检索结果-内蒙古大学图书馆

Large Language Model Supply Chain: A Research Agenda

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Wang, Shenao Zhao, Yanjie Hou, Xinyi Wang, Haoyu Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China

The rapid advancement of large language models (LLMs) has revolutionized artificial intelligence, introducing unprecedented capabilities in natural language processing and multimodal content generation. However, the increasing complexity and scale of these models have given rise to a multifaceted supply chain that presents unique challenges across infrastructure, foundation models, and downstream applications. This paper provides the first comprehensive research agenda of the LLM supply chain, offering a structured approach to identify critical challenges and opportunities through the dual lenses of software engineering (SE) and security & privacy (S&P). We begin by establishing a clear definition of the LLM supply chain, encompassing its components and dependencies. We then analyze each layer of the supply chain, presenting a vision for robust and secure LLM development, reviewing the current state of practices and technologies, and identifying key challenges and research opportunities. This work aims to bridge the existing research gap in systematically understanding the multifaceted issues within the LLM supply chain, offering valuable insights to guide future efforts in this rapidly evolving domain. Copyright © 2024, The Authors. All rights reserved.

关键词： Natural language processing systems

WaDec: Decompiling WebAssembly Using Large Language Model

学校读者我要写书评

暂无评论

arXiv 2024年

作者： She, Xinyu Zhao, Yanjie Wang, Haoyu Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China

WebAssembly (abbreviated Wasm) has emerged as a cornerstone of web development, offering a compact binary format that allows high-performance applications to run at near-native speeds in web browsers. Despite its advantages, Wasm’s binary nature presents significant challenges for developers and researchers, particularly regarding readability when debugging or analyzing web applications. Therefore, effective decompilation becomes crucial. Unfortunately, traditional decompilers often struggle with producing readable outputs. While some large language model (LLM)-based decompilers have shown good compatibility with general binary files, they still face specific challenges when dealing with Wasm. In this paper, we introduce a novel approach, WaDec, which is the first use of a fine-tuned LLM to interpret and decompile Wasm binary code into a higher-level, more comprehensible source code representation. The LLM was meticulously fine-tuned using a specialized dataset of wat-c code snippets, employing self-supervised learning techniques. This enables WaDec to effectively decompile not only complete wat functions but also finer-grained wat code snippets. Our experiments demonstrate that WaDec markedly outperforms current state-of-the-art tools, offering substantial improvements across several metrics. It achieves a code inflation rate of only 3.34%, a dramatic 97% reduction compared to the state-ofthe-art’s 116.94%. Unlike the output of baselines that cannot be directly compiled or executed, WaDec maintains a recompilability rate of 52.11%, a re-execution rate of 43.55%, and an output consistency of 27.15%. Additionally, it significantly exceeds state-of-the-art performance in AST edit distance similarity by 185%, cyclomatic complexity by 8%, and cosine similarity by 41%, achieving an average code similarity above 50%. In summary, WaDec enhances understanding of the code’s structure and execution flow, facilitating automated code analysis, optimization, and security auditin

关键词： Web browsers

Traceable Ring Signature Scheme in Internet of Vehicles Based on Lattice Cryptography

学校读者我要写书评

暂无评论

Traceable Ring Signature Scheme in Internet of Vehicles Base...

IEEE International Conference on Big Data and Cloud Computing (BdCloud)

作者： Wei Liao Lansheng Han Peng Chen Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China

Lattice cryptography, as a recognized Cryptosystem that can resist quantum computation, has great potential for development. Lattice based signature scheme is currently a research focus. In this paper, the traceable ring signature scheme based on lattice cryptography in the Internet of Vehicles (IoV) environment is studied. Firstly, users’ public and private keys are generated on the lattice, which effectively reduces the key size and time cost. Secondly, the scheme also achieves traceability by adding additional information. The scheme satisfies strong unforgeability, traceability, and anonymity. In addition, the traceable ring signature scheme based on lattice cryptography is applied in the IoV environment to effectively protect user privacy. Model communication can not only protect user privacy, but also trace the signer when necessary, achieving a balance between security and privacy. The simulation results show that the average delay of IoV of our scheme is better than that of similar schemes. The research in this paper improves the security of data transmission in the IoV environment, enables it to adapt to the complex and changeable new network environment, and effectively guarantees the information security of vehicles and owners.

关键词：

AutoSlicer: Automatic Program Partitioning for Securing Sensitive Data Based-on Data Dependency Analysis and Code Refactoring

学校读者我要写书评

暂无评论

AutoSlicer: Automatic Program Partitioning for Securing Sens...

IEEE International Conference on Trust, security and Privacy in Computing and Communications (TrustCom)

作者： Weizhong Qiang Hao Luo Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China

Legacy programs are normally monolithic (that is, all code runs in a single process and is not partitioned), and a bug in a program may result in the entire program being vulnerable and therefore untrusted. Program partitioning can be used to separate a program into multiple partitions, so as to isolate sensitive data or privileged operations. Manual program partitioning requires programmers to rewrite the entire source code, which is cumbersome, error-prone, and not generic. Automatic program partitioning tools can separate programs according to the dependency graph constructed based on data or programs. However, programmers still need to manually implement remote service interfaces for inter-partition communication. Therefore, in this paper, we propose AutoSlicer, whose purpose is to partition a program more automatically, so that the programmer is only required to annotate sensitive data. AutoSlicer constructs accurate data dependency graphs (DDGs) by enabling execution flow graphs, and the DDG-based partitioning algorithm can compute partition information based on sensitive annotations. In addition, the code refactoring toolchain can automatically transform the source code into sensitive and insensitive partitions that can be deployed on the remote procedure call framework. The experimental evaluation shows that AutoSlicer can effectively improve the accuracy (13%-27%) of program partitioning by enabling EFG, and separate real-world programs with a relatively smaller performance overhead (0.26%-9.42%).

关键词： Privacy Codes Source coding Computer bugs Prototypes Transforms Manuals

Unlearnable 3D Point Clouds: Class-wise Transformation Is All You Need 38

学校读者我要写书评

暂无评论

Unlearnable 3D Point Clouds: Class-wise Transformation Is Al...

38th Conference on Neural Information Processing systems, NeurIPS 2024

作者： Wang, Xianlong Li, Minghui Liu, Wei Zhang, Hangtao Hu, Shengshan Zhang, Yechao Zhou, Ziqi Jin, Hai National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China

Traditional unlearnable strategies have been proposed to prevent unauthorized users from training on the 2D image data. With more 3D point cloud data containing sensitivity information, unauthorized usage of this new type data has also become a serious concern. To address this, we propose the first integral unlearnable framework for 3D point clouds including two processes: (i) we propose an unlearnable data protection scheme, involving a class-wise setting established by a category-adaptive allocation strategy and multi-transformations assigned to samples;(ii) we propose a data restoration scheme that utilizes class-wise inverse matrix transformation, thus enabling authorized-only training for unlearnable data. This restoration process is a practical issue overlooked in most existing unlearnable literature, i.e., even authorized users struggle to gain knowledge from 3D unlearnable data. Both theoretical and empirical results (including 6 datasets, 16 models, and 2 tasks) demonstrate the effectiveness of our proposed unlearnable framework. Our code is available at https://***/CGCL-codes/UnlearnablePC. © 2024 Neural information processing systems foundation. All rights reserved.

关键词：

SMPC Task Decomposition: A Theory for Accelerating Secure Multi-party Computation Task

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Feng, Yuanqing Bai, Tao Lu, Songfeng Tang, Xueming Wu, Junjun Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China

Today, we are in the era of big data, and data are becoming more and more important, especially private data. Secure Multi-party Computation (SMPC) technology enables parties to perform computing tasks without revealing original data. However, the underlying implementation of SMPC is too heavy, such as garbled circuit (GC) and oblivious transfer(OT). Every time a piece of data is added, the resources consumed by GC and OT will increase a lot. Therefore, it is unacceptable to process large-scale data in a single SMPC task. In this work, we propose a novel theory called SMPC Task Decomposition (SMPCTD), which can securely decompose a single SMPC task into multiple SMPC sub-tasks and multiple local tasks without leaking the original data. After decomposition, the computing time, memory and communication consumption drop sharply. We then decompose three machine learning (ML) SMPC tasks using our theory and implement them based on a hybrid protocol framework called ABY. Furthermore, we use incremental computation technique to expand the amount of data involved in these three SMPC tasks. The experimental results show that after decomposing these three SMPC tasks, the time, memory and communication consumption are not only greatly reduced, but also stabilized within a certain range. Copyright © 2023, The Authors. All rights reserved.

关键词： Machine learning

Quantum-inspired Hash Function Based on Parity-dependent Quantum Walks with Memory

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Zhou, Qing Tang, Xueming Lu, Songfeng Yang, Hao Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China

In this paper, we develop a generic controlled alternate quantum walk model (called CQWM-P) by combining parity-dependent quantum walks with distinct arbitrary memory lengths and then construct a quantum-inspired hash function (called QHFM-P) based on this model. Numerical simulation shows that QHFM-P has near-ideal statistical performance and is on a par with the state-of-the-art hash functions based on discrete quantum walks in terms of sensitivity of hash value to message, diffusion and confusion properties, uniform distribution property, and collision resistance property. Stability test illustrates that the statistical properties of the proposed hash function are robust with respect to the coin parameters, and theoretical analysis indicates that QHFM-P has the same computational complexity as that of its peers. © 2023, CC BY.

关键词： Hash functions

CLNX: Bridging Code and Natural Language for C/C++ Vulnerability-Contributing Commits Identification

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Qin, Zeqing Wu, Yiwei Han, Lansheng School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security China

Large Language Models (LLMs) have shown great promise in vulnerability identification. As C/C++ comprises half of the Open-Source Software (OSS) vulnerabilities over the past decade and updates in OSS mainly occur through commits, enhancing LLMs' ability to identify C/C++ Vulnerability-Contributing Commits (VCCs) is essential. However, current studies primarily focus on further pre-training LLMs on massive code datasets, which is resource-intensive and poses efficiency challenges. In this paper, we enhance the ability of BERT-based LLMs to identify C/C++ VCCs in a lightweight manner. We propose CodeLinguaNexus (CLNX) as a bridge facilitating communication between C/C++ programs and LLMs. Based on commits, CLNX efficiently converts the source code into a more natural representation while preserving key details. Specifically, CLNX first applies structure-level naturalization to decompose complex programs, followed by token-level naturalization to interpret complex symbols. We evaluate CLNX on public datasets of 25,872 C/C++ functions with their commits. The results show that CLNX significantly enhances the performance of LLMs on identifying C/C++ VCCs. Moreover, CLNX-equipped CodeBERT achieves new state-of-the-art and identifies 38 OSS vulnerabilities in the real *** Codes 68M25 Copyright © 2024, The Authors. All rights reserved.

关键词： Open source software

Hybrid Cat-Artificial Fish Swarm Based Node Deployment Optimization in Intelligent Transportation IoT 19

学校读者我要写书评

暂无评论

Hybrid Cat-Artificial Fish Swarm Based Node Deployment Optim...

2022 IEEE SmartWorld, 19th IEEE International Conference on Ubiquitous Intelligence and Computing, 2022 IEEE International Conference on Autonomous and Trusted Vehicles Conference, 22nd IEEE International Conference on Scalable Computing and Communications, 2022 IEEE International Conference on Digital Twin, 8th IEEE International Conference on Privacy Computing and 2022 IEEE International Conference on Metaverse, SmartWorld/UIC/ATC/ScalCom/DigitalTwin/PriComp/Metaverse 2022

作者： Yi, Lingzhi Luo, Bin Zhu, Chenlu Deng, Xianjun Xia, Yunzhi Wu, Hengshan Zhongnan University of Economics and Law School of Information and Safety Engineering Wuhan430073 China University of South China School of Civil Engineering Hengyang421001 China Huazhong University of Science and Technology Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Wuhan430074 China Hubei Chutian Expressway Digital Technology Co. Ltd Wuhan430074 China

ISBN: (纸本)9798350346558

The integration of Internet of Things (IoT)-based highway bridge structural health monitoring (HBSHM) and intelligent transportation systems (ITS) plays an essential role in detecting damage for large and complex bridge structures. The HBSHM provides ITS with bridge health condition information for real-time traffic management. The ITS provides HBSHM with the required traffic data to improve the HBSHM system's accuracy and reliability. Node deployment optimization (NDO) is critical in HBSHM as sensor node deployment directly affects the quality of collected data. To better solve the NDO problem in HBSHM, a novel hybrid cat-artificial fish swarm algorithm (CAT-AFSA) based on the Artificial Fish Swarm Algorithm (AFSA) and Cat Swarm optimization (CSO) is proposed in this paper. The algorithm introduces seeking and tracing behaviors of CSO into AFSA, which effectively expands the search space of artificial fish and reduces the blind search of it. The performance of the CAT-AFSA is first tested using four benchmark functions, and then its validity and feasibility for the NDO are verified using an engineering example. The simulations demonstrate that the CAT-AFSA has better search performance and computational efficiency compared with the AFSA and CSO. The CAT-AFSA has a broad application prospect in the field of NDO in civil engineering. © 2022 IEEE.

关键词： Intelligent systems