In addition, our experiments also demonstrate that HistFuzz outperforms the state-of-the-art SMT solver fuzzers in terms of achieved code coverage and effectiveness.

关键词：

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：