检索结果-内蒙古大学图书馆

mVulPreter: A Multi-Granularity Vulnerability Detection system With Interpretations

IEEE Transactions on Dependable and Secure computing 2022年 1-12页

作者： Zou, Deqing Hu, Yutao Li, Wenke Wu, Yueming Zhao, Haojun Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China School of Computer Science and Engineering Nanyang Technological University Singapore National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

Due to the powerful automatic feature extraction, deep learning-based vulnerability detection methods have evolved significantly in recent years. However, almost all current work focuses on detecting vulnerabilities at a single granularity (i.e., slice-level or function-level). In practice, slice-level vulnerability detection is fine-grained but may contain incomplete vulnerability details. Function-level vulnerability detection includes full vulnerability semantics but may contain vulnerability-unrelated statements. Meanwhile, they pay more attention to predicting whether the source code is vulnerable and cannot pinpoint which statements are more likely to be vulnerable. In this paper, we design mVulPreter, a multi-granularity vulnerability detector that can provide interpretations of detection results. Specifically, we propose a novel technique to effectively blend the advantages of function-level and slice-level vulnerability detection models and output the detection results' interpretation only by the model itself. We evaluate mVulPreter on a dataset containing 5,310 vulnerable functions and 7,601 non-vulnerable functions. The experimental results indicate that mVulPreter outperforms existing state-of-the-art vulnerability detection approaches (i.e., Checkmarx, FlawFinder, RATS, TokenCNN, StatementLSTM, SySeVR, and Devign). IEEE

关键词： Semantics

来源：评论

学校读者我要写书评

暂无评论

ECLIPSE: Expunging Clean-label Indiscriminate Poisons via Sparse Diffusion Purification

arXiv

引用

arXiv 2024年

作者： Wang, Xianlong Hu, Shengshan Zhang, Yechao Zhou, Ziqi Zhang, Leo Yu Xu, Peng Wan, Wei Jin, Hai National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China School of Information and Communication Technology Griffith University SouthportQLD4215 Australia

Clean-label indiscriminate poisoning attacks add invisible perturbations to correctly labeled training images, thus dramatically reducing the generalization capability of the victim models. Recently, defense mechanisms such as adversarial training, image transformation techniques, and image purification have been proposed. However, these schemes are either susceptible to adaptive attacks, built on unrealistic assumptions, or only effective against specific poison types, limiting their universal applicability. In this research, we propose a more universally effective, practical, and robust defense scheme called ECLIPSE. We first investigate the impact of Gaussian noise on the poisons and theoretically prove that any kind of poison will be largely assimilated when imposing sufficient random noise. In light of this, we assume the victim has access to an extremely limited number of clean images (a more practical scene) and subsequently enlarge this sparse set for training a denoising probabilistic model (a universal denoising tool). We then introduce Gaussian noise to absorb the poisons and apply the model for denoising, resulting in a roughly purified dataset. Finally, to address the trade-off of the inconsistency in the assimilation sensitivity of different poisons by Gaussian noise, we propose a lightweight corruption compensation module to effectively eliminate residual poisons, providing a more universal defense approach. Extensive experiments demonstrate that our defense approach outperforms 10 state-of-the-art defenses. We also propose an adaptive attack against ECLIPSE and verify the robustness of our defense scheme. Our code is available at https://***/CGCL-codes/ECLIPSE. Copyright © 2024, The Authors. All rights reserved.

关键词： Deep neural networks

来源：评论

学校读者我要写书评

暂无评论

Ethereum smart contract security research:survey and future research opportunities

引用

Frontiers of Computer Science 2021年第2期15卷 143-160页

作者： Zeli WANG Hai JIN Weiqi DAI Kim-Kwang Raymond CHOO Deqing ZOU National Engineering Research Center for Big Data Technology and System Services Computing Technology and System LabClusters and Grid Computing LabHubei Engineering Research Center on Big Data SecurityWuhan430074China School of Computer Science and Technology Huazhong University of Science and TechnologyWuhan430074China School of Cyber Science and Engineering Huazhong University of Science and TechnologyWuhan430074China Shenzhen Huazhong University of Science and Technology Research Institute Shenzhen518057China Department of Information Systems and Cyber Security University of Texas at San AntonioSan AntonioTX78249-0631USA

Blockchain has recently emerged as a research trend,with potential applications in a broad range of industries and *** particular successful Blockchain technology is smart contract,which is widely used in commercial settings(e.g.,high value financial transactions).This,however,has security implications due to the potential to financially benefit from a security incident(e.g.,identification and exploitation of a vulnerability in the smart contract or its implementation).Among,Ethereum is the most active and ***,in this paper,we systematically review existing research efforts on Ethereum smart contract security,published between 2015 and ***,we focus on how smart contracts can be maliciously exploited and targeted,such as security issues of contract program model,vulnerabilities in the program and safety consideration introduced by program execution *** also identify potential research opportunities and future research agenda.

关键词： smart contract security blockchain vulnerability unreliable data

来源：评论

学校读者我要写书评

暂无评论

FlashWalker: An In-Storage Accelerator for Graph Random Walks

FlashWalker: An In-Storage Accelerator for Graph Random Walk...

引用

International Symposium on Parallel and Distributed Processing (IPDPS)

作者： Fuping Niu Jianhui Yue Jiangqiu Shen Xiaofei Liao Haikun Liu Hai Jin National Engineering Research Center for Big Data Technology and System/Services Computing Technology and System Lab/Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China Department of Computer Science Michigan Technological University Houghton Michigan USA

Graph random walk is widely used in the graph processing as it is a fundamental component in graph analysis, ranging from vertices ranking to the graph embedding. Different from traditional graph processing workload, random walk features massive processing parallelisms and poor graph data reuse, being limited by low I/O efficiency. Prior designs for random walk mitigate slow I/O operations. However, the state-of-the-art random walk processing systems are bounded by slow disk I/O bandwidth, which is confirmed by our experiments with real-world graphs. To address this issue, we propose FlashWalker, an in-storage accelerator for random walk that moves walk updating close to graph data stored in flash memory, by exploiting significant parallelisms inside SSD. Featuring a heterogeneous and parallel processing system, FlashWalker includes a board-level accelerator, channel-level accelerators, and chip-level accelerators. To address challenges posed by the tight resource constraints for processing large-scale graphs, we propose novel designs: storing a few popular subgraphs in accelerators, the pre-walking for dense walks, two optimizations to search the subgraph mapping table, and a subgraph scheduling algorithm. We implement FlashWalker in RTL, showing small circuit area overhead. Our evaluation shows FlashWalker reduces the execution time of random walk algorithms by up to 660.50×, compared with GraphWalker, which is the state-of-the-art system for random walk algorithms.

关键词： Distributed processing Scheduling algorithms Bandwidth Parallel processing Distance measurement Flash memories Optimization

来源：评论

学校读者我要写书评

暂无评论

Detecting JVM JIT Compiler Bugs via Exploring Two-Dimensional Input Spaces

Detecting JVM JIT Compiler Bugs via Exploring Two-Dimensiona...

引用

International Conference on Software Engineering (ICSE)

作者： Haoxiang Jia Ming Wen Zifan Xie Xiaochen Guo Rongxin Wu Maolin Sun Kang Chen Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology China Hubei Key Laboratory of Distributed System Security Services Computing Technology and System Lab Cluster and Grid Computing Lab. Hubei Engineering Research Center on Big Data Security National Engineering Research Center for Big Data Technology and System School of Informatics Xiamen University China School of Computer Science and Technology Huazhong University of Science and Technology China

Java Virtual Machine (JVM) is the fundamental software system that supports the interpretation and execution of Java bytecode. To support the surging performance demands for the increasingly complex and large-scale Java programs, Just-In-Time (JIT) compiler was proposed to perform sophisticated runtime optimization. However, this inevitably induces various bugs, which are becoming more pervasive over the decades and can often cause significant consequences. To facilitate the design of effective and efficient testing techniques to detect JIT compiler bugs. This study first performs a preliminary study aiming to understand the characteristics of JIT compiler bugs and the corresponding triggering test cases. Inspired by the empirical findings, we propose JOpFuzzer, a new JVM testing approach with a specific focus on JIT compiler bugs. The main novelty of JOpFuzzer is embodied in three aspects. First, besides generating new seeds, JOpFuzzer also searches for diverse configurations along the new dimension of optimization options. Second, JOpFuzzer learns the correlations between various code features and different optimization options to guide the process of seed mutation and option exploration. Third, it leverages the profile data, which can reveal the program execution information, to guide the fuzzing process. Such nov-elties enable JOpFuzzer to effectively and efficiently explore the two-dimensional input spaces. Extensive evaluation shows that JOpFuzzer outperforms the state-of-the-art approaches in terms of the achieved code coverages. More importantly, it has detected 41 bugs in OpenJDK, and 25 of them have already been confirmed or fixed by the corresponding developers.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Validating SMT Solvers via Skeleton Enumeration Empowered by Historical Bug-Triggering Inputs

Validating SMT Solvers via Skeleton Enumeration Empowered by...

引用

International Conference on Software Engineering (ICSE)

作者： Maolin Sun Yibiao Yang Ming Wen Yongcong Wang Yuming Zhou Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology China Hubei Key Laboratory of Distributed System Security Services Computing Technology and System Lab Cluster and Grid Computing Lab Hubei Engineering Research Center on Big Data Security National Engineering Research Center for Big Data Technology and System State Key Laboratory for Novel Software Technology Nanjing University China School of Computer Science and Technology Huazhong University of Science and Technology China

SMT solvers check the satisfiability of logic formulas over first-order theories, which have been utilized in a rich number of critical applications, such as software verification, test case generation, and program synthesis. Bugs hidden in SMT solvers would severely mislead those applications and further cause severe consequences. Therefore, ensuring the reliability and robustness of SMT solvers is of critical importance. Although many approaches have been proposed to test SMT solvers, it is still a challenge to discover bugs effectively. To tackle such a challenge, we conduct an empirical study on the historical bug-triggering formulas in SMT solvers' bug tracking systems. We observe that the historical bug-triggering formulas contain valuable skeletons (i.e., core structures of formulas) as well as associated atomic formulas which can cast significant impacts on formulas' ability in triggering bugs. Therefore, we propose a novel approach that utilizes the skeletons extracted from the historical bug-triggering formulas and enumerates atomic formulas under the guidance of association rules derived from historical formulas. In this study, we realized our approach as a practical fuzzing tool HistFuzz and conducted extensive testing on the well-known SMT solvers Z3 and cvc5. To date, HistFuzz has found 111 confirmed new bugs for Z3 and cvc5, of which 108 have been fixed by the developers. More notably, out of the confirmed bugs, 23 are soundness bugs and invalid model bugs found in the solvers' default mode, which are essential for SMT solvers. In addition, our experiments also demonstrate that HistFuzz outperforms the state-of-the-art SMT solver fuzzers in terms of achieved code coverage and effectiveness.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Securely Fine-tuning Pre-trained Encoders Against Adversarial Examples

arXiv

引用

arXiv 2024年

作者： Zhou, Ziqi Li, Minghui Liu, Wei Hu, Shengshan Zhang, Yechao Wan, Wei Xue, Lulu Zhang, Leo Yu Yao, Dezhong Jin, Hai National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab. China Cluster and Grid Computing Lab. China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Computer Science and Technology Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia

With the evolution of self-supervised learning, the pre-training paradigm has emerged as a predominant solution within the deep learning landscape. Model providers furnish pre-trained encoders designed to function as versatile feature extractors, enabling downstream users to harness the benefits of expansive models with minimal effort through fine-tuning. Nevertheless, recent works have exposed a vulnerability in pre-trained encoders, highlighting their susceptibility to downstream-agnostic adversarial examples (DAEs) meticulously crafted by attackers. The lingering question pertains to the feasibility of fortifying the robustness of downstream models against DAEs, particularly in scenarios where the pre-trained encoders are publicly accessible to the attackers. In this paper, we initially delve into existing defensive mechanisms against adversarial examples within the pre-training paradigm. Our findings reveal that the failure of current defenses stems from the domain shift between pre-training data and downstream tasks, as well as the sensitivity of encoder parameters. In response to these challenges, we propose Genetic Evolution-Nurtured Adversarial Fine-tuning (Gen-AF), a two-stage adversarial fine-tuning approach aimed at enhancing the robustness of downstream models. Gen-AF employs a genetic-directed dual-track adversarial fine-tuning strategy in its first stage to effectively inherit the pre-trained encoder. This involves optimizing the pre-trained encoder and classifier separately while incorporating genetic regularization to preserve the model’s topology. In the second stage, Gen-AF assesses the robust sensitivity of each layer and creates a dictionary, based on which the top-k robust redundant layers are selected with the remaining layers held fixed. Upon this foundation, we conduct evolutionary adaptability fine-tuning to further enhance the model’s generalizability. Our extensive experiments, conducted across ten self-supervised training methods and six

关键词： Topology

来源：评论

学校读者我要写书评

暂无评论

A Hybrid Memory Architecture Supporting Fine-Grained Data Migration

SSRN

引用

SSRN 2022年

作者： Chi, Ye Yue, Jianhui Liao, Xiaofei Liu, Haikun Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China Computer Science Michigan Technological University HoughtonMI United States

We propose Mocha, a non-hierarchical caching architecture that organizes DRAM and NVM in a flat address space physically, but manages DRAM/NVM in a cache/memory hierarchy in this paper. Since the commercial NVM device-Intel Optane DC Persist Memory Modules (DCPMM) actually access the physical media at a granularity of 256 bytes (an Optane block), we manage the DRAM cache at the 256-byte size to adapt to this device feature of Optane. This design not only enables fine-grained data migration and management for the DRAM cache, but also avoids write amplification for Optane DCPMM. We also create a the \textit{ Indirect Address Cache} (IAC) in \textit{Hybrid Memory Controller}(HMC) and propose a reverse address mapping table in the DRAM to speed up address translation and cache replacement. Besides, we exploit an utility-based caching mechanism to filter cold blocks in the NVM, and further improve DRAM cache effectiveness. We implement Mocha in an architecture simulator. Experimental results indicate that MOCHA can improve performance of applications by 8.2\% on average (up to 24.6\%), provide 6.9\% reduction in average energy consumption and 25.9\% reduction in average data migration traffic, compared to the most advanced hybrid memory architecture-HSCC. © 2022, The Authors. All rights reserved.

关键词： Dynamic random access storage

来源：评论

学校读者我要写书评

暂无评论

Optimal margin distribution machine for multi-instance learning 29

Optimal margin distribution machine for multi-instance learn...

引用

29th International Joint Conference on Artificial Intelligence, IJCAI 2020

作者： Zhang, Teng Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology China

ISBN: (纸本)9780999241165

Multi-instance learning (MIL) is a celebrated learning framework where each example is represented as a bag of instances. An example is negative if it has no positive instances, and vice versa if at least one positive instance is contained. During the past decades, various MIL algorithms have been proposed, among which the large margin based methods is a very popular class. Recently, the studies on margin theory disclose that the margin distribution is of more importance to generalization ability than the minimal margin. Inspired by this observation, we propose the multi-instance optimal margin distribution machine, which can identify the key instances via explicitly optimizing the margin distribution. We also extend a stochastic accelerated mirror prox method to solve the formulated minimax problem. Extensive experiments show the superiority of the proposed method. © 2020 Inst. Sci. inf., Univ. Defence in Belgrade. All rights reserved.

关键词： Optimization

来源：评论

学校读者我要写书评

暂无评论

ReSQM: Accelerating Database Operations Using ReRAM-Based Content Addressable Memory

ReSQM: Accelerating Database Operations Using ReRAM-Based Co...

引用

作者： Li, Huize Jin, Hai Zheng, Long Liao, Xiaofei National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

The huge amount of data enforces great pressure on the processing efficiency of database systems. By leveraging the in-situ computing ability of emerging nonvolatile memory, processing-in-memory (PIM) technology shows great potential in accelerating database operations against traditional architectures without data movement overheads. In this article, we introduce ReSQM, a novel ReCAM-based accelerator, which can dramatically reduce the response time of database systems. The key novelty of ReSQM is that some commonly used database queries that would be otherwise processed inefficiently in previous studies can be in-situ accomplished with massively high parallelism by exploiting the PIM-enabled ReCAM array. ReSQM supports some typical database queries (such as SELECTION, SORT, and JOIN) effectively based on the limited computational mode of the ReCAM array. ReSQM is also equipped with a series of hardware-algorithm co-designs to maximize efficiency. We present a new data mapping mechanism that allows enjoying in-situ in-memory computations for SELECTION operating upon intermediate results. We also develop a count-based ReCAM-specific algorithm to enable the in-memory sorting without any row swapping. The relational comparisons are integrated for accelerating inequality join by making a few modifications to the ReCAM cells with negligible hardware overhead. The experimental results show that ReSQM can improve the (energy) efficiency by $611\times $ ( $193\times $ ), $19\times $ ( $17\times $ ), $59\times $ ( $43\times $ ), and $307\times $ ( $181\times $ ) in comparison to a 10-core Intel Xeon E5-2630v4 processor for SELECTION, SORT, equi-join, and inequality join, respectively. In contrast to state-of-the-art CMOS-based CAM, GPU, FPGA, NDP, and PIM solutions, ReSQM can also offer $2.2\times 39\times $ speedups. © 1982-2012 IEEE.

关键词： Query languages

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：