检索结果-内蒙古大学图书馆

arXiv 2024年

作者： Wan, Yuanyu Yao, Chang Song, Mingli Zhang, Lijun State Key Laboratory of Blockchain and Data Security Zhejiang University Hangzhou China National Key Laboratory for Novel Software Technology Nanjing University Nanjing China

We investigate bandit convex optimization (BCO) with delayed feedback, where only the loss value of the action is revealed under an arbitrary delay. Let n, T, d¯ denote the dimensionality, time horizon, and average delay, respectively. Previous studies have achieved an O(√nT3/4 +(nd¯)1/3T2/3) regret bound for this problem, whose delay-independent part matches the regret of the classical non-delayed bandit gradient descent algorithm. However, there is a large gap between its delay-dependent part, i.e., O((nd¯)1/3T2/3), and an existing Ω(√d¯T) lower bound. In this paper, we illustrate that this gap can be filled in the worst case, where d¯is very close to the maximum delay d. Specifically, we first develop a novel algorithm, and prove that it enjoys a regret bound of O(√nT3/4 + √dT) in general. Compared with the previous result, our regret bound is better for d = O((nd¯)2/3T1/3), and the delay-dependent part is tight in the worst case. The primary idea is to decouple the joint effect of the delays and the bandit feedback on the regret by carefully incorporating the delayed bandit feedback with a blocking update mechanism. Furthermore, we show that the proposed algorithm can improve the regret bound to O((nT)2/3 log1/3 T + dlog T) for strongly convex functions. Finally, if the action sets are unconstrained, we demonstrate that it can be simply extended to achieve an O(n√T log T + dlog T) regret bound for strongly convex and smooth functions. Copyright © 2024, The Authors. All rights reserved.

关键词： Convex optimization

来源：评论

学校读者我要写书评

暂无评论

ThinkRepair: Self-Directed Automated Program Repair

arXiv

引用

arXiv 2024年

作者： Yin, Xin Ni, Chao Wang, Shaohua Li, Zhenhao Zeng, Limin Yang, Xiaohu The State Key Laboratory of Blockchain and Data Security Zhejiang University Hangzhou China Central University of Finance and Economics Beijing China Concordia University Toronto Canada Zhejiang University Hangzhou China Institute of Blockchain and Data Security China

Though many approaches have been proposed for Automated Program Repair (APR) and indeed achieved remarkable performance, they still have limitations in fixing bugs that require analyzing and reasoning about the logic of the buggy program. Recently, large language models (LLMs) instructed by prompt engineering have attracted much attention for their powerful ability to address many kinds of tasks including bug-fixing. However, the quality of the prompt will highly affect the ability of LLMs and manually constructing high-quality prompts is a costly endeavor. To address this limitation, we propose a self-directed LLM-based automated program repair, ThinkRepair, with two main phases: collection phase and fixing phase. The former phase automatically collects various chains of thoughts that constitute pre-fixed knowledge by instructing LLMs with the Chain-of-Thought (CoT) prompt. The latter phase targets fixing a bug by first selecting examples for few-shot learning and second automatically interacting with LLMs, optionally appending with feedback of testing information. Evaluations on two widely studied datasets (Defects4J and QuixBugs) by comparing ThinkRepair with 12 SOTA APRs indicate the priority of ThinkRepair in fixing bugs. Notably, ThinkRepair fixes 98 bugs and improves baselines by 27%∼344.4% on Defects4J V1.2. On Defects4J V2.0, ThinkRepair fixes 12∼65 more bugs than the SOTA APRs. Additionally, ThinkRepair also makes a considerable improvement on QuixBugs (31 for Java and 21 for Python at most). Copyright © 2024, The Authors. All rights reserved.

关键词： Chains

来源：评论

学校读者我要写书评

暂无评论

Statistical Model on CRAFT

引用

Chinese Journal of Electronics 2022年第4期31卷 698-712页

作者： WANG Caibing GUO Hao YE Dingfeng WANG Ping State Key Laboratory of Information Security Institute of Information EngineeringChinese Academy of Sciences School of Cyber Security University of Chinese Academy of Sciences Tianjin Aerospace Zhongwei Data System Technology Co. Ltd.

Many cryptanalytic techniques for symmetric-key primitives rely on specific statistical analysis to extract some secrete key information from a large number of known or chosen plaintext-ciphertext pairs. For example, there is a standard statistical model for differential cryptanalysis that determines the success probability and complexity of the attack given some predefined configurations of the attack. In this work, we investigate the differential attack proposed by Guo et al. at Fast Software Encryption Conference 2020 and find that in this attack, the statistical behavior of the counters for key candidates deviate from standard scenarios, where both the correct key and the correct key xor specific difference are expected to receive the largest number of votes. Based on this bimodal behavior, we give three different statistical models for truncated differential distinguisher on CRAFT(a cryptographic algorithm name) for bimodal phenomena. Then, we provide the formulas about the success probability and data complexity for different models under the condition of a fixed threshold value. Also, we verify the validity of our models for bimodal phenomena by experiments on round-reduced of the versions distinguishers on CRAFT. We find that the success probability of theory and experiment are close when we fix the data complexity and threshold value. Finally, we compare the three models using the mathematical tool Matlab and conclude that Model 3 has better performance.

关键词： Differential cryptanalysis Statistical models Success probability data complexity Bimodal behavior CRAFT Differential fault analysis (DFA) attacks

来源：评论

学校读者我要写书评

暂无评论

Review of data security within energy blockchain:A comprehensive analysis of storage,management,and utilization

引用

High-Confidence Computing 2024年第3期4卷 82-102页

作者： Yunhua He Zhihao Zhou Yan Pan Fahui Chong Bin Wu Ke Xiao Hong Li School of Information Science and Technology North China University of TechnologyBeijing 100144China China Industrial Control Systems Cyber Emergency Response Team Beijing 100040China Key Laboratory in Blockchain and Data Security by Ministry of Industry and Information Technology Beijing 100040China Institute of Information Engineering Chinese Academy of Sciences Beijing 100195China

Energy systems are currently undergoing a transformation towards new paradigms characterized by decarbonization,decentralization,democratization,and *** this evolving context,energy blockchain,aiming to enhance efficiency,transparency,and security,emerges as an integrated technological solution designed to address the diverse challenges in this *** security is essential for the reliable and efficient functioning of energy *** pressing need to address challenges related to secure data storage,effective data management,and efficient data utilization is increasingly *** paper offers a comprehensive survey of academic discourse on energy blockchain data security over the past five years,adopting an all-encompassing perspective that spans data storage,management,and *** work systematically evaluates and contrasts the strengths and weaknesses of various research ***,this paper proposes an integrated hierarchical on-chain and off-chain security energy blockchain architecture,specifically designed to meet the complex security requirements of multi-blockchain business ***,this paper identifies key directions for future research,particularly in advancing the integration of storage,management,and utilization of energy blockchain data security.

关键词： Energy blockchain data security Storage Management Utilization

来源：评论

学校读者我要写书评

暂无评论

Dual Prompt-Based Few-Shot Learning for Automated Vulnerability Patch Localization

Dual Prompt-Based Few-Shot Learning for Automated Vulnerabil...

引用

IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)

作者： Junwei Zhang Xing Hu Lingfeng Bao Xin Xia Shanping Li The State Key Laboratory of Blockchain and Data Security Zhejiang University Hangzhou China Software Engineering Application Technology Lab Huawei China

ISBN: (数字)9798350330663

ISBN: (纸本)9798350330670

Vulnerabilities are disclosed with corresponding patches so that users can remediate them in time. However, there are instances where patches are not released with the disclosed vulnerabilities, causing hidden dangers, especially if dependent software remains uninformed about the affected code repository. Hence, it is crucial to automatically locate security patches for disclosed vulnerabilities among a multitude of commits. Despite the promising performance of existing learning-based localization approaches, they still suffer from the following limitations: (1) They cannot perform well in data scarcity scenarios. Most neural models require extensive datasets to capture the semantic correlations between the vulnerability description and code commits, while the number of disclosed vulnerabilities with patches is limited. (2) They struggle to capture the deep semantic correlations between the vulnerability description and code commits due to inherent differences in semantics and characters between code changes and commit messages. It is difficult to use one model to capture the semantic correlations between vulnerability descriptions and code commits. To mitigate these two limitations, in this paper, we propose a novel security patch localization approach named Prom VPat, which utilizes the dual prompt tuning channel to capture the semantic correlation between vulnerability descriptions and commits, especially in data scarcity (i.e., few-shot) scenarios. We first input the commit message and code changes with the vulnerability description into the prompt generator to generate two new inputs with prompt templates. Then, we adopt a pre-trained language model (i.e., PLM) as the encoder, utilize the prompt tuning method to fine-tune the encoder, and generate two correlation probabilities as the semantic features. In addition, we extract 26 handcrafted features from the vulnerability descriptions and the code commits. Finally, we utilize the attention mechanism to fuse the

关键词： Location awareness Codes Correlation Semantics PROM Feature extraction Software

来源：评论

学校读者我要写书评

暂无评论

TCCT-Net: Two-Stream Network Architecture for Fast and Efficient Engagement Estimation via Behavioral Feature Signals

TCCT-Net: Two-Stream Network Architecture for Fast and Effic...

引用

IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)

作者： Alexander Vedernikov Puneet Kumar Haoyu Chen Tapio Seppänen Xiaobai Li Center for Machine Vision and Signal Analysis University of Oulu Finland State Key Laboratory of Blockchain and Data Security Zhejiang University China

ISBN: (数字)9798350365474

ISBN: (纸本)9798350365481

Engagement analysis finds various applications in healthcare, education, advertisement, services. Deep Neural Networks, used for analysis, possess complex architecture and need large amounts of input data, computational power, inference time. These constraints challenge embedding systems into devices for real-time use. To address these limitations, we present a novel two-stream feature fusion "Tensor-Convolution and Convolution-Transformer Network" (TCCT-Net) architecture. To better learn the meaningful patterns in the temporal-spatial domain, we design a "CT" stream that integrates a hybrid convolutional-transformer. In parallel, to efficiently extract rich patterns from the temporal-frequency domain and boost processing speed, we introduce a "TC" stream that uses Continuous Wavelet Transform (CWT) to represent information in a 2D tensor form. Evaluated on the EngageNet dataset, the proposed method outperforms existing baselines, utilizing only two behavioral features (head pose rotations) compared to the 98 used in baseline models. Furthermore, comparative analysis shows TCCT-Net’s architecture offers an order-of-magnitude improvement in inference speed compared to state-of-the-art image-based Recurrent Neural Network (RNN) methods. The code will be released at https://***/vedernikovphoto/TCCT_Net.

关键词： Convolutional codes Accuracy Recurrent neural networks Continuous wavelet transforms Wavelet domain Convolution Computational modeling

来源：评论

学校读者我要写书评

暂无评论

dTEE: A Declarative Approach to Secure IoT Applications Using TrustZone

dTEE: A Declarative Approach to Secure IoT Applications Usin...

引用

International Symposium on Information Processing in Sensor Networks (IPSN)

作者： Tong Sun Borui Li Yixiao Teng Yi Gao Wei Dong The State Key Laboratory of Blockchain and Data Security College of Computer Science Zhejiang University School of Computer Science and Engineering Southeast University

ISBN: (数字)9798350362015

ISBN: (纸本)9798350362022

Internet of Things (IoT) applications have recently been widely used in safety-critical scenarios. To prevent sensitive information leaks, IoT device vendors provide hardware-assisted protections, called Trusted Execution Environments (TEEs), like ARM Trust-Zone. Programming a TEE-based application requires separate code for two components, significantly slowing down the development process. Existing solutions tackle this issue by automatic code partition while not successfully applying it in two complicated scenarios: adding trusted logic and interactions with secure *** propose dTEE, a declarative approach to secure IoT applications based on TrustZone. dTEE proposes a rapid approach that enables developers to declare tiered-sensitive variables and functions of existing applications. Besides, dTEE automatically transforms device drivers into trusted ones. We evaluate dTEE on four real-world IoT applications and seven micro-benchmarks. Results show that dTEE achieves high expressiveness for supporting 50% more applications than existing approaches and reduces 90% of the lines of code against handcrafted development.

关键词： Codes Transforms Information processing Programming Internet of Things Logic security

来源：评论

学校读者我要写书评

暂无评论

VibSpeech: exploring practical wideband eavesdropping via bandlimited signal of vibration-based side channel 24

VibSpeech: exploring practical wideband eavesdropping via ba...

引用

Proceedings of the 33rd USENIX Conference on security Symposium

作者： Chao Wang Feng Lin Hao Yan Tong Wu Wenyao Xu Kui Ren State Key Laboratory of Blockchain and Data Security Zhejiang University and School of Cyber Science and Technology Zhejiang University University at Buffalo the State University of New York

ISBN: (纸本)9781939133441

Vibration-based side channel is an ever-present threat to speech privacy. However, due to the target's frequency response with a rapid decay or limited sampling rate of malicious sensors, the acquired vibration signals are often distorted and narrowband, which fails an intelligible speech recovery. This paper tries to answer that when the side-channel data has only a very limited bandwidth (<500Hz), is it feasible to achieve a wideband eavesdropping based on a practical assumption? Our answer is YES based on the assumption that a short utterance (2s-4s) of the victim is exposed to the attacker. What is most surprising is that the attack can recover speech with a bandwidth of up to 8kHz. This covers almost all phonemes (voiced and unvoiced) in human speech and causes practical threat. The core idea of the attack is using vocal-tract features extracted from the victim's utterance to compensate for the side-channel data. To demonstrate the threat, we proposed a vocal-guided attack scheme called VibSpeech and built a prototype based on a mmWave sensor to penetrate soundproof walls for vibration sensing. We solved challenges of vibration artifact suppression and a generalized scheme free of any target's training data. We evaluated VibSpeech with extensive experiments and validated it on the IMU-based method. The results indicated that VibSpeech can recover intelligible speech with an average MCD/SNR of 3.9/5.4dB.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Exploring the Capabilities of LLMs for Code Change Related Tasks

arXiv

引用

arXiv 2024年

作者： Fan, Lishui Liu, Jiakun Liu, Zhongxin Lo, David Xia, Xin Li, Shanping The State Key Laboratory of Blockchain and Data Security Zhejiang University China Singapore Management University Singapore Singapore Zhejiang University China

Developers deal with code-change-related tasks daily, e.g., reviewing code. Pre-trained code and code-changeoriented models have been adapted to help developers with such tasks. Recently, large language models (LLMs) have shown their effectiveness in code-related tasks. However, existing LLMs for code focus on general code syntax and semantics rather than the differences between two code versions. Thus, it is an open question how LLMs perform on code-change-related tasks. To answer this question, we conduct an empirical study using >1B parameters LLMs on three code-changerelated tasks, i.e., code review generation, commit message generation, and just-in-time comment update, with in-context learning (ICL) and parameter-efficient fine-tuning (PEFT, including LoRA and prefix-tuning). We observe that the performance of LLMs is poor without examples and generally improves with examples, but more examples do not always lead to better performance. LLMs tuned with LoRA have comparable performance to the state-of-the-art small pre-trained models. Larger models are not always better, but Llama 2 and Code Llama families are always the best. The best LLMs outperform small pre-trained models on the code changes that only modify comments and perform comparably on other code changes. We suggest future work should focus more on guiding LLMs to learn the knowledge specific to the changes related to code rather than comments for code-change-related tasks. Copyright © 2024, The Authors. All rights reserved.

关键词： Semantics

来源：评论

学校读者我要写书评

暂无评论

SoK: On Gradient Leakage in Federated Learning

arXiv

引用

arXiv 2024年

作者： Du, Jiacheng Hu, Jiahui Wang, Zhibo Sun, Peng Gong, Neil Zhenqiang Ren, Kui Chen, Chun The State Key Laboratory of Blockchain and Data Security Zhejiang University China Institute of Blockchain and Data Security China College of Computer Science and Electronic Engineering Hunan University China Department of Electrical and Computer Engineering Duke University United States

Federated learning (FL) facilitates collaborative model training among multiple clients without raw data exposure. However, recent studies have shown that clients’ private training data can be reconstructed from shared gradients in FL, a vulnerability known as gradient inversion attacks (GIAs). While GIAs have demonstrated effectiveness under ideal settings and auxiliary assumptions, their actual efficacy against practical FL systems remains under-explored. To address this gap, we conduct a comprehensive study on GIAs in this work. We start with a survey of GIAs that establishes a timeline to trace their evolution and develops a systematization to uncover their inherent threats. By rethinking GIA in practical FL systems, three fundamental aspects influencing GIA’s effectiveness are identified: training setup, model, and post-processing. Guided by these aspects, we perform extensive theoretical and empirical evaluations of SOTA GIAs across diverse settings. Our findings highlight that GIA is notably constrained, fragile, and easily defensible. Specifically, GIAs exhibit inherent limitations against practical local training settings. Additionally, their effectiveness is highly sensitive to the trained model, and even simple post-processing techniques applied to gradients can serve as effective defenses. Our work provides crucial insights into the limited threats of GIAs in practical FL systems. By rectifying prior misconceptions, we hope to inspire more accurate and realistic investigations on this topic. Copyright © 2024, The Authors. All rights reserved.

关键词： Federated learning

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：