Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 13 of 13
Full-Text Articles in Physical Sciences and Mathematics
Stealthy Backdoor Attack For Code Models, Zhou Yang, Bowen Xu, Jie M. Zhang, Hong Jin Kang, Jieke Shi, Junda He, David Lo
Stealthy Backdoor Attack For Code Models, Zhou Yang, Bowen Xu, Jie M. Zhang, Hong Jin Kang, Jieke Shi, Junda He, David Lo
Research Collection School Of Computing and Information Systems
Code models, such as CodeBERT and CodeT5, offer general-purpose representations of code and play a vital role in supporting downstream automated software engineering tasks. Most recently, code models were revealed to be vulnerable to backdoor attacks. A code model that is backdoor-attacked can behave normally on clean examples but will produce pre-defined malicious outputs on examples injected with that activate the backdoors. Existing backdoor attacks on code models use unstealthy and easy-to-detect triggers. This paper aims to investigate the vulnerability of code models with backdoor attacks. To this end, we propose A (dversarial eature as daptive Back). A achieves stealthiness …
A Reliable And Secure Mobile Cyber-Physical Digital Microfluidic Biochip For Intelligent Healthcare, Yinan Yao, Decheng Qiu, Huangda Liu, Zhongliao Yang, Ximeng Liu, Yang Yang, Chen Dong
A Reliable And Secure Mobile Cyber-Physical Digital Microfluidic Biochip For Intelligent Healthcare, Yinan Yao, Decheng Qiu, Huangda Liu, Zhongliao Yang, Ximeng Liu, Yang Yang, Chen Dong
Research Collection School Of Computing and Information Systems
Digital microfluidic, as an emerging and potential technology, diversifies the biochemical applications platform, such as protein dilution sewage detection. At present, a vast majority of universal cyberphysical digital microfluidic biochips (DMFBs) transmit data through wires via personal computers and microcontrollers (like Arduino), consequently, susceptible to various security threats and with the popularity of wireless devices, losing competitiveness gradually. On the premise that security be ensured first and foremost, calls for wireless portable, safe, and economical DMFBs are imperative to expand their application fields, engage more users, and cater to the trend of future wireless communication. To this end, a new …
Data Quality Matters: A Case Study On Data Label Correctness For Security Bug Report Prediction, Xiaoxue Wu, Wei Zheng, Xin Xia, David Lo
Data Quality Matters: A Case Study On Data Label Correctness For Security Bug Report Prediction, Xiaoxue Wu, Wei Zheng, Xin Xia, David Lo
Research Collection School Of Computing and Information Systems
In the research of mining software repositories, we need to label a large amount of data to construct a predictive model. The correctness of the labels will affect the performance of a model substantially. However, limited studies have been performed to investigate the impact of mislabeled instances on a predictive model. To bridge the gap, in this article, we perform a case study on the security bug report (SBR) prediction. We found five publicly available datasets for SBR prediction contains many mislabeled instances, which lead to the poor performance of SBR prediction models of recent studies (e.g., the work of …
Sofi: Reflection-Augmented Fuzzing For Javascript Engines, Xiaoyu He, Xiaofei Xie, Yuekang Li, Jianwen Sun, Feng Li, Wei Zou, Yang Liu, Lei Yu, Jianhua Zhou, Wenchang Shi, Wei Huo
Sofi: Reflection-Augmented Fuzzing For Javascript Engines, Xiaoyu He, Xiaofei Xie, Yuekang Li, Jianwen Sun, Feng Li, Wei Zou, Yang Liu, Lei Yu, Jianhua Zhou, Wenchang Shi, Wei Huo
Research Collection School Of Computing and Information Systems
JavaScript engines have been shown prone to security vulnerabilities, which can lead to serious consequences due to their popularity. Fuzzing is an effective testing technique to discover vulnerabilities. The main challenge of fuzzing JavaScript engines is to generate syntactically and semantically valid inputs such that deep functionalities can be explored. However, due to the dynamic nature of JavaScript and the special features of different engines, it is quite challenging to generate semantically meaningful test inputs.We observed that state-of-the-art semantic-aware JavaScript fuzzers usually require manually written rules to analyze the semantics for a JavaScript engine, which is labor-intensive, incomplete and engine-specific. …
Smart Contract Security: A Practitioners' Perspective, Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, Xiaohu Yang
Smart Contract Security: A Practitioners' Perspective, Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, Xiaohu Yang
Research Collection School Of Computing and Information Systems
Smart contracts have been plagued by security incidents, which resulted in substantial financial losses. Given numerous research efforts in addressing the security issues of smart contracts, we wondered how software practitioners build security into smart contracts in practice. We performed a mixture of qualitative and quantitative studies with 13 interviewees and 156 survey respondents from 35 countries across six continents to understand practitioners' perceptions and practices on smart contract security. Our study uncovers practitioners' motivations and deterrents of smart contract security, as well as how security efforts and strategies fit into the development lifecycle. We also find that blockchain platforms …
Out Of Sight, Out Of Mind? How Vulnerable Dependencies Affect Open-Source Projects, Gede Artha Azriadi Prana, Abhishek Sharma, Lwin Khin Shar, Darius Foo, Andrew E. Santosa, Asankhaya Sharma, David Lo
Out Of Sight, Out Of Mind? How Vulnerable Dependencies Affect Open-Source Projects, Gede Artha Azriadi Prana, Abhishek Sharma, Lwin Khin Shar, Darius Foo, Andrew E. Santosa, Asankhaya Sharma, David Lo
Research Collection School Of Computing and Information Systems
Context: Software developers often use open-source libraries in their project to improve development speed. However, such libraries may contain security vulnerabilities, and this has resulted in several high-profile incidents in re- cent years. As usage of open-source libraries grows, understanding of these dependency vulnerabilities becomes increasingly important. Objective: In this work, we analyze vulnerabilities in open-source libraries used by 450 software projects written in Java, Python, and Ruby. Our goal is to examine types, distribution, severity, and persistence of the vulnerabili- ties, along with relationships between their prevalence and project as well as commit attributes. Method: Our data is obtained …
A Performance-Sensitive Malware Detection System Using Deep Learning On Mobile Devices, Ruitao Feng, Sen Chen, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, Yang Liu
A Performance-Sensitive Malware Detection System Using Deep Learning On Mobile Devices, Ruitao Feng, Sen Chen, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, Yang Liu
Research Collection School Of Computing and Information Systems
Currently, Android malware detection is mostly performed on server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications (apps) provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers …
Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee
Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee
Research Collection School Of Computing and Information Systems
Providing secure access to smart devices such as mobiles, wearables and various other IoT devices is becoming increasinglyimportant, especially as these devices store a range of sensitive personal information. Breathing acoustics-based authentication offers a highly usable and possibly a secondary authentication mechanism for such authorized access, especially as it canbe readily applied to small form-factor devices. Executing sophisticated machine learning pipelines for such authenticationon such devices remains an open problem, given their resource limitations in terms of storage, memory and computational power. To investigate this possibility, we compare the performance of an end-to-end system for both user identification anduser verification …
Breathprint: Breathing Acoustics-Based User Authentication, Jagmohan Chauhan, Yining Hu, Suranga Sereviratne, Archan Misra, Aruna Sereviratne, Youngki Lee
Breathprint: Breathing Acoustics-Based User Authentication, Jagmohan Chauhan, Yining Hu, Suranga Sereviratne, Archan Misra, Aruna Sereviratne, Youngki Lee
Research Collection School Of Computing and Information Systems
We propose BreathPrint, a new behavioural biometric signature based on audio features derived from an individual's commonplace breathing gestures. Specifically, BreathPrint uses the audio signatures associated with the three individual gestures: sniff, normal, and deep breathing, which are sufficiently different across individuals. Using these three breathing gestures, we develop the processing pipeline that identifies users via the microphone sensor on smartphones and wearable devices. In BreathPrint, a user performs breathing gestures while holding the device very close to their nose. Using off-the-shelf hardware, we experimentally evaluate the BreathPrint prototype with 10 users, observed over seven days. We show that users …
What Security Questions Do Developers Ask? A Large-Scale Study Of Stack Overflow Posts, Xinli Yang, David Lo, Xin Xia, Zhi-Yuan Wan, Jian-Ling Sun
What Security Questions Do Developers Ask? A Large-Scale Study Of Stack Overflow Posts, Xinli Yang, David Lo, Xin Xia, Zhi-Yuan Wan, Jian-Ling Sun
Research Collection School Of Computing and Information Systems
Security has always been a popular and critical topic. With the rapid development of information technology, it is always attracting people’s attention. However, since security has a long history, it covers a wide range of topics which change a lot, from classic cryptography to recently popular mobile security. There is a need to investigate security-related topics and trends, which can be a guide for security researchers, security educators and security practitioners. To address the above-mentioned need, in this paper, we conduct a large-scale study on security-related questions on Stack Overflow. Stack Overflow is a popular on-line question and answer site …
Value-Inspired Service Design In Elderly Home-Monitoring Systems, Na Liu, Sandeep Purao, Hwee-Pink Tan
Value-Inspired Service Design In Elderly Home-Monitoring Systems, Na Liu, Sandeep Purao, Hwee-Pink Tan
Research Collection School Of Computing and Information Systems
The provision of elderly home-monitoring systems to enhance aging-in-place requires the service to meet the needs of both the elderly and their caregivers. The design of such IT services requires interdisciplinary efforts to look beyond the technical requirements. Taking a value-inspired design perspective, the study argues that service design for promoting aging-in-place needs to reconcile the values of both the elderly and caregivers. Drawn from the framework of basic human values and the unique experience of the SHINESeniors project, the study extracts the core values for elderly and caregivers using a multi-method case analysis. We suggest that both system and …
Machine Learning In Wireless Sensor Networks: Algorithms, Strategies, And Applications, Mohammad Abu Alsheikh, Shaowei Lin, Dusit Niyato, Hwee-Pink Tan
Machine Learning In Wireless Sensor Networks: Algorithms, Strategies, And Applications, Mohammad Abu Alsheikh, Shaowei Lin, Dusit Niyato, Hwee-Pink Tan
Research Collection School Of Computing and Information Systems
Wireless sensor networks (WSNs) monitor dynamic environments that change rapidly over time. This dynamic behavior is either caused by external factors or initiated by the system designers themselves. To adapt to such conditions, sensor networks often adopt machine learning techniques to eliminate the need for unnecessary redesign. Machine learning also inspires many practical solutions that maximize resource utilization and prolong the lifespan of the network. In this paper, we present an extensive literature review over the period 2002-2013 of machine learning methods that were used to address common issues in WSNs. The advantages and disadvantages of each proposed algorithm are …
Securearray: Improving Wifi Security With Fine-Grained Physical-Layer, Jie Xiong, Kyle Jamieson
Securearray: Improving Wifi Security With Fine-Grained Physical-Layer, Jie Xiong, Kyle Jamieson
Research Collection School Of Computing and Information Systems
Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense …