检索结果-内蒙古大学图书馆

Proceedings of the 33rd USENIX Conference on security Symposium

作者： Kedong Xiu Ding Wang College of Cyber Science Nankai University Tianjin China and Key Laboratory of Data and Intelligent System Security (NKU) Ministry of Education Tianjin China and Tianjin Key Laboratory of Network and Data Security Technology Nankai University Tianjin China

ISBN: (纸本)9781939133441

Most existing targeted password guessing models view users' reuse behaviors as sequences of edit operations (e.g., insert and delete) performed on old passwords. These atomic edit operations are limited to modifying one character at a time and cannot fully cover users' complex password modification behaviors (e.g., modifying the password structure). This partially leads to a significant gap between the proportion of users' reused passwords and the success rates that existing targeted password models can achieve. To fill this gap, this paper models users' reuse behaviors by focusing on two key components: (1) What they want to copy/keep; (2) What they want to tweak. More specifically, we introduce the pointer mechanism and propose a new targeted guessing model, namely POINTERGUESS. By hierarchically redefining password reuse from both personal and population-wide perspectives, we can accurately and comprehensively characterize users' password reuse behaviors. Moreover, we propose MS-POINTERGUESS, which can employ the victim's multiple leaked *** employing 13 large-scale real-world password datasets, we demonstrate that POINTERGUESS is effective: (1) When the victim's password at site A (namely pwA) is known, within 100 guesses, the average success rate of POINTERGUESS in guessing her password at site B (namely pwB, pwA ≠ pwB) is 25.21% (for common users) and 12.34% (for security-savvy users), respectively, which is 21.23%~71.54% (38.37% on average) higher than its foremost counterparts; (2) When not excluding identical password pairs (i.e., pwA can equal pwB), within 100 guesses, the average success rate of POINTERGUESS is 48.30% (for common users) and 28.42% (for security-savvy users), respectively, which is 6.31%~15.92% higher than its foremost counterparts; (3) Within 100 guesses, the MS-POINTERGUESS further improves the cracking success rate by 31.21% compared to POINTERGUESS.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Coping With a Severely Changing Number of Objectives in Dynamic Multi-Objective Optimization

引用

IEEE Transactions on Evolutionary Computation 2025年

作者： Ruan, Gan Hou, Zhanglu Yao, Xin Lingnan University School of Data Science Hong Kong Xiangtan University Hunan Engineering Research Center of Intelligent System Optimization and Security Hunan Province Xiangtan411105 China

In dynamic multi-objective optimization problems (DMOPs) where the number of objectives changes, the Pareto-optimal set (PS) manifold may expand or contract over time. Knowledge transfer has been utilized to solve DMOPs because it can transfer valuable information from one problem-solving instance (i.e., source) to solving another related problem instance. However, existing transfer approaches suffer from poor diversity and convergence after a severe increase and decrease in the number of objectives, respectively. The reason is that most transfer approaches simply transfer knowledge from the solutions before the change, which causes degeneration in quality of transferred solutions due to dissimilarity between the problem instances before and after the severe change. In this paper, we propose a simple-yet-effective transfer approach, called similarity transfer approach (STA) to tackling a severely changing number of objectives. It selects the historically most similar environment to the current one as the source problem instance and transfers knowledge from that environment. Furthermore, a novel strategy of randomization enhancing transfer diversity is proposed in STA if the transfer from the most similar environment still lacks sufficient diversity when increasing the number of objectives. Comprehensive studies using 13 DMOP benchmarks with a severely changing number of objectives demonstrate that our proposed STA is effective in improving solution quality not only immediately after changes but also after optimization, in comparison to state-of-the-art algorithms. © 1997-2012 IEEE.

关键词： Optimization algorithms

来源：评论

学校读者我要写书评

暂无评论

Mining User–Item Interactions via Knowledge Graph for Recommendation

引用

ACM Transactions on Recommender systems 2025年第3期3卷 1-19页

作者： Shenghao Liu Lingyun Lu Bang Wang Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Hubei Key Laboratory of Smart Internet Technology School of Electronic Information and Communications Huazhong University of Science and Technology (HUST) Wuhan China

Introducing a Knowledge Graph (KG) to facilitate a recommender system has become a tendency in recent years. Many existing methods leverage KGs to obtain side information of items to promote item representation learning for enhancing recommendation performance. However, they ignore that KGs also may contribute to better user representation learning. To solve this issue, we propose a novel algorithm, the KIGR (Knowledge-aware Interaction Graph for Recommendation), to mine user–item interactions via KGs for assisting user representation learning. Specifically, a user–item interaction is encoded by attentively summing up the relation embedding about the item in the KG. Then, an unsupervised learning method is used to group the user–item interactions into different latent types. Further, a user–item interaction graph is divided into several subgraphs, which is referred to as a Knowledge-aware Interaction Graph, making each subgraph only contain one latent type of interaction. Finally, user representation is the fusion of user interest embedding, which is learned on the knowledge-aware interaction graph, whereas item representation is learned on the KG. Experimental results on MovieLens, LastFM and Amazon-Book validate that the proposed KIGR has a superior performance compared with the state-of-the-art algorithms.

关键词： Recommendation system knowledge graph graph neural network

来源：评论

学校读者我要写书评

暂无评论

Differential-Trust-Mechanism Based Trade-off Method Between Privacy and Accuracy in Recommender systems

引用

IEEE Transactions on Information Forensics and security 2025年 20卷 5054-5068页

作者： Xu, Guangquan Feng, Shicheng Xi, Hao Yan, Qingyang Li, Wenshan Wang, Cong Wang, Wei Liu, Shaoying Tian, Zhihong Zheng, Xi Qingdao Huanghai University School of Big Data Qingdao China Tianjin University College of Intelligence and Computing Tianjin300350 China KLISS and School of Software Beijing100084 China Sichuan University School of Cyber Science and Engineering Chengdu610207 China Xi’an Jiaotong University School of Cyber Science and Engineering Xi’an710049 China East China Normal University Shanghai200062 China Hiroshima University School of Informatics and Data Science Higashihiroshima739-8511 Japan Guangzhou University Cyberspace Institute of Advanced Technology Guangdong Key Laboratory of Industrial Control System Security Huangpu Research School of Guangzhou University China Macquarie University School of Computing SydneyNSW2109 Australia

In the era where Web3.0 values data security and privacy, adopting groundbreaking methods to enhance privacy in recommender systems is crucial. Recommender systems need to balance privacy and accuracy, while also having the ability to overcome cold start problems. The Differential Trust Mechanism (DTM) introduced in this paper is such an approach. The DTM provides a unique use of Gaussian distributions in modeling trust relationships within data, offering a novel way to balance recommendation accuracy with user privacy. This mechanism innovatively applies differential privacy principles, using Gaussian noise addition to protect individual user data from inference attacks, while maintaining the integrity and utility of the overall dataset. Unlike traditional anonymization techniques that often compromise data utility or vulnerability to reverse engineering, DTM provides a robust solution by dynamically adjusting privacy levels based on the trustworthiness of data requests. By combining DTM with existing mainstream recommendation algorithms, the prediction accuracy of MAE and RMSE increases by at least 6.60% and 2.69%, respectively. This dual benefit positions DTM as a significant advancement in secure data processing, especially relevant for online businesses and platforms where personalized recommendations are crucial yet privacy concerns are paramount. © 2005-2012 IEEE.

关键词： Sensitive data

来源：评论

学校读者我要写书评

暂无评论

BadToken: Token-level Backdoor Attacks to Multi-modal Large Language Models

arXiv

引用

arXiv 2025年

作者： Yuan, Zenghui Shi, Jiawen Zhou, Pan Gong, Neil Zhenqiang Sun, Lichao Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology China Duke University United States Lehigh University United States

Multi-modal large language models (MLLMs) extend large language models (LLMs) to process multi-modal information, enabling them to generate responses to image-text inputs. MLLMs have been incorporated into diverse multimodal applications, such as autonomous driving and medical diagnosis, via plug-and-play without fine-tuning. This deployment paradigm increases the vulnerability of MLLMs to backdoor attacks. However, existing backdoor attacks against MLLMs achieve limited effectiveness and stealthiness. In this work, we propose BadToken, the first token-level backdoor attack to MLLMs. BadToken introduces two novel backdoor behaviors: Token-substitution and Token-addition, which enable flexible and stealthy attacks by making token-level modifications to the original output for backdoored inputs. We formulate a general optimization problem that considers the two backdoor behaviors to maximize the attack effectiveness. We evaluate BadToken on two open-source MLLMs and various tasks. Our results show that our attack maintains the model’s utility while achieving high attack success rates and stealthiness. We also show the real-world threats of BadToken in two scenarios, i.e., autonomous driving and medical diagnosis. Furthermore, we consider defenses including fine-tuning and input purification. Our results highlight the threat of our attack. Copyright © 2025, The Authors. All rights reserved.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Energy-efficient and Privacy-preserving Edge Intelligence for 6G-Empowered Intelligent Transportation systems

引用

IEEE Network 2025年

作者： Zhu, Chenlu Fan, Xiaoxuan Deng, Xianjun Xiao, Ziheng Guo, Tingting Liu, Shenghao Sun, Jiaqi Park, Jong Hyuk Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China Wuhan Kedao Geographic Information Engineering Co. Wuhan China Department of Computer Science and Engineering Seoul National University of Science and Technology Seoul Korea Republic of

6G-empowered Intelligent Transportation systems (ITS) generate large amounts of data through millions of devices and sensors at the terminal and network edge. Edge intelligence advances the frontier of data-driven artificial intelligence (AI) to the network edge, which enables AI applications to better utilize edge data. Broader connectivity, higher device density, and stronger data exchange present challenges for reliable device communication and privacy data protection in 6G-empowered ITS. To address these challenges, this paper proposes an energy-efficient and privacy-preserving edge intelligence framework named EP-EI. EP-EI deploys a deep reinforcement learning-based cluster head selection model at the edge to ensure energy-efficient communication for terminal devices. Meanwhile, EP-EI designs a privacy-aware hierarchical computing framework for terminal-edge-cloud to prevent privacy leakage. Furthermore, the application scenarios, challenges, and future directions of EP-EI are discussed. Finally, simulation experiments in a specific intelligent transportation case study demonstrate that EP-EI can provide energy-efficient and privacy-protecting services. © 2025 IEEE.

关键词： Differential privacy

来源：评论

学校读者我要写书评

暂无评论

Personalized Local Differential Privacy for Multi-dimensional Range Queries over Mobile User data

引用

IEEE Transactions on Mobile Computing 2025年

作者： He, Yuanyuan Wang, Meiqi Deng, Xianjun Yang, Peng Xue, Qiao Yang, Laurence T. Huazhong University of Science and Technology Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Wuhan430074 China Huazhong University of Science and Technology School of Electronic Information and Communications Wuhan430074 China Nanjing University of Aeronautics and Astronautics College of Computer Science and Technology Nanjing210000 China

Multi-dimensional range queries performed on the mobile user data records become increasingly important and popular in the fields of e-commerce, social media, transportation logistics, etc. Meanwhile, mobile users usually have different privacy requirements for different attributes of the records. A straightforward and effective approach is to first get low-dimensional range query outcomes by using existing LDP mechanisms at different privacy levels, and then derive high-dimensional range query results at each level, and finally aggregate the results from all levels. However, it incurs low utility of the query results, since the non-fixed privacy budgets and the correlation between dimensions (attributes) detrimentally impact the utility of LDP methods, ultimately rendering them ineffective in practice. In this paper, we propose a new Personalized LDP approach for Multi-dimensional Range queries (PLDP-MR) over mobile user data, consisting of the user grouping, data perturbing, data re-perturbing, and range query results aggregating steps. First, PLDP-MR offers flexible dual grouping based on user-selected privacy levels and relevant attributes to obtain the corresponding one-dimensional and two-dimensional grids. PLDP-MR optimizes the grid granularity to minimize errors from perturbing users' attribute data with different LDP noises at non-fixed privacy levels. Furthermore, PLDP-MR carefully re-perturbs the LDP-noisy data from mobile users at lower privacy levels (i.e., having the higher utility) to achieve LDP with higher privacy levels and supplement the data volume of the corresponding groups. Thus, the data utility is effectively improved without additional privacy losses. Finally, PLDP-MR aggregates the frequencies in all the one-dimensional and two-dimensional grids related to the multi-dimensional range query at all query intervals and all privacy levels to derive the final query result with considering the correlation between attributes. The aggregations use

关键词： data privacy

来源：评论

学校读者我要写书评

暂无评论

Location Privacy Preservation Crowdsensing With Federated Reinforcement Learning

引用

IEEE Transactions on Dependable and Secure Computing 2025年第3期22卷 1877-1894页

作者： You, Zhichao Dong, Xuewen Liu, Ximeng Gao, Sheng Wang, Yongzhi Shen, Yulong Xidian University School of Computer Science and Technology The Engineering Research Center of Blockchain Technology Application and Evaluation Ministry of Education Xi'an710071 China Shaanxi Key Laboratory of Blockchain and Secure Computing Xi'an710071 China Fuzhou University College of Computer and Data Science Fuzhou350025 China Central University of Finance and Economics School of Information Beijing102206 China California State Polytechnic University Pomona Department of Computer Information Systems PomonaCA91768 United States Xidian University School of Computer Science and Technology Xi'an710071 China Shaanxi Key Laboratory of Network and System Security Xi'an710071 China

Crowdsensing has become a popular method of sensing data collection while facing the problem of protecting participants' location privacy. Existing location-privacy crowdsensing mechanisms focus on static tasks and participants without considering sensing tasks' time requirements and participants' mobility, which cannot achieve satisfactory collected data quality and task completion in crowdsensing with dynamic tasks and participants. Inspired by this, we proposed a location-preservation crowdsensing mechanism, FedSense, considering dynamic tasks and participants based on federated learning (FL) and reinforcement learning (RL). In FedSense, through RL's outstanding decision-making ability, participants select sensing tasks to perform by well-trained RL models without uploading location information to servers for task allocation. We propose an independent tasks selection environment that defines actions, states, and rewards of RL to enable FedSense to achieve satisfactory task completion and data quality while preserving location privacy. Besides, FedSense applies an asynchronous FL aggregation algorithm that reduces participants' network stabilization and device computing ability requirements. Analysis proves that participants' location information does not leave the local device during the model training and task selection process, effectively avoiding privacy leakage. Simulation shows that compared with existing location-preservation crowdsensing mechanisms, FedSense achieves the highest task completion and sensing accuracy for dynamic tasks and participants. © 2024 IEEE.

关键词： data privacy

来源：评论

学校读者我要写书评

暂无评论

Privacy Law Enforcement Under Centralized Governance: A Qualitative Analysis of Four Years’ Special Privacy Rectification Campaigns

arXiv

引用

arXiv 2025年

作者： Jing, Tao Li, Yao Ye, Jingzhou Wang, Jie Wang, Xueqiang School of Cyber Science and Engineering Huazhong University of Science and Technology China JinYinHu Laboratory China University of Central Florida United States Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology China

In recent years, major privacy laws like the GDPR have brought about positive changes. However, challenges remain in enforcing the laws, particularly due to under-resourced regulators facing a large number of potential privacy-violating software applications (apps) and the high costs of investigating them. Since 2019, China has launched a series of privacy enforcement campaigns known as Special Privacy Rectification Campaigns (SPRCs) to address widespread privacy violations in its mobile application (app) ecosystem. Unlike the enforcement of the GDPR, SPRCs are characterized by large-scale privacy reviews and strict sanctions, under the strong control of central authorities. In SPRCs, central government authorities issue administrative orders to mobilize various resources for market-wide privacy reviews of mobile apps. They enforce strict sanctions by requiring privacy-violating apps to rectify issues within a short timeframe or face removal from app stores. While there are a few reports on SPRCs, the effectiveness and potential problems of this campaign-style privacy enforcement approach remain unclear to the community. In this study, we conducted 18 semi-structured interviews with app-related engineers involved in SPRCs to better understand the campaign-style privacy enforcement. Based on the interviews, we reported our findings on a variety of aspects of SPRCs, such as the processes that app engineers regularly follow to achieve privacy compliance in SPRCs, the challenges they encounter, the solutions they adopt to address these challenges, and the impacts of SPRCs, etc. We found that app engineers face a series of challenges in achieving privacy compliance in their apps. For example, they receive inconsistent app privacy review reports from multiple app stores and have difficulties confirming the issues flagged by these reports;they also lack institutional support for studying privacy laws, self-validating privacy compliance of their apps, communicating effectiv

关键词： Differential privacy

来源：评论

学校读者我要写书评

暂无评论

COMMITSHIELD: Tracking Vulnerability Introduction and Fix in Version Control systems

arXiv

引用

arXiv 2025年

作者： Wu, Zhaonan Zhao, Yanjie Wei, Chen Wan, Zirui Liu, Yue Wang, Haoyu Huazhong University of Science and Technology Wuhan China MYbank Ant Group Hangzhou China Monash University Melbourne Australia Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology China

Version control systems are commonly used to manage open-source software, in which each commit may introduce new vulnerabilities or fix existing ones. Researchers have developed various tools for detecting vulnerabilities in code commits, but their performance is limited by factors such as neglecting descriptive data and challenges in accurately identifying vulnerability introductions. To overcome these limitations, we propose COMMITSHIELD, which combines the code analysis capabilities of static analysis tools with the natural language and code understanding capabilities of large language models (LLMs) to enhance the accuracy of vulnerability introduction and fix detection by generating precise descriptions and obtaining rich patch contexts. We evaluate COMMITSHIELD using the newly constructed vulnerability fix dataset, CommitVulFix, and a cleaned vulnerability introduction dataset. Experimental results indicate that COMMITSHIELD improves recall by 74%-77% over state-of-the-art methods in the vulnerability fix detection task, and its F1-score improves by 15%-27% in the vulnerability introduction detection task. Copyright © 2025, The Authors. All rights reserved.

关键词： Open source software

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：