检索结果-内蒙古大学图书馆

arXiv 2023年

作者： Liu, Fangming Pei, Qiangyu Chen, Shutong Yuan, Yongjie Wang, Lin Mühlhäuser, Max Huazhong University of Science and Technology Peng Cheng Laboratory China The National Engineering Research Center for Big Data Technology and System The Services Computing Technology and System Lab Cluster and Grid Computing Lab The School of Computer Science and Technology Huazhong University of Science and Technology 1037 Luoyu Road Wuhan430074 China VU Amsterdam Netherlands TU Darmstadt Germany The Telecooperation Lab TU Darmstadt Germany

The metaverse has recently gained increasing attention from the public. It builds up a virtual world where we can live as a new role regardless of the role we play in the physical world. However, building and operating this virtual world will generate an extraordinary amount of carbon emissions for computing, communicating, displaying, and so on. This inevitably hinders the realization of carbon neutrality as a priority of our society, adding heavy burden to our earth. In this survey, we first present a green viewpoint of the metaverse by investigating the carbon issues in its three core layers, namely the infrastructure layer, the interaction layer, and the economy layer, and estimate their carbon footprints in the near future. Next, we analyze a range of current and emerging applicable green techniques for the purpose of reducing energy usage and carbon emissions of the metaverse, and discuss their limitations in supporting metaverse workloads. Then, in view of these limitations, we discuss important implications and bring forth several insights and future directions to make each metaverse layer greener. After that, we investigate green solutions from the governance perspective, including both public policies in the physical world and regulation of users in the virtual world, and propose an indicator Carbon Utility (CU) to quantify the service quality brought by an user activity per unit of carbon emissions. Finally, we identify an issue for the metaverse as a whole and summarize three directions: (1) a comprehensive consideration of necessary performance metrics, (2) a comprehensive consideration of involved layers and multiple internal components, and (3) a new assessing, recording, and regulating mechanism on carbon footprints of user activities. Our proposed quantitative indicator CU would be helpful in regulating user activities in the metaverse world. Copyright © 2023, The Authors. All rights reserved.

关键词： Carbon footprint

来源：评论

学校读者我要写书评

暂无评论

Contrastive Learning for Robust Android Malware Familial Classification

引用

IEEE Transactions on Dependable and Secure computing 2022年 1-14页

作者： Wu, Yueming Dou, Shihan Zou, Deqing Yang, Wei Qiang, Weizhong Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Shanghai Key Laboratory of Intelligent Information Processing School of Computer Science Fudan University Shanghai China University of Texas at Dallas Dallas USA National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

Due to its open-source nature, Android operating system has been the main target of attackers to exploit. Malware creators always perform different code obfuscations on their apps to hide malicious activities. Features extracted from these obfuscated samples through program analysis contain many useless and disguised features, which leads to many false negatives. To address the issue, in this paper, we demonstrate that obfuscation-resilient malware family analysis can be achieved through contrastive learning. The key insight behind our analysis is that contrastive learning can be used to reduce the difference introduced by obfuscation while amplifying the difference between malware and other types of malware. Based on the proposed analysis, we design a system that can achieve robust and interpretable classification of Android malware. To achieve robust classification, we perform contrastive learning on malware samples to learn an encoder that can automatically extract robust features from malware samples. To achieve interpretable classification, we transform the function call graph of a sample into an image by centrality analysis. Then the corresponding heatmaps can be obtained by visualization techniques. These heatmaps can help users understand why the malware is classified as this family. We implement IFDroid and perform extensive evaluations on two datasets. Experimental results show that IFDroid is superior to state-of-the-art Android malware familial classification systems. Moreover, IFDroid is capable of maintaining a 98.4% F1 on classifying 69,421 obfuscated malware samples. IEEE

关键词： Semantics

来源：评论

学校读者我要写书评

暂无评论

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

Detecting Backdoors During the Inference Stage Based on Corr...

引用

Conference on Computer Vision and Pattern Recognition (CVPR)

作者： Xiaogeng Liu Minghui Li Haoyu Wang Shengshan Hu Dengpan Ye Hai Jin Libing Wu Chaowei Xiao School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Software Engineering Huazhong University of Science and Technology School of Cyber Science and Engineering Wuhan University School of Computer Science and Technology Huazhong University of Science and Technology Cluster and Grid Computing Lab Arizona State University

Deep neural networks are proven to be vulnerable to backdoor attacks. Detecting the trigger samples during the inference stage, i.e., the test-time trigger sample detection, can prevent the backdoor from being triggered. However, existing detection methods often require the defenders to have high accessibility to victim models, extra clean data, or knowledge about the appearance of backdoor triggers, limiting their practicality. In this paper, we propose the test-time corruption robustness consistency evaluation (TeCo) 1 1 https://***/CGCL-codes/TeCo, a novel test-time trigger sample detection method that only needs the hard-label outputs of the victim models without any extra information. Our journey begins with the intriguing observation that the backdoor-infected models have similar performance across different image corruptions for the clean images, but perform discrepantly for the trigger samples. Based on this phenomenon, we design TeCo to evaluate test-time robustness consistency by calculating the deviation of severity that leads to predictions' transition across different corruptions. Extensive experiments demonstrate that compared with state-of-the-art defenses, which even require either certain information about the trigger types or accessibility of clean data, TeCo outperforms them on different backdoor attacks, datasets, and model architectures, enjoying a higher AUROC by 10% and 5 times of stability.

关键词：

来源：评论

学校读者我要写书评

暂无评论

A Four-Pronged Defense Against Byzantine Attacks in Federated Learning

arXiv

引用

arXiv 2023年

作者： Wan, Wei Hu, Shengshan Li, Minghui Lu, Jianrong Zhang, Longling Zhang, Leo Yu Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia School of Computer Science and Technology Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab

Federated learning (FL) is a nascent distributed learning paradigm to train a shared global model without violating users' privacy. FL has been shown to be vulnerable to various Byzantine attacks, where malicious participants could independently or collusively upload well-crafted updates to deteriorate the performance of the global model. However, existing defenses could only mitigate part of Byzantine attacks, without providing an all-sided shield for FL. It is difficult to simply combine them as they rely on totally contradictory assumptions. In this paper, we propose FPD, a four-pronged defense against both non-colluding and colluding Byzantine attacks. Our main idea is to utilize absolute similarity to filter updates rather than relative similarity used in existingI works. To this end, we first propose a reliable client selection strategy to prevent the majority of threats in the bud. Then we design a simple but effective score-based detection method to mitigate colluding attacks. Third, we construct an enhanced spectral-based outlier detector to accurately discard abnormal updates when the training data is not independent and identically distributed (non-IID). Finally, we design update denoising to rectify the direction of the slightly noisy but harmful updates. The four sequentially combined modules can effectively reconcile the contradiction in addressing non-colluding and colluding Byzantine attacks. Extensive experiments over three benchmark image classification datasets against four state-of-the-art Byzantine attacks demonstrate that FPD drastically outperforms existing defenses in IID and non-IID scenarios (with 30% improvement on model accuracy). © 2023, CC BY.

关键词： Classification (of information)

来源：评论

学校读者我要写书评

暂无评论

Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability

arXiv

引用

arXiv 2023年

作者： Zhang, Yechao Hu, Shengshan Zhang, Leo Yu Shi, Junyu Li, Minghui Liu, Xiaogeng Wan, Wei Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia School of Computer Science and Technology Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab

Adversarial examples for deep neural networks (DNNs) have been shown to be transferable: examples that successfully fool one white-box surrogate model can also deceive other black-box models with different architectures. Although a bunch of empirical studies have provided guidance on generating highly transferable adversarial examples, many of these findings fail to be well explained and even lead to confusing or inconsistent advice for practical use. In this paper, we take a further step towards understanding adversarial transferability, with a particular focus on surrogate aspects. Starting from the intriguing "little robustness" phenomenon, where models adversarially trained with mildly perturbed adversarial samples can serve as better surrogates for transfer attacks, we attribute it to a trade-off between two dominant factors: model smoothness and gradient similarity. Our research focuses on their joint effects on transferability, rather than demonstrating the separate relationships alone. Through a combination of theoretical and empirical analyses, we hypothesize that the data distribution shift induced by off-manifold samples in adversarial training is the reason that impairs gradient similarity. Building on these insights, we further explore the impacts of prevalent data augmentation and gradient regularization on transferability and analyze how the trade-off manifest in various training methods, thus building a comprehensive blueprint for the regulation mechanisms behind transferability. Finally, we provide a general route for constructing superior surrogates to boost transferability, which optimizes both model smoothness and gradient similarity simultaneously, e.g., the combination of input gradient regularization and sharpness-aware minimization (SAM), validated by extensive experiments. In summary, we call for attention to the united impacts of these two factors for launching effective transfer attacks, rather than optimizing one while ignoring the other,

关键词： Deep neural networks

来源：评论

学校读者我要写书评

暂无评论

Downstream-agnostic Adversarial Examples

Downstream-agnostic Adversarial Examples

引用

International Conference on Computer Vision (ICCV)

作者： Ziqi Zhou Shengshan Hu Ruizhi Zhao Qian Wang Leo Yu Zhang Junhui Hou Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Wuhan University School of Information and Communication Technology Griffith University Department of Computer Science City University of Hong Kong School of Computer Science and Technology Huazhong University of Science and Technology Cluster and Grid Computing Lab

Self-supervised learning usually uses a large amount of unlabeled data to pre-train an encoder which can be used as a general-purpose feature extractor, such that downstream users only need to perform fine-tuning operations to enjoy the benefit of "large model". Despite this promising prospect, the security of pre-trained encoder has not been thoroughly investigated yet, especially when the pre-trained encoder is publicly available for commercial *** this paper, we propose AdvEncoder, the first framework for generating downstream-agnostic universal adversarial examples based on the pre-trained encoder. AdvEncoder aims to construct a universal adversarial perturbation or patch for a set of natural images that can fool all the downstream tasks inheriting the victim pre-trained encoder. Unlike traditional adversarial example works, the pre-trained encoder only outputs feature vectors rather than classification labels. Therefore, we first exploit the high frequency component information of the image to guide the generation of adversarial examples. Then we design a generative attack framework to construct adversarial perturbations/patches by learning the distribution of the attack surrogate dataset to improve their attack success rates and transferability. Our results show that an attacker can successfully attack downstream tasks without knowing either the pre-training dataset or the downstream dataset. We also tailor four defenses for pre-trained encoders, the results of which further prove the attack ability of AdvEncoder. Our codes are available at: https://***/CGCL-codes/AdvEncoder.

关键词：

来源：评论

学校读者我要写书评

暂无评论

The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption

arXiv

引用

arXiv 2024年

作者： Chen, Tianyang Xu, Peng Picek, Stjepan Luo, Bo Susilo, Willy Jin, Hai Liang, Kaitai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab China Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering China Cluster and Grid Computing Lab School of Computer Science and Technology China Huazhong University of Science and Technology Wuhan430074 China Digital Security Group Radboud University Nijmegen Netherlands Department of EECS Institute of Information Sciences The University of Kansas LawrenceKS United States Institute of Cybersecurity and Cryptology School of Computing and Information Technology University of Wollongong WollongongNSW2522 Australia Faculty of Electrical Engineering Mathematics and Computer Science Delft University of Technology Delft2628 CD Netherlands

Dynamic searchable symmetric encryption (DSSE) enables users to delegate the keyword search over dynamically updated encrypted databases to an honest-but-curious server without losing keyword privacy. This paper studies a new and practical security risk to DSSE, namely, secret key compromise (e.g., a user’s secret key is leaked or stolen), which threatens all the security guarantees offered by existing DSSE schemes. To address this open problem, we introduce the notion of searchable encryption with key-update (SEKU) that provides users with the option of non-interactive key updates. We further define the notion of post-compromise secure with respect to leakage functions to study whether DSSE schemes can still provide data security after the client’s secret key is compromised. We demonstrate that post-compromise security is achievable with a proposed protocol called "Bamboo". Interestingly, the leakage functions of Bamboo satisfy the requirements for both forward and backward security. We conduct a performance evaluation of Bamboo using a real-world dataset and compare its runtime efficiency with the existing forward-and-backward secure DSSE schemes. The result shows that Bamboo provides strong security with better or comparable performance. © 2024, CC BY.

关键词： Bamboo

来源：评论

学校读者我要写书评

暂无评论

MISA: UNVEILING THE VULNERABILITIES IN SPLIT FEDERATED LEARNING

arXiv

引用

arXiv 2023年

作者： Wan, Wei Ning, Yuxuan Hu, Shengshan Xue, Lulu Li, Minghui Zhang, Leo Yu Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab China

Federated learning (FL) and split learning (SL) are prevailing distributed paradigms in recent years. They both enable shared global model training while keeping data localized on users' devices. The former excels in parallel execution capabilities, while the latter enjoys low dependence on edge computing resources and strong privacy protection. Split federated learning (SFL) combines the strengths of both FL and SL, making it one of the most popular distributed architectures. Furthermore, a recent study has claimed that SFL exhibits robustness against poisoning attacks, with a fivefold improvement compared to FL in terms of robustness. In this paper, we present a novel poisoning attack known as MISA. It poisons both the top and bottom models, causing a misalignment in the global model, ultimately leading to a drastic accuracy collapse. This attack unveils the vulnerabilities in SFL, challenging the conventional belief that SFL is robust against poisoning attacks. Extensive experiments demonstrate that our proposed MISA poses a significant threat to the availability of SFL, underscoring the imperative for academia and industry to accord this matter due attention. Copyright © 2023, The Authors. All rights reserved.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Robin: A Novel Method to Produce Robust Interpreters for Deep Learning-Based Code Classifiers

Robin: A Novel Method to Produce Robust Interpreters for Dee...

引用

IEEE International Conference on Automated Software Engineering (ASE)

作者： Zhen Li Ruqian Zhang Deqing Zou Ning Wang Yating Li Shouhuai Xu Chen Chen Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Cluster and Grid Computing Lab National Engineering Research Center for Big Data Technology and System Hubei Engineering Research Center on Big Data Security Department of Computer Science University of Colorado Colorado Springs USA Center for Research in Computer Vision University of Central Florida USA School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

Deep learning has been widely used in source code classification tasks, such as code classification according to their functionalities, code authorship attribution, and vulnerability detection. Unfortunately, the black-box nature of deep learning makes it hard to interpret and understand why a classifier (i.e., classification model) makes a particular prediction on a given example. This lack of interpretability (or explainability) might have hindered their adoption by practitioners because it is not clear when they should or should not trust a classifier's prediction. The lack of interpretability has motivated a number of studies in recent years. However, existing methods are neither robust nor able to cope with out-of-distribution examples. In this paper, we propose a novel method to produce Robust interpreters for a given deep learning-based code classifier; the method is dubbed Robin. The key idea behind Robin is a novel hybrid structure combining an interpreter and two approximators, while leveraging the ideas of adversarial training and data augmentation. Experimental results show that on average the interpreter produced by Robin achieves a 6.11% higher fidelity (evaluated on the classifier), 67.22% higher fidelity (evaluated on the approximator), and 15.87x higher robustness than that of the three existing interpreters we evaluated. Moreover, the interpreter is 47.31% less affected by out-of-distribution examples than that of LEMNA.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Denial-of-Service or Fine-Grained Control: Towards Flexible Model Poisoning Attacks on Federated Learning

arXiv

引用

arXiv 2023年

作者： Zhang, Hangtao Yao, Zeming Zhang, Leo Yu Hu, Shengshan Chen, Chao Liew, Alan Li, Zhetao School of Cyber Science and Engineering Huazhong University of Science and Technology China Swinburne University of Technology Australia Griffith University Australia National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab. Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China RMIT University Australia Xiangtan University China

Federated learning (FL) is vulnerable to poisoning attacks, where adversaries corrupt the global aggregation results and cause denial-of-service (DoS). Unlike recent model poisoning attacks that optimize the amplitude of malicious perturbations along certain prescribed directions to cause DoS, we propose a Flexible Model Poisoning Attack (FMPA) that can achieve versatile attack goals. We consider a practical threat scenario where no extra knowledge about the FL system (e.g., aggregation rules or updates on benign devices) is available to adversaries. FMPA exploits the global historical information to construct an estimator that predicts the next round of the global model as a benign reference. It then fine-tunes the reference model to obtain the desired poisoned model with low accuracy and small perturbations. Besides the goal of causing DoS, FMPA can be naturally extended to launch a fine-grained controllable attack, making it possible to precisely reduce the global accuracy. Armed with precise control, malicious FL service providers can gain advantages over their competitors without getting noticed, hence opening a new attack surface in FL other than DoS. Even for the purpose of DoS, experiments show that FMPA significantly decreases the global accuracy, outperforming six state-of-the-art attacks. © 2023, CC BY.

关键词： Federated learning

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：