Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Cloud computing (40)
- Privacy (37)
- Access control (36)
- Authentication (27)
- Security (26)
-
- Blockchain (24)
- Privacy-preserving (24)
- Searchable encryption (21)
- Encryption (20)
- Attribute-based encryption (18)
- Cloud storage (18)
- Data privacy (18)
- Anonymity (15)
- RFID (15)
- Cryptography (14)
- Revocation (14)
- Keyword search (11)
- Android (10)
- Digital signature (10)
- Homomorphic encryption (10)
- Machine learning (10)
- Protocols (10)
- Bitcoin (9)
- Cybersecurity (9)
- Data sharing (9)
- Servers (9)
- Data outsourcing (8)
- Information security (8)
- Privacy protection (8)
- Proxy re-encryption (8)
- Publication Year
Articles 1 - 30 of 922
Full-Text Articles in Entire DC Network
Efficient Multiplicative-To-Additive Function From Joye-Libert Cryptosystem And Its Application To Threshold Ecdsa, Haiyang Xue, Ho Man Au, Mengling Liu, Yin Kwan Chan, Handong Cui, Xiang Xie, Hon Tsz Yuen, Chengru Zhang
Efficient Multiplicative-To-Additive Function From Joye-Libert Cryptosystem And Its Application To Threshold Ecdsa, Haiyang Xue, Ho Man Au, Mengling Liu, Yin Kwan Chan, Handong Cui, Xiang Xie, Hon Tsz Yuen, Chengru Zhang
Research Collection School Of Computing and Information Systems
Threshold ECDSA receives interest lately due to its widespread adoption in blockchain applications. A common building block of all leading constructions involves a secure conversion of multiplicative shares into additive ones, which is called the multiplicative-to-additive (MtA) function. MtA dominates the overall complexity of all existing threshold ECDSA constructions. Specifically, O(n2) invocations of MtA are required in the case of n active signers. Hence, improvement of MtA leads directly to significant improvements for all state-of-the-art threshold ECDSA schemes.In this paper, we design a novel MtA by revisiting the Joye-Libert (JL) cryptosystem. Specifically, we revisit JL encryption and propose a JL-based …
On The Lossiness Of 2k-Th Power And The Instantiability Of Rabin-Oaep, Haiyang Xue, Bao Li, Xianhui Lu, Kunpeng Wang, Yamin Liu
On The Lossiness Of 2k-Th Power And The Instantiability Of Rabin-Oaep, Haiyang Xue, Bao Li, Xianhui Lu, Kunpeng Wang, Yamin Liu
Research Collection School Of Computing and Information Systems
Seurin PKC 2014 proposed the 2-ï /4-hiding assumption which asserts the indistinguishability of Blum Numbers from pseudo Blum Numbers. In this paper, we investigate the lossiness of 2 k -th power based on the 2 k -ï /4-hiding assumption, which is an extension of the 2-ï /4-hiding assumption. And we prove that 2 k -th power function is a lossy trapdoor permutation over Quadratic Residuosity group. This new lossy trapdoor function has 2 k -bits lossiness for k -bits exponent, while the RSA lossy trapdoor function given by Kiltz et al. Crypto 2010 has k -bits lossiness for k -bits …
The Impact Of Managerial Myopia On Cybersecurity: Evidence From Data Breaches, Wen Chen, Xing Li, Haibin Wu, Liandong Zhang
The Impact Of Managerial Myopia On Cybersecurity: Evidence From Data Breaches, Wen Chen, Xing Li, Haibin Wu, Liandong Zhang
Research Collection School Of Accountancy
Using a sample of U.S. firms for the period 2005–2017, we provide evidence that managerial myopic actions contribute to corporate cybersecurity risk. Specifically, we show that abnormal cuts in discretionary expenditures, our proxy for managerial myopia, are positively associated with the likelihood of data breaches. The association is largely driven by firms that appear to cut discretionary expenditures to meet short-term earnings targets. In addition, the association is stronger for firms with greater short-term equity incentives, higher earnings response coefficients, low levels of institutional block ownership, or large market shares. Finally, firms appear to increase discretionary expenditures upon the announcement …
An Llm-Assisted Easy-To-Trigger Poisoning Attack On Code Completion Models: Injecting Disguised Vulnerabilities Against Strong Detection, Shenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim, Yuan Hong
An Llm-Assisted Easy-To-Trigger Poisoning Attack On Code Completion Models: Injecting Disguised Vulnerabilities Against Strong Detection, Shenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim, Yuan Hong
Research Collection School Of Computing and Information Systems
Large Language Models (LLMs) have transformed code completion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the model outputs. To address this critical security challenge, we introduce CODEBREAKER, a pioneering LLM-assisted backdoor attack framework on code completion models. Unlike recent attacks that embed malicious payloads in detectable or irrelevant sections of the code (e.g., comments), CODEBREAKER leverages LLMs (e.g., GPT-4) for sophisticated payload transformation (without affecting functionalities), ensuring that both the poisoned data for fine-tuning and generated code can evade strong …
G2face: High-Fidelity Reversible Face Anonymization Via Generative And Geometric Priors, Haoxin Yang, Xuemiao Xu, Cheng Xu, Huaidong Zhang, Jing Qin, Yi Wang, Pheng-Ann Heng, Shengfeng He
G2face: High-Fidelity Reversible Face Anonymization Via Generative And Geometric Priors, Haoxin Yang, Xuemiao Xu, Cheng Xu, Huaidong Zhang, Jing Qin, Yi Wang, Pheng-Ann Heng, Shengfeng He
Research Collection School Of Computing and Information Systems
Reversible face anonymization, unlike traditional face pixelization, seeks to replace sensitive identity information in facial images with synthesized alternatives, preserving privacy without sacrificing image clarity. Traditional methods, such as encoder-decoder networks, often result in significant loss of facial details due to their limited learning capacity. Additionally, relying on latent manipulation in pre-trained GANs can lead to changes in ID-irrelevant attributes, adversely affecting data utility due to GAN inversion inaccuracies. This paper introduces G 2 Face, which leverages both generative and geometric priors to enhance identity manipulation, achieving high-quality reversible face anonymization without compromising data utility. We utilize a 3D face …
Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng
Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng
Research Collection School Of Computing and Information Systems
An anonymous transit pass system allows passengers to access transport services within fixed time periods, with their privileges automatically deactivating upon time expiration. Although existing transit pass systems are deployable on powerful devices like PCs, their adaptation to more user-friendly devices, such as mobile phones with smart cards, is inefficient due to their reliance on heavy-weight operations like bilinear maps. In this paper, we introduce an innovative anonymous transit pass system, dubbed Anopas, optimized for deployment on mobile phones with smart cards, where the smart card is responsible for crucial lightweight operations and the mobile phone handles key-independent and time-consuming …
Esem: To Harden Process Synchronization For Servers, Zhanbo Wang, Jiaxin Zhan, Xuhua Ding, Fengwei Zhang, Ning Hu
Esem: To Harden Process Synchronization For Servers, Zhanbo Wang, Jiaxin Zhan, Xuhua Ding, Fengwei Zhang, Ning Hu
Research Collection School Of Computing and Information Systems
Process synchronization primitives lubricate server computing involving a group of processes as they ensure those processes to properly coordinate their executions for a common purpose such as provisioning a web service. A malfunctioned synchronization due to attacks causes friction among processes and leads to unexpected, and often hard-to-detect, application transaction errors. Unfortunately, synchronization primitives are not naturally protected by existing hardware-assisted isolation techniques e.g., SGX, because their process-oriented isolation conflicts with the primitive's demand for cross-process operations.This paper introduces the Enclave-Semaphore service (ESem) which shelters application semaphores and their operations against kernel-privileged attacks. ESem encapsulates all semaphores in the platform …
Unmasking The Lurking: Malicious Behavior Detection For Iot Malware With Multi-Label Classification, Ruitao Feng, Sen Li, Sen Chen, Mengmeng Ge, Xuewei Li, Xiaohong Li
Unmasking The Lurking: Malicious Behavior Detection For Iot Malware With Multi-Label Classification, Ruitao Feng, Sen Li, Sen Chen, Mengmeng Ge, Xuewei Li, Xiaohong Li
Research Collection School Of Computing and Information Systems
Current methods for classifying IoT malware predominantly utilize binary and family classifications. However, these outcomes lack the detailed granularity to describe malicious behavior comprehensively. This limitation poses challenges for security analysts, failing to support further analysis and timely preventive actions. To achieve fine-grained malicious behavior identification in the lurking stage of IoT malware, we propose MaGraMal. This approach, leveraging masked graph representation, supplements traditional classification methodology, empowering analysts with critical insights for rapid responses. Through the empirical study, which took three person-months, we identify and summarize four fine-grained malicious behaviors during the lurking stage, constructing an annotated dataset. Our evaluation …
Enhancing Code Vulnerability Detection Via Vulnerability-Preserving Data Augmentation, Shangqing Liu, Wei Ma, Jian Wang, Xiaofei Xie, Ruitao Feng, Yang Liu
Enhancing Code Vulnerability Detection Via Vulnerability-Preserving Data Augmentation, Shangqing Liu, Wei Ma, Jian Wang, Xiaofei Xie, Ruitao Feng, Yang Liu
Research Collection School Of Computing and Information Systems
Source code vulnerability detection aims to identify inherent vulnerabilities to safeguard software systems from potential attacks. Many prior studies overlook diverse vulnerability characteristics, simplifying the problem into a binary (0-1) classification task for example determining whether it is vulnerable or not. This poses a challenge for a single deep-learning based model to effectively learn the wide array of vulnerability characteristics. Furthermore, due to the challenges associated with collecting large-scale vulnerability data, these detectors often overfit limited training datasets, resulting in lower model generalization performance. To address the aforementioned challenges, in this work, we introduce a fine-grained vulnerability detector namely FGVulDet. …
Cmd: Co-Analyzed Iot Malware Detection And Forensics Via Network And Hardware Domains, Ziming Zhao, Zhaoxuan Li, Jiongchi Yu, Fan Zhang, Xiaofei Xie, Haitao Xu, Binbin Chen
Cmd: Co-Analyzed Iot Malware Detection And Forensics Via Network And Hardware Domains, Ziming Zhao, Zhaoxuan Li, Jiongchi Yu, Fan Zhang, Xiaofei Xie, Haitao Xu, Binbin Chen
Research Collection School Of Computing and Information Systems
With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. Existing approaches can be roughly categorized into network-side and host-side. However, existing network-side methods are difficult to capture contextual semantics from cross-source traffic, and previous host-side methods could be adversary-perceived and expose risks for tampering. More importantly, a single perspective cannot comprehensively track the multi-stage lifecycle of IoT malware. In this paper, we present CMD, a co-analyzed IoT malware detection and forensics system by combining hardware and network domains. For the network part, CMD proposes a tailored …
Attribute-Hiding Fuzzy Encryption For Privacy-Preserving Data Evaluation, Zhenhua Chen, Luqi Huang, Guomin Yang, Willy Susilo, Xingbing Fu, Xingxing Jia
Attribute-Hiding Fuzzy Encryption For Privacy-Preserving Data Evaluation, Zhenhua Chen, Luqi Huang, Guomin Yang, Willy Susilo, Xingbing Fu, Xingxing Jia
Research Collection School Of Computing and Information Systems
Privacy-preserving data evaluation is one of the prominent research topics in the big data era. In many data evaluation applications that involve sensitive information, such as the medical records of patients in a medical system, protecting data privacy during the data evaluation process has become an essential requirement. Aiming at solving this problem, numerous fuzzy encryption systems for different similarity metrics have been proposed in literature. Unfortunately, the existing fuzzy encryption systems either fail to achieve attribute-hiding or achieve it, but are impractical. In this paper, we propose a new fuzzy encryption scheme for privacy-preserving data evaluation based on overlap …
Going Viral: Case Studies On The Impact Of Protestware, Youmei Fan, Dong Wang, Supastsara Wattanakriengkrai, Hathaichanok Damrongsiri, Christoph Treude, Hideaki Hata, Raula Gaikovina Kula
Going Viral: Case Studies On The Impact Of Protestware, Youmei Fan, Dong Wang, Supastsara Wattanakriengkrai, Hathaichanok Damrongsiri, Christoph Treude, Hideaki Hata, Raula Gaikovina Kula
Research Collection School Of Computing and Information Systems
Maintainers are now self-sabotaging their work in order to take political or economic stances, a practice referred to as "protestware". In this poster, we present our approach to understand how the discourse about such an attack went viral, how it is received by the community, and whether developers respond to the attack in a timely manner. We study two notable protestware cases, i.e., Colors.js and es5-ext, comparing with discussions of a typical security vulnerability as a baseline, i.e., Ua-parser, and perform a thematic analysis of more than two thousand protest-related posts to extract the different narratives when discussing protestware.
Flgan: Gan-Based Unbiased Federated Learning Under Non-Iid Settings, Zhuoran Ma, Yang Liu, Yinbin Miao, Guowen Xu, Ximeng Liu, Jianfeng Ma, Robert H. Deng
Flgan: Gan-Based Unbiased Federated Learning Under Non-Iid Settings, Zhuoran Ma, Yang Liu, Yinbin Miao, Guowen Xu, Ximeng Liu, Jianfeng Ma, Robert H. Deng
Research Collection School Of Computing and Information Systems
Federated Learning (FL) suffers from low convergence and significant accuracy loss due to local biases caused by non-Independent and Identically Distributed (non-IID) data. To enhance the non-IID FL performance, a straightforward idea is to leverage the Generative Adversarial Network (GAN) to mitigate local biases using synthesized samples. Unfortunately, existing GAN-based solutions have inherent limitations, which do not support non-IID data and even compromise user privacy. To tackle the above issues, we propose a GAN-based unbiased FL scheme, called FlGan, to mitigate local biases using synthesized samples generated by GAN while preserving user-level privacy in the FL setting. Specifically, FlGan first …
Developing Singapore As A Smart Nation, Josephine Teo
Developing Singapore As A Smart Nation, Josephine Teo
Asian Management Insights
Mrs Josephine Teo, Singapore’s Minister for Communications and Information, and Minister-in-charge of Smart Nation and Cybersecurity, speaks about leading the country’s Smart Nation drive.
Sigmadiff: Semantics-Aware Deep Graph Matching For Pseudocode Diffing, Lian Gao, Yu Qu, Sheng Yu, Yue Duan, Heng Yin
Sigmadiff: Semantics-Aware Deep Graph Matching For Pseudocode Diffing, Lian Gao, Yu Qu, Sheng Yu, Yue Duan, Heng Yin
Research Collection School Of Computing and Information Systems
Pseudocode diffing precisely locates similar parts and captures differences between the decompiled pseudocode of two given binaries. It is particularly useful in many security scenarios such as code plagiarism detection, lineage analysis, patch, vulnerability analysis, etc. However, existing pseudocode diffing and binary diffing tools suffer from low accuracy and poor scalability, since they either rely on manually-designed heuristics (e.g., Diaphora) or heavy computations like matrix factorization (e.g., DeepBinDiff). To address the limitations, in this paper, we propose a semantics-aware, deep neural network-based model called SIGMADIFF. SIGMADIFF first constructs IR (Intermediate Representation) level interprocedural program dependency graphs (IPDGs). Then it uses …
Harnessing The Advances Of Meda To Optimize Multi-Puf For Enhancing Ip Security Of Biochips, Chen Dong, Xiaodong Guo, Sihuang Lian, Yinan Yao, Zhenyi Chen, Yang Yang, Zhanghui Liu
Harnessing The Advances Of Meda To Optimize Multi-Puf For Enhancing Ip Security Of Biochips, Chen Dong, Xiaodong Guo, Sihuang Lian, Yinan Yao, Zhenyi Chen, Yang Yang, Zhanghui Liu
Research Collection School Of Computing and Information Systems
Digital microfluidic biochips (DMFBs) have a significant stride in the applications of medicine and the biochemistry in recent years. DMFBs based on micro-electrode-dot-array (MEDA) architecture, as the next-generation DMFBs, aim to overcome drawbacks of conventional DMFBs, such as droplet size restriction, low accuracy, and poor sensing ability. Since the potential market value of MEDA biochips is vast, it is of paramount importance to explore approaches to protect the intellectual property (IP) of MEDA biochips during the development process. In this paper, an IP authentication strategy based on the multi-PUF applied to MEDA biochips is presented, called bioMPUF, consisting of Delay …
Stopguess: A Framework For Public-Key Authenticated Encryption With Keyword Search, Tao Xiang, Zhongming Wang, Biwen Chen, Xiaoguo Li, Peng Wang, Fei Chen
Stopguess: A Framework For Public-Key Authenticated Encryption With Keyword Search, Tao Xiang, Zhongming Wang, Biwen Chen, Xiaoguo Li, Peng Wang, Fei Chen
Research Collection School Of Computing and Information Systems
Public key encryption with keyword search (PEKS) allows users to search on encrypted data without leaking the keyword information from the ciphertexts. But it does not preserve keyword privacy within the trapdoors, because an adversary (e.g., untrusted server) might launch inside keyword-guessing attacks (IKGA) to guess keywords from the trapdoors. In recent years, public key authenticated encryption with keyword search (PAEKS) has become a promising primitive to counter the IKGA. However, existing PAEKS schemes focus on the concrete construction of PAEKS, making them unable to support modular construction, intuitive proof, or flexible extension. In this paper, our proposal called “StopGuess” …
When Evolutionary Computation Meets Privacy, Bowen Zhao, Wei-Neng Chen, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Jun Zhang
When Evolutionary Computation Meets Privacy, Bowen Zhao, Wei-Neng Chen, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Jun Zhang
Research Collection School Of Computing and Information Systems
Recently, evolutionary computation (EC) has experienced significant advancements due to the integration of machine learning, distributed computing, and big data technologies. These developments have led to new research avenues in EC, such as distributed EC and surrogate-assisted EC. While these advancements have greatly enhanced the performance and applicability of EC, they have also raised concerns regarding privacy leakages, specifically the disclosure of optimal results and surrogate models. Consequently, the combination of evolutionary computation and privacy protection becomes an increasing necessity. However, a comprehensive exploration of privacy concerns in evolutionary computation is currently lacking, particularly in terms of identifying the object, …
Efficient Privacy-Preserving Spatial Data Query In Cloud Computing, Yinbin Miao, Yutao Yang, Xinghua Li, Linfeng Wei, Zhiquan Liu, Robert H. Deng
Efficient Privacy-Preserving Spatial Data Query In Cloud Computing, Yinbin Miao, Yutao Yang, Xinghua Li, Linfeng Wei, Zhiquan Liu, Robert H. Deng
Research Collection School Of Computing and Information Systems
With the rapid development of geographic location technology and the explosive growth of data, a large amount of spatial data is outsourced to the cloud server for reducing the local high storage and computing burdens, but at the same time causes security issues. Thus, extensive privacy-preserving spatial data query schemes have been proposed. Most of the existing schemes use Asymmetric Scalar-Product-Preserving Encryption (ASPE) to encrypt data, but ASPE has proven to be insecure against known plaintext attack. And the existing schemes require users to provide more information about query range and thus generate a large amount of ciphertexts, which causes …
Provably Secure Decisions Based On Potentially Malicious Information, Dongxia Wang, Tim Muller, Jun Sun
Provably Secure Decisions Based On Potentially Malicious Information, Dongxia Wang, Tim Muller, Jun Sun
Research Collection School Of Computing and Information Systems
There are various security-critical decisions routinely made, on the basis of information provided by peers: routing messages, user reports, sensor data, navigational information, blockchain updates, etc. Jury theorems were proposed in sociology to make decisions based on information from peers, which assume peers may be mistaken with some probability. We focus on attackers in a system, which manifest as peers that strategically report fake information to manipulate decision making. We define the property of robustness: a lower bound probability of deciding correctly, regardless of what information attackers provide. When peers are independently selected, we propose an optimal, robust decision mechanism …
Stealthy Backdoor Attack For Code Models, Zhou Yang, Bowen Xu, Jie M. Zhang, Hong Jin Kang, Jieke Shi, Junda He, David Lo
Stealthy Backdoor Attack For Code Models, Zhou Yang, Bowen Xu, Jie M. Zhang, Hong Jin Kang, Jieke Shi, Junda He, David Lo
Research Collection School Of Computing and Information Systems
Code models, such as CodeBERT and CodeT5, offer general-purpose representations of code and play a vital role in supporting downstream automated software engineering tasks. Most recently, code models were revealed to be vulnerable to backdoor attacks. A code model that is backdoor-attacked can behave normally on clean examples but will produce pre-defined malicious outputs on examples injected with that activate the backdoors. Existing backdoor attacks on code models use unstealthy and easy-to-detect triggers. This paper aims to investigate the vulnerability of code models with backdoor attacks. To this end, we propose A (dversarial eature as daptive Back). A achieves stealthiness …
Soci+: An Enhanced Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Weiquan Deng, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Robert H. Deng
Soci+: An Enhanced Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Weiquan Deng, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Robert H. Deng
Research Collection School Of Computing and Information Systems
Secure outsourced computation is critical for cloud computing to safeguard data confidentiality and ensure data usability. Recently, secure outsourced computation schemes following a twin-server architecture based on partially homomorphic cryptosystems have received increasing attention. The Secure Outsourced Computation on Integers (SOCI) [1] toolkit is the state-of-the-art among these schemes which can perform secure computation on integers without requiring the costly bootstrapping operation as in fully homomorphic encryption; however, SOCI suffers from relatively large computation and communication overhead. In this paper, we propose SOCI+ which significantly improves the performance of SOCI. Specifically, SOCI+ employs a novel (2,2)-threshold Paillier cryptosystem with fast …
Pias: Privacy-Preserving Incentive Announcement System Based On Blockchain For Internet Of Vehicles, Yonghua Zhan, Yang Yang, Hongju Cheng, Xiangyang Luo, Zhuangshuang Guan, Robert H. Deng
Pias: Privacy-Preserving Incentive Announcement System Based On Blockchain For Internet Of Vehicles, Yonghua Zhan, Yang Yang, Hongju Cheng, Xiangyang Luo, Zhuangshuang Guan, Robert H. Deng
Research Collection School Of Computing and Information Systems
More vehicles are connecting to the Internet of Things (IoT), transforming Vehicle Ad hoc Networks (VANETs) into the Internet of Vehicles (IoV), providing a more environmentally friendly and safer driving experience. Vehicular announcement networks show promise in vehicular communication applications. However, two major issues arise when establishing such a system. Firstly, user privacy cannot be guaranteed when messages are forwarded anonymously, thus the reliability of these messages is in question. Secondly, users often lack interest in responding to announcements. To address these problems, we introduce a Blockchain-based incentive announcement system called PIAS. This system enables anonymous message commitment in a …
Predicting Viral Rumors And Vulnerable Users With Graph-Based Neural Multi-Task Learning For Infodemic Surveillance, Xuan Zhang, Wei Gao
Predicting Viral Rumors And Vulnerable Users With Graph-Based Neural Multi-Task Learning For Infodemic Surveillance, Xuan Zhang, Wei Gao
Research Collection School Of Computing and Information Systems
In the age of the infodemic, it is crucial to have tools for effectively monitoring the spread of rampant rumors that can quickly go viral, as well as identifying vulnerable users who may be more susceptible to spreading such misinformation. This proactive approach allows for timely preventive measures to be taken, mitigating the negative impact of false information on society. We propose a novel approach to predict viral rumors and vulnerable users using a unified graph neural network model. We pre-train network-based user embeddings and leverage a cross-attention mechanism between users and posts, together with a community-enhanced vulnerability propagation (CVP) …
Comparison And Evaluation On Static Application Security Testing (Sast) Tools For Java, Kaixuan Li, Sen Chen, Lingling Fan, Ruitao Feng, Han Liu, Chengwei Liu, Yang Liu, Yixiang Chen
Comparison And Evaluation On Static Application Security Testing (Sast) Tools For Java, Kaixuan Li, Sen Chen, Lingling Fan, Ruitao Feng, Han Liu, Chengwei Liu, Yang Liu, Yixiang Chen
Research Collection School Of Computing and Information Systems
Static application security testing (SAST) takes a significant role in the software development life cycle (SDLC). However, it is challenging to comprehensively evaluate the effectiveness of SAST tools to determine which is the better one for detecting vulnerabilities. In this paper, based on well-defined criteria, we first selected seven free or open-source SAST tools from 161 existing tools for further evaluation. Owing to the synthetic and newly-constructed real-world benchmarks, we evaluated and compared these SAST tools from different and comprehensive perspectives such as effectiveness, consistency, and performance. While SAST tools perform well on synthetic benchmarks, our results indicate that only …
Learning Program Semantics For Vulnerability Detection Via Vulnerability-Specific Inter-Procedural Slicing, Bozhi Wu, Shangqing Liu, Xiao Yang, Zhiming Li, Jun Sun, Shang-Wei Lin
Learning Program Semantics For Vulnerability Detection Via Vulnerability-Specific Inter-Procedural Slicing, Bozhi Wu, Shangqing Liu, Xiao Yang, Zhiming Li, Jun Sun, Shang-Wei Lin
Research Collection School Of Computing and Information Systems
Learning-based approaches that learn code representations for software vulnerability detection have been proven to produce inspiring results. However, they still fail to capture complete and precise vulnerability semantics for code representations. To address the limitations, in this work, we propose a learning-based approach namely SnapVuln, which first utilizes multiple vulnerability-specific inter-procedural slicing algorithms to capture vulnerability semantics of various types and then employs a Gated Graph Neural Network (GGNN) with an attention mechanism to learn vulnerability semantics. We compare SnapVuln with state-of-the-art learning-based approaches on two public datasets, and confirm that SnapVuln outperforms them. We further perform an ablation study …
From Asset Flow To Status, Action And Intention Discovery: Early Malice Detection In Cryptocurrency, Ling Cheng, Feida Zhu, Yong Wang, Ruicheng Liang, Huiwen Liu
From Asset Flow To Status, Action And Intention Discovery: Early Malice Detection In Cryptocurrency, Ling Cheng, Feida Zhu, Yong Wang, Ruicheng Liang, Huiwen Liu
Research Collection School Of Computing and Information Systems
Cryptocurrency has been subject to illicit activities probably more often than traditional financial assets due to the pseudo-anonymous nature of its transacting entities. An ideal detection model is expected to achieve all three critical properties of early detection, good interpretability, and versatility for various illicit activities. However, existing solutions cannot meet all these requirements, as most of them heavily rely on deep learning without interpretability and are only available for retrospective analysis of a specific illicit type. To tackle all these challenges, we propose Intention Monitor for early malice detection in Bitcoin, where the on-chain record data for a certain …
Mitigating Membership Inference Attacks Via Weighted Smoothing, Minghan Tan, Xiaofei Xie, Jun Sun, Tianhao Wang
Mitigating Membership Inference Attacks Via Weighted Smoothing, Minghan Tan, Xiaofei Xie, Jun Sun, Tianhao Wang
Research Collection School Of Computing and Information Systems
Recent advancements in deep learning have spotlighted a crucial privacy vulnerability to membership inference attack (MIA), where adversaries can determine if specific data was present in a training set, thus potentially revealing sensitive information. In this paper, we introduce a technique, weighted smoothing (WS), to mitigate MIA risks. Our approach is anchored on the observation that training samples differ in their vulnerability to MIA, primarily based on their distance to clusters of similar samples. The intuition is clusters will make model predictions more confident and increase MIA risks. Thus WS strategically introduces noise to training samples, depending on whether they …
Prompting And Evaluating Large Language Models For Proactive Dialogues: Clarification, Target-Guided, And Non-Collaboration, Yang Deng, Lizi Liao, Liang Chen, Hongru Wang, Wenqiang Lei, Tat-Seng Chua
Prompting And Evaluating Large Language Models For Proactive Dialogues: Clarification, Target-Guided, And Non-Collaboration, Yang Deng, Lizi Liao, Liang Chen, Hongru Wang, Wenqiang Lei, Tat-Seng Chua
Research Collection School Of Computing and Information Systems
Conversational systems based on Large Language Models (LLMs), such as ChatGPT, show exceptional proficiency in context understanding and response generation. However, they still possess limitations, such as failing to ask clarifying questions to ambiguous queries or refuse users' unreasonable requests, both of which are considered as key aspects of a conversational agent's proactivity. This raises the question of whether LLM-based conversational systems are equipped to handle proactive dialogue problems. In this work, we conduct a comprehensive analysis of LLM-based conversational systems, specifically focusing on three key aspects of proactive dialogues: clarification, target-guided, and non-collaborative dialogues. To trigger the proactivity of …
Beyond Factuality: A Comprehensive Evaluation Of Large Language Models As Knowledge Generators, Liang Chen, Yang Deng, Yatao Bian, Zeyu Qin, Bingzhe Wu, Tat-Seng Chua, Kam-Fai Wong
Beyond Factuality: A Comprehensive Evaluation Of Large Language Models As Knowledge Generators, Liang Chen, Yang Deng, Yatao Bian, Zeyu Qin, Bingzhe Wu, Tat-Seng Chua, Kam-Fai Wong
Research Collection School Of Computing and Information Systems
Large language models (LLMs) outperform information retrieval techniques for downstream knowledge-intensive tasks when being prompted to generate world knowledge. Yet, community concerns abound regarding the factuality and potential implications of using this uncensored knowledge. In light of this, we introduce CONNER, a COmpreheNsive kNowledge Evaluation fRamework, designed to systematically and automatically evaluate generated knowledge from six important perspectives - Factuality, Relevance, Coherence, Informativeness, Helpfulness and Validity. We conduct an extensive empirical analysis of the generated knowledge from three different types of LLMs on two widely-studied knowledge-intensive tasks, i.e., open-domain question answering and knowledge-grounded dialogue. Surprisingly, our study reveals that the …