检索结果-内蒙古大学图书馆

International Conference on Dependable Systems and Networks (DSN)

作者： Kunlun Ren Weizhong Qiang Yueming Wu Yi Zhou Deqing Zou Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Jinyinhu Laboratory Wuhan China Nanyang Technological University Singapore National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

Due to the convenience and popularity of Web applications, they have become a prime target for attackers. As the main programming language for Web applications, many methods have been proposed for detecting malicious JavaScript, among which static analysis-based methods play an important role because of their high effectiveness and efficiency. However, obfuscation techniques are commonly used in JavaScript, which makes the features extracted by static analysis contain many useless and disguised features, leading to many false positives and false negatives in detection results. In this paper, we propose a novel method to find out the essential features related to the semantics of JavaScript code. Specifically, we develop JS-Revealer, a robust, effective, scalable, and interpretable detector for malicious JavaScript. To test the capabilities of JSRevealer, we conduct comparative experiments with four other state-of-the-art malicious JavaScript detection tools. The experimental results show that JSRevealer has an average F1 of 84.8% on the data obfuscated by different obfuscators, which is 21.6%, 22.3%, 18.7%, and 22.9% higher than the tools CUJO, ZOZZLE, JAST, and JSTAP, respectively. Moreover, the detection results of JSRevealer can be interpreted, which can provide meaningful insights for further security research.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Towards Effective and Efficient Error Handling Code Fuzzing Based on Software Fault Injection

Towards Effective and Efficient Error Handling Code Fuzzing ...

引用

IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)

作者： Kang Chen Ming Wen Haoxiang Jia Rongxin Wu Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology (HRUST) Wuhan China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security Jin YinHu Laboratory Wuhan China School of Informatics Xiamen University Xiamen China School of Computer Science and Technology HUST Wuhan China Cluster and Grid Computing Lab

ISBN: (数字)9798350330663

ISBN: (纸本)9798350330670

Software systems often encounter various errors or exceptions in practice, and thus proper error handling code is essential to ensure the reliability of software systems. Unfortunately, error handling code is often bug-prone, while sufficiently testing them is challenging as such code often cannot be triggered under normal conditions. Motivated by this, recent studies have proposed to leverage software fault injection (SFI) based fuzzing to discover potential bugs in complicated error handling code. Despite the promising results achieved, their effectiveness and efficiency are still compromised in practice due to the huge search space of error sites, inadequate fuzzing guidance, and the overhead induced by context-sensitive SFI. To achieve effective and efficient testing of error handling code, this study presents AFL-FI, which first utilizes a similarity-based method to identify suspicious error sites, and then incorporates the idea of error site coverage to guide the fuzzing process. Finally, the design of lightweight context-sensitive SFI enables AFL-FI to execute test cases efficiently. We evaluate AFL-FI on eight large-scale open-source projects, and the results show that it can outperform existing state-of-the-art fuzzing tools significantly in terms of branch code coverage. More importantly, AFL-FI has discovered 13 previously unknown bugs, and all of them have been confirmed while 12 of them have been fixed. Besides, our evaluation also demonstrates that all the key designs of AFL- F I are effective that contribute significantly to its overall performance.

关键词： Codes Computer bugs Fuzzing Software systems Software reliability Testing

来源：评论

学校读者我要写书评

暂无评论

MISA: Unveiling the Vulnerabilities in Split Federated Learning

MISA: Unveiling the Vulnerabilities in Split Federated Learn...

引用

International Conference on Acoustics, Speech, and Signal Processing (ICASSP)

作者： Wei Wan Yuxuan Ning Shengshan Hu Lulu Xue Minghui Li Leo Yu Zhang Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Computer Science and Technology Huazhong University of Science and Technology School of Software Engineering Huazhong University of Science and Technology School of Information and Communication Technology Griffith University Cluster and Grid Computing Lab

Federated learning (FL) and split learning (SL) are prevailing distributed paradigms in recent years. They both enable shared global model training while keeping data localized on users’ devices. The former excels in parallel execution capabilities, while the latter enjoys low dependence on edge computing resources and strong privacy protection. Split federated learning (SFL) combines the strengths of both FL and SL, making it one of the most popular distributed architectures. Furthermore, a recent study has claimed that SFL exhibits robustness against poisoning attacks, with a fivefold improvement compared to FL in terms of *** this paper, we present a novel poisoning attack known as $\color{Fuchsia} {{\text{MISA}}}$. It poisons both the top and bottom models, causing a misalignment in the global model, ultimately leading to a drastic accuracy collapse. This attack unveils the vulnerabilities in SFL, challenging the conventional belief that SFL is robust against poisoning attacks. Extensive experiments demonstrate that our proposed MISA poses a significant threat to the availability of SFL, underscoring the imperative for academia and industry to accord this matter due attention.

关键词：

来源：评论

学校读者我要写书评

暂无评论

DarkSAM: Fooling Segment Anything Model to Segment Nothing

arXiv

引用

arXiv 2024年

作者： Zhou, Ziqi Song, Yufei Li, Minghui Hu, Shengshan Wang, Xianlong Zhang, Leo Yu Yao, Dezhong Jin, Hai National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia

Segment Anything Model (SAM) has recently gained much attention for its outstanding generalization to unseen data and tasks. Despite its promising prospect, the vulnerabilities of SAM, especially to universal adversarial perturbation (UAP) have not been thoroughly investigated yet. In this paper, we propose DarkSAM, the first prompt-free universal attack framework against SAM, including a semantic decoupling-based spatial attack and a texture distortion-based frequency attack. We first divide the output of SAM into foreground and background. Then, we design a shadow target strategy to obtain the semantic blueprint of the image as the attack target. DarkSAM is dedicated to fooling SAM by extracting and destroying crucial object features from images in both spatial and frequency domains. In the spatial domain, we disrupt the semantics of both the foreground and background in the image to confuse SAM. In the frequency domain, we further enhance the attack effectiveness by distorting the high-frequency components (i.e., texture information) of the image. Consequently, with a single UAP, DarkSAM renders SAM incapable of segmenting objects across diverse images with varying prompts. Experimental results on four datasets for SAM and its two variant models demonstrate the powerful attack capability and transferability of DarkSAM. Our codes are available at: https://***/CGCL-codes/DarkSAM. Copyright © 2024, The Authors. All rights reserved.

关键词： Frequency domain analysis

来源：评论

学校读者我要写书评

暂无评论

Owl: Differential-Based Side-Channel Leakage Detection for CUDA Applications

Owl: Differential-Based Side-Channel Leakage Detection for C...

引用

International Conference on Dependable Systems and Networks (DSN)

作者： Yu Zhao Wenjie Xue Weijie Chen Weizhong Qiang Deqing Zou Hai Jin National Engineering Research Center for Big Data Technology and System Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Jinyinhu Laboratory Wuhan China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

ISBN: (数字)9798350341058

ISBN: (纸本)9798350341065

Over the past decade, various methods for detecting side-channel leakage have been proposed and proven to be effective against CPU side-channel attacks. These methods are valuable in assisting developers to identify and patch side-channel vulnerabilities. Nevertheless, recent research has revealed the feasibility of exploiting side-channel vulnerabilities to steal sensitive information from GPU applications, which are beyond the reach of previous side-channel detection methods. Therefore, in this paper, we conduct an in-depth examination of various GPU features and present Owl, a novel side-channel detection tool targeting CUDA applications on NVIDIA GPUs. Owl is designed to detect and locate side-channel leakage in various types of CUDA applications. When tracking the execution of CUDA applications, we design a hierarchical tracing scheme and extend the A-DCFG (Attributed Dynamic Control Flow Graph) to address the massively parallel execution in CUDA, ensuring Owl's detection scalability. After completing the initial assessment and filtering, we conduct statistical tests on the differences in program traces to determine whether they are indeed caused by input variations, subsequently facilitating the positioning of side-channel leaks. We evaluate Owl's capability to detect side-channel leaks by testing it on Libgpucrypto, PyTorch, and nvJPEG. Meanwhile, we verify that our solution effectively handles a large number of threads. Owl has successfully identified hundreds of leaks within these applications. To the best of our knowledge, we are the first to implement side-channel leakage detection for general CUDA applications.

关键词： Target tracking Statistical analysis Filtering Scalability Graphics processing units Side-channel attacks Feature extraction

来源：评论

学校读者我要写书评

暂无评论

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

Detecting Backdoors During the Inference Stage Based on Corr...

引用

Conference on Computer Vision and Pattern Recognition (CVPR)

作者： Xiaogeng Liu Minghui Li Haoyu Wang Shengshan Hu Dengpan Ye Hai Jin Libing Wu Chaowei Xiao School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Software Engineering Huazhong University of Science and Technology School of Cyber Science and Engineering Wuhan University School of Computer Science and Technology Huazhong University of Science and Technology Cluster and Grid Computing Lab Arizona State University

Deep neural networks are proven to be vulnerable to backdoor attacks. Detecting the trigger samples during the inference stage, i.e., the test-time trigger sample detection, can prevent the backdoor from being triggered. However, existing detection methods often require the defenders to have high accessibility to victim models, extra clean data, or knowledge about the appearance of backdoor triggers, limiting their practicality. In this paper, we propose the test-time corruption robustness consistency evaluation (TeCo) 1 1 https://***/CGCL-codes/TeCo, a novel test-time trigger sample detection method that only needs the hard-label outputs of the victim models without any extra information. Our journey begins with the intriguing observation that the backdoor-infected models have similar performance across different image corruptions for the clean images, but perform discrepantly for the trigger samples. Based on this phenomenon, we design TeCo to evaluate test-time robustness consistency by calculating the deviation of severity that leads to predictions' transition across different corruptions. Extensive experiments demonstrate that compared with state-of-the-art defenses, which even require either certain information about the trigger types or accessibility of clean data, TeCo outperforms them on different backdoor attacks, datasets, and model architectures, enjoying a higher AUROC by 10% and 5 times of stability.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Breaking Barriers in Physical-World Adversarial Examples: Improving Robustness and Transferability via Robust Feature

arXiv

引用

arXiv 2024年

作者： Wang, Yichen Chou, Yuxuan Zhou, Ziqi Zhang, Hangtao Wan, Wei Hu, Shengshan Li, Minghui National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China School of School of Software Engineering Huazhong University of Science and Technology China

As deep neural networks (DNNs) are widely applied in the physical world, many researches are focusing on physical-world adversarial examples (PAEs), which introduce perturbations to inputs and cause the model’s incorrect outputs. However, existing PAEs face two challenges: unsatisfactory attack performance (i.e., poor transferability and insufficient robustness to environment conditions), and difficulty in balancing attack effectiveness with stealthiness, where better attack effectiveness often makes PAEs more perceptible. In this paper, we explore a novel perturbation-based method to overcome the challenges. For the first challenge, we introduce a strategy Deceptive RF injection based on robust features (RFs) that are predictive, robust to perturbations, and consistent across different models. Specifically, it improves the transferability and robustness of PAEs by covering RFs of other classes onto the predictive features in clean images. For the second challenge, we introduce another strategy Adversarial Semantic Pattern Minimization, which removes most perturbations and retains only essential adversarial patterns in AEs. Based on the two strategies, we design our method Robust Feature Coverage Attack (RFCoA), comprising Robust Feature Disentanglement and Adversarial Feature Fusion. In the first stage, we extract target class RFs in feature space. In the second stage, we use attention-based feature fusion to overlay these RFs onto predictive features of clean images and remove unnecessary perturbations. Experiments show our method’s superior transferability, robustness, and stealthiness compared to existing state-of-the-art methods. Additionally, our method’s effectiveness can extend to Large Vision-Language Models (LVLMs), indicating its potential applicability to more complex tasks. Copyright © 2024, The Authors. All rights reserved.

关键词： Deep neural networks

来源：评论

学校读者我要写书评

暂无评论

BADROBOT: JAILBREAKING EMBODIED LLMS IN THE PHYSICAL WORLD

arXiv

引用

arXiv 2024年

作者： Zhang, Hangtao Zhu, Chenyu Wang, Xianlong Zhou, Ziqi Yin, Changgan Li, Minghui Xue, Lulu Wang, Yichen Hu, Shengshan Liu, Aishan Guo, Peijin Zhang, Leo Yu National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China Beihang University China School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia

Embodied AI represents systems where AI is integrated into physical entities. Large Language Model (LLM), which exhibits powerful language understanding abilities, has been extensively employed in embodied AI by facilitating sophisticated task planning. However, a critical safety issue remains overlooked: could these embodied LLMs perpetrate harmful behaviors? In response, we introduce BADROBOT, a novel attack paradigm aiming to make embodied LLMs violate safety and ethical constraints through typical voice-based user-system interactions. Specifically, three vulnerabilities are exploited to achieve this type of attack: (i) manipulation of LLMs within robotic systems, (ii) misalignment between linguistic outputs and physical actions, and (iii) unintentional hazardous behaviors caused by world knowledge’s flaws. Furthermore, we construct a benchmark of various malicious physical action queries to evaluate BADROBOT’s attack performance. Based on this benchmark, extensive experiments against existing prominent embodied LLM frameworks (e.g., Voxposer, Code as Policies, and ProgPrompt) demonstrate the effectiveness of our BADROBOT. Copyright © 2024, The Authors. All rights reserved.

关键词： Benchmarking

来源：评论

学校读者我要写书评

暂无评论

Contrastive Learning for Robust Android Malware Familial Classification

arXiv

引用

arXiv 2021年

作者： Wu, Yueming Dou, Shihan Zou, Deqing Yang, Wei Qiang, Weizhong Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China Shanghai Key Laboratory of Intelligent Information Processing School of Computer Science Fudan University Shanghai200433 China University of Texas at Dallas Dallas United States National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China

Due to its open-source nature, Android operating system has been the main target of attackers to exploit. Malware creators always perform different code obfuscations on their apps to hide malicious activities. Features extracted from these obfuscated samples through program analysis contain many useless and disguised features, which leads to many false negatives. To address the issue, in this paper, we demonstrate that obfuscation-resilient malware family analysis can be achieved through contrastive learning. The key insight behind our analysis is that contrastive learning can be used to reduce the difference introduced by obfuscation while amplifying the difference between malware and other types of malware. Based on the proposed analysis, we design a system that can achieve robust and interpretable classification of Android malware. To achieve robust classification, we perform contrastive learning on malware samples to learn an encoder that can automatically extract robust features from malware samples. To achieve interpretable classification, we transform the function call graph of a sample into an image by centrality analysis. Then the corresponding heatmaps can be obtained by visualization techniques. These heatmaps can help users understand why the malware is classified as this family. We implement IFDroid and perform extensive evaluations on two datasets. Experimental results show that IFDroid is superior to state-of-the-art Android malware familial classification systems. Moreover, IFDroid is capable of maintaining a 98.4% F1 on classifying 69,421 obfuscated malware samples. © 2021, CC0.

关键词： Android (operating system)

来源：评论

学校读者我要写书评

暂无评论

Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability

arXiv

引用

arXiv 2023年

作者： Zhang, Yechao Hu, Shengshan Zhang, Leo Yu Shi, Junyu Li, Minghui Liu, Xiaogeng Wan, Wei Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia School of Computer Science and Technology Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab

Adversarial examples for deep neural networks (DNNs) have been shown to be transferable: examples that successfully fool one white-box surrogate model can also deceive other black-box models with different architectures. Although a bunch of empirical studies have provided guidance on generating highly transferable adversarial examples, many of these findings fail to be well explained and even lead to confusing or inconsistent advice for practical use. In this paper, we take a further step towards understanding adversarial transferability, with a particular focus on surrogate aspects. Starting from the intriguing "little robustness" phenomenon, where models adversarially trained with mildly perturbed adversarial samples can serve as better surrogates for transfer attacks, we attribute it to a trade-off between two dominant factors: model smoothness and gradient similarity. Our research focuses on their joint effects on transferability, rather than demonstrating the separate relationships alone. Through a combination of theoretical and empirical analyses, we hypothesize that the data distribution shift induced by off-manifold samples in adversarial training is the reason that impairs gradient similarity. Building on these insights, we further explore the impacts of prevalent data augmentation and gradient regularization on transferability and analyze how the trade-off manifest in various training methods, thus building a comprehensive blueprint for the regulation mechanisms behind transferability. Finally, we provide a general route for constructing superior surrogates to boost transferability, which optimizes both model smoothness and gradient similarity simultaneously, e.g., the combination of input gradient regularization and sharpness-aware minimization (SAM), validated by extensive experiments. In summary, we call for attention to the united impacts of these two factors for launching effective transfer attacks, rather than optimizing one while ignoring the other,

关键词： Deep neural networks

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：