检索结果-内蒙古大学图书馆

Robin: A Novel Method to Produce Robust Interpreters for Deep Learning-Based Code Classifiers

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Li, Zhen Zhang, Ruqian Zou, Deqing Wang, Ning Li, Yating Xu, Shouhuai Chen, Chen Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab China School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China Department of Computer Science University of Colorado Colorado Springs United States Center for Research in Computer Vision University of Central Florida United States School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China

Deep learning has been widely used in source code classification tasks, such as code classification according to their functionalities, code authorship attribution, and vulnerability detection. Unfortunately, the black-box nature of deep learning makes it hard to interpret and understand why a classifier (i.e., classification model) makes a particular prediction on a given example. This lack of interpretability (or explainability) might have hindered their adoption by practitioners because it is not clear when they should or should not trust a classifier's prediction. The lack of interpretability has motivated a number of studies in recent years. However, existing methods are neither robust nor able to cope with out-of-distribution examples. In this paper, we propose a novel method to produce Robust interpreters for a given deep learning-based code classifier;the method is dubbed Robin. The key idea behind Robin is a novel hybrid structure combining an interpreter and two approximators, while leveraging the ideas of adversarial training and data augmentation. Experimental results show that on average the interpreter produced by Robin achieves a 6.11% higher fidelity (evaluated on the classifier), 67.22% higher fidelity (evaluated on the approximator), and 15.87x higher robustness than that of the three existing interpreters we evaluated. Moreover, the interpreter is 47.31% less affected by out-of-distribution examples than that of LEMNA. Copyright © 2023, The Authors. All rights reserved.

关键词： Deep learning

VulDeeLocator: A deep learning-based fine-grained vulnerability detector

学校读者我要写书评

暂无评论

arXiv 2020年

作者： Li, Zhen Zou, Deqing Xu, Shouhuai Chen, Zhaoxuan Zhu, Yawei Jin, Hai The National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab Big Data Security Engineering Research Center School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China School of Cyber Security and Computer Hebei University Baoding071002 China The Department of Computer Science University of Colorado Colorado Springs CO80918 United States University of Texas San Antonio United States

Automatically detecting software vulnerabilities is an important problem that has attracted much attention from the academic research community. However, existing vulnerability detectors still cannot achieve the vulnerability detection capability and the locating precision that would warrant their adoption for real-world use. In this paper, we present a vulnerability detector that can simultaneously achieve a high detection capability and a high locating precision, dubbed Vulnerability Deep learning-based Locator (VulDeeLocator). In the course of designing VulDeeLocator, we encounter difficulties including how to accommodate semantic relations between the definitions of types as well as macros and their uses across files, how to accommodate accurate control flows and variable define-use relations, and how to achieve high locating precision. We solve these difficulties by using two innovative ideas: (i) leveraging intermediate code to accommodate extra semantic information, and (ii) using the notion of granularity refinement to pin down locations of vulnerabilities. When applied to 200 files randomly selected from three real-world software products, VulDeeLocator detects 18 confirmed vulnerabilities (i.e., true-positives). Among them, 16 vulnerabilities correspond to known vulnerabilities;the other two are not reported in the National Vulnerability Database (NVD) but have been "silently" patched by the vendor of Libav when releasing newer versions. Copyright © 2020, The Authors. All rights reserved.

关键词： Location

Why Do Developers Remove Lambda Expressions in Java? 21

学校读者我要写书评

暂无评论

Why Do Developers Remove Lambda Expressions in Java?

IEEE International Conference on Automated Software Engineering (ASE)

作者： Mingwei Zheng Jun Yang Ming Wen Hengcheng Zhu Yepang Liu Hai Jin Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Huazhong University of Science and Technology Wuhan China School of Electronic Information and Communications Huazhong University of Science and Technology Wuhan China The Hong Kong University of Science and Technology Hong Kong China Southern University of Science and Technology Shenzhen China Cluster and Grid Computing Lab School of Computer Science and Technology HUST Wuhan China

ISBN: (纸本)9781665447843

Java 8 has introduced lambda expressions, a core feature of functional programming. Since its introduction, there is an increasing trend of lambda adoptions in Java projects. Developers often adopt lambda expressions to simplify code, avoid code duplication or simulate other functional features. However, we observe that lambda expressions can also incur different types of side effects (i.e., performance issues and memory leakages) or even severe bugs, and developers also frequently remove lambda expressions in their implementations. Consequently, the advantages of utilizing lambda expressions can be significantly compromised by the collateral side effects. In this study, we present the first large-scale, quantitative and qualitative empirical study to characterize and understand inappropriate usages of lambda expressions. Particularly, we summarized seven main reasons for the removal of lambdas as well as seven common migration patterns. For instance, we observe that lambdas using customized functional interfaces are more likely to be removed by developers. Moreover, from a complementary perspective, we performed a user study over 30 developers to seek the underlying reasons why they remove lambda expressions in practice. Finally, based on our empirical results, we made suggestions on scenarios to avoid lambda usages for Java developers and also pointed out future directions for researchers.

关键词： Java Codes Computer bugs Market research Functional programming Open source software Software engineering

grid information integration scheme based on virtual client access mode

学校读者我要写书评

暂无评论

Huazhong Keji Daxue Xuebao (Ziran Kexue Ban)/Journal of Huazhong University of Science and technology (Natural Science Edition) 2007年第SUPPL. 2期35卷 8-11页

作者： Sun, Aobing Jin, Hai Zheng, Ran Zhang, Qin Services Computing Technology and System Key Lab. College of Computer Science and Technology Huazhong University of Science and Technology Wuhan 430074 China Cluster and Grid Computing Key Lab. College of Computer Science and Technology Huazhong University of Science and Technology Wuhan 430074 China

VCA (virtual client access) based grid information integration strategy is proposed in this paper that brings forward one efficient application framework with loosely coupled architecture. It encapsulates the virtual clients that are realized based on the API of the information systems as grid services to enable the grid can access the information systems as real client. VCA mode can be combined with local access control and task management seamlessly, and solve the resource conflicts between grid and local users so as to support the information sharing and cooperation widely and efficiently. The experiment shows that VCA modes can support the information sharing and cooperation widely and efficiently.

关键词： Information management

BadHash: Invisible Backdoor Attacks against Deep Hashing with Clean label

学校读者我要写书评

暂无评论

arXiv 2022年

作者： Hu, Shengshan Zhou, Ziqi Zhang, Yechao Zhang, Leo Yu Zheng, Yifeng He, Yuanyuan Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China School of Information Technology Deakin University VIC3216 Australia School of Computer Science and Technology Harbin Institute of Technology Shenzhen China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security HUST Wuhan430074 China Cluster and Grid Computing Lab HUST Wuhan430074 China

Due to its powerful feature learning capability and high efficiency, deep hashing has achieved great success in large-scale image retrieval. Meanwhile, extensive works have demonstrated that deep neural networks (DNNs) are susceptible to adversarial examples, and exploring adversarial attack against deep hashing has attracted many research efforts. Nevertheless, backdoor attack, another famous threat to DNNs, has not been studied for deep hashing yet. Although various backdoor attacks have been proposed in the field of image classification, existing approaches failed to realize a truly imperceptive backdoor attack that enjoys invisible triggers and clean label setting simultaneously, and they also cannot meet the intrinsic demand of image retrieval backdoor. In this paper, we propose BadHash, the first generative-based imperceptible backdoor attack against deep hashing, which can effectively generate invisible and input-specific poisoned images with clean label. Specifically, we first propose a new conditional generative adversarial network (cGAN) pipeline to effectively generate poisoned samples. For any given benign image, it seeks to generate a natural-looking poisoned counterpart with a unique invisible trigger. In order to improve the attack effectiveness, we introduce a label-based contrastive learning network labCLN to exploit the semantic characteristics of different labels, which are subsequently used for confusing and misleading the target model to learn the embedded trigger. We finally explore the mechanism of backdoor attacks on image retrieval in the hash space. Extensive experiments on multiple benchmark datasets verify that BadHash can generate imperceptible poisoned samples with strong attack ability and transferability over state-of-the-art deep hashing schemes. © 2022, CC BY.

关键词： Deep neural networks

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Liu, Xiaogeng Li, Minghui Wang, Haoyu Hu, Shengshan Ye, Dengpan Jin, Hai Wu, Libing Xiao, Chaowei School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab China School of Cyber Science and Engineering Wuhan University China Arizona State University United States

Deep neural networks are proven to be vulnerable to backdoor attacks. Detecting the trigger samples during the inference stage, i.e., the test-time trigger sample detection, can prevent the backdoor from being triggered. However, existing detection methods often require the defenders to have high accessibility to victim models, extra clean data, or knowledge about the appearance of backdoor triggers, limiting their practicality. In this paper, we propose the test-time corruption robustness consistency evaluation (TeCo)1, a novel test-time trigger sample detection method that only needs the hard-label outputs of the victim models without any extra information. Our journey begins with the intriguing observation that the backdoor-infected models have similar performance across different image corruptions for the clean images, but perform discrepantly for the trigger samples. Based on this phenomenon, we design TeCo to evaluate test-time robustness consistency by calculating the deviation of severity that leads to predictions' transition across different corruptions. Extensive experiments demonstrate that compared with state-of-the-art defenses, which even require either certain information about the trigger types or accessibility of clean data, TeCo outperforms them on different backdoor attacks, datasets, and model architectures, enjoying a higher AUROC by 10% and 5 times of stability. Copyright © 2023, The Authors. All rights reserved.

关键词： Crime

Downstream-agnostic Adversarial Examples

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Zhou, Ziqi Hu, Shengshan Zhao, Ruizhi Wang, Qian Zhang, Leo Yu Hou, Junhui Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China School of Cyber Science and Engineering Wuhan University China School of Information and Communication Technology Griffith University Australia Department of Computer Science City University of Hong Kong Hong Kong National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab

Self-supervised learning usually uses a large amount of unlabeled data to pre-train an encoder which can be used as a general-purpose feature extractor, such that downstream users only need to perform fine-tuning operations to enjoy the benefit of "large model". Despite this promising prospect, the security of pre-trained encoder has not been thoroughly investigated yet, especially when the pre-trained encoder is publicly available for commercial use. In this paper, we propose AdvEncoder, the first framework for generating downstream-agnostic universal adversarial examples based on the pre-trained encoder. AdvEncoder aims to construct a universal adversarial perturbation or patch for a set of natural images that can fool all the downstream tasks inheriting the victim pre-trained encoder. Unlike traditional adversarial example works, the pre-trained encoder only outputs feature vectors rather than classification labels. Therefore, we first exploit the high frequency component information of the image to guide the generation of adversarial examples. Then we design a generative attack framework to construct adversarial perturbations/patches by learning the distribution of the attack surrogate dataset to improve their attack success rates and transferability. Our results show that an attacker can successfully attack downstream tasks without knowing either the pre-training dataset or the downstream dataset. We also tailor four defenses for pre-trained encoders, the results of which further prove the attack ability of AdvEncoder. Our codes are available at: https://github. com/CGCL-codes/AdvEncoder. Copyright © 2023, The Authors. All rights reserved.

关键词： Machine learning

Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Du, Xiaohu Wen, Ming Zhu, Jiahao Xie, Zifan Ji, Bin Liu, Huijun Shi, Xuanhua Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China College of Computer National University of Defense Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab HUST Wuhan430074 China Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security HUST Wuhan430074 China JinYinHu Laboratory Wuhan430077 China Cluster and Grid Computing Lab HUST Wuhan430074 China

Code Pre-trained Models (CodePTMs) based vulnerability detection have achieved promising results over recent years. However, these models struggle to generalize as they typically learn superficial mapping from source code to labels instead of understanding the root causes of code vulnerabilities, resulting in poor performance in real-world scenarios beyond the training instances. To tackle this challenge, we introduce VulLLM, a novel framework that integrates multi-task learning with Large Language Models (LLMs) to effectively mine deep-seated vulnerability features. Specifically, we construct two auxiliary tasks beyond the vulnerability detection task. First, we utilize the vulnerability patches to construct a vulnerability localization task. Second, based on the vulnerability features extracted from patches, we leverage GPT-4 to construct a vulnerability interpretation task. VulLLM innovatively augments vulnerability classification by leveraging generative LLMs to understand complex vulnerability patterns, thus compelling the model to capture the root causes of vulnerabilities rather than overfitting to spurious features of a single task. The experiments conducted on six large datasets demonstrate that VulLLM surpasses seven state-of-the-art models in terms of effectiveness, generalization, and robustness. © 2024, CC BY.

关键词： Large datasets

PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models Against Adversarial Examples

学校读者我要写书评

暂无评论

arXiv 2022年

作者： Hu, Shengshan Zhang, Junwei Liu, Wei Hou, Junhui Li, Minghui Zhang, Leo Yu Jin, Hai Sun, Lichao School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China Cluster and Grid Computing Lab China National Engineering Research Center for Big Data Technology and System Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China Services Computing Technology and System Lab China City University of Hong Kong Hong Kong Deakin University Australia Lehigh University United States

Point cloud completion, as the upstream procedure of 3D recognition and segmentation, has become an essential part of many tasks such as navigation and scene understanding. While various point cloud completion models have demonstrated their powerful capabilities, their robustness against adversarial attacks, which have been proven to be fatally malicious towards deep neural networks, remains unknown. In addition, existing attack approaches towards point cloud classifiers cannot be applied to the completion models due to different output forms and attack purposes. In order to evaluate the robustness of the completion models, we propose PointCA, the first adversarial attack against 3D point cloud completion models. PointCA can generate adversarial point clouds that maintain high similarity with the original ones, while being completed as another object with totally different semantic information. Specifically, we minimize the representation discrepancy between the adversarial example and the target point set to jointly explore the adversarial point clouds in the geometry space and the feature space. Furthermore, to launch a stealthier attack, we innovatively employ the neighbourhood density information to tailor the perturbation constraint, leading to geometry-aware and distribution-adaptive modification for each point. Extensive experiments against different premier point cloud completion networks show that PointCA can cause a performance degradation from 77.9% to 16.7%, with the structure chamfer distance kept below 0.01. We conclude that existing completion models are severely vulnerable to adversarial examples, and state-of-the-art defenses for point cloud classification will be partially invalid when applied to incomplete and uneven point cloud data. Copyright © 2022, The Authors. All rights reserved.

关键词： Deep neural networks