发布求助
文献互助 智能选刊 最新文献

2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)最新文献

筛选
英文 中文
CBSDI: Cross-Architecture Binary Code Similarity Detection based on Index Table CBSDI:基于索引表的跨架构二进制码相似度检测
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00060
Longmin Deng, Dongdong Zhao, Junwei Zhou, Zhe Xia, Jianwen Xiang
{"title":"CBSDI: Cross-Architecture Binary Code Similarity Detection based on Index Table","authors":"Longmin Deng, Dongdong Zhao, Junwei Zhou, Zhe Xia, Jianwen Xiang","doi":"10.1109/QRS57517.2022.00060","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00060","url":null,"abstract":"Binary code similarity detection for cross-platform is widely used in plagiarism detection, malware detection and vulnerability search, aiming to detect whether two binary functions over different platforms are similar. Existing cross-architecture approaches mainly rely on the approximate matching calculation of complex high-dimensional features, such as graph, which are inevitably slow and unsuitable for large-scale applications. To solve this problem, we propose a novel approach based on index table called CBSDI, improving efficiency by screening a batch of mismatched functions before similarity detection. We select three features and compare them across architectures to select the most appropriate one to construct the index table, and this table can be embedded in other tools. The evaluation shows that the index table can roughly cut the computational costs in half when there are few errors. Moreover, compared with the related works in the literature, our proposed approach can improve not only the efficiency but also the accuracy.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123490993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Strategies for Improving the Error Robustness of Convolutional Neural Networks 提高卷积神经网络误差鲁棒性的策略
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00092
António Morais, R. Barbosa, Nuno Lourenço, F. Cerveira, M. Lombardi, H. Madeira
{"title":"Strategies for Improving the Error Robustness of Convolutional Neural Networks","authors":"António Morais, R. Barbosa, Nuno Lourenço, F. Cerveira, M. Lombardi, H. Madeira","doi":"10.1109/QRS57517.2022.00092","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00092","url":null,"abstract":"The error robustness of Convolutional Neural Networks (CNNs) is an important attribute requiring attention due to their growing application in safety-critical domains such as autonomous driving and medical devices. Hardware errors affecting the execution of such models may lead to system failures and, therefore, fault tolerance techniques are necessary to improve dependability. This paper proposes an approach to improve the robustness of CNNs and experimentally compares it with three other existing techniques. Fault injection is used to emulate hardware faults affecting CNNs targeting four distinct datasets. Results indicate that the ranger technique globally provides the best robustness closely followed by the stimulated training technique, although the former provides much lower temporal overhead than the latter. Architectural redundancy and dropout provide varying results. In all cases, caution through final evaluation of any CNN is required, because there are corner cases in which the robustness decreases, contrary to the intended outcome.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128000454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Distance-Based Dynamic Random Testing Strategy for Natural Language Processing DNN Models 基于距离的自然语言处理DNN模型动态随机测试策略
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00089
Yuechen Li, Hanyu Pei, Linzhi Huang, Beibei Yin
{"title":"A Distance-Based Dynamic Random Testing Strategy for Natural Language Processing DNN Models","authors":"Yuechen Li, Hanyu Pei, Linzhi Huang, Beibei Yin","doi":"10.1109/QRS57517.2022.00089","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00089","url":null,"abstract":"Deep neural networks (DNNs) have achieved tremendous development while they may encounter with incorrect behaviors and result in economic losses. Identifying the most represented data become critical for revealing incorrect behaviours and improving the quality DNN-driven systems. Various testing strategies for DNNs have been proposed. However, DNN testing is still at early stage and existing strategies might not sufficiently effective. Dynamic random testing (DRT) strategy uses the feedback mechanism to guide the test case selection, which has been proved to be effective in fault detection. However, its efficacy for Natural Language Processing (NLP) DNN models has not been thoroughly studied. In this paper, a Distance-based DRT with prioritization (D-DRT-P) is proposed, which combines the priority information and distance information into DRT to guide the selection of test cases and testing profile adjustment. Empirical studies demonstrate that D-DRT-P can improve the fault detecting effectiveness than other test prioritization strategies in most cases.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117281924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Pattern-Based Test Platform for Families of Smart Health Products 基于模式的家庭智能健康产品测试平台
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00066
P. Almeida, J. Faria, B. Lima
{"title":"A Pattern-Based Test Platform for Families of Smart Health Products","authors":"P. Almeida, J. Faria, B. Lima","doi":"10.1109/QRS57517.2022.00066","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00066","url":null,"abstract":"One of the most critical ICT application domains is healthcare, where a single failure can lead a patient into a hazardous situation. Due to this, there’s a great necessity to ensure that the developed solutions are safe and secure and perform as expected. Smart-Health-4-All (SH4ALL) is a project aiming at accelerating the research, development, commercialization, and dissemination of trustworthy smart health solutions in Portugal. One of the key components of the project is a web platform that supports the generation of integration and system tests for smart health solutions (comprising medical devices, applications, etc.), following a software product line approach. At the domain engineering level, the platform supports the creation of feature models and related test patterns for families of smart health products. At the product engineering level, the platform supports the instantiation of test patterns and the generation of corresponding test scripts ready for execution on specific products under test. This paper presents the aforementioned test platform and test process, and the discovery of test patterns.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122974924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multi-Transaction Sequence Vulnerability Detection for Smart Contracts based on Inter-Path Data Dependency 基于路径间数据依赖的智能合约多事务序列漏洞检测
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00068
Shuai Zhang, Meng Wang, Yi Liu, Yuhan Zhang, Bin Yu
{"title":"Multi-Transaction Sequence Vulnerability Detection for Smart Contracts based on Inter-Path Data Dependency","authors":"Shuai Zhang, Meng Wang, Yi Liu, Yuhan Zhang, Bin Yu","doi":"10.1109/QRS57517.2022.00068","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00068","url":null,"abstract":"Smart contracts are commonly used to build finance-related decentralized applications. If a smart contract vulnerability is exploited by an attacker, the contract owner may suffer financial losses. We focus on a particular class of smart contract vulnerabilities that require a specific sequence of multiple transactions to trigger, which we call multi-transaction sequence vulnerabilities. Due to the combinatorial explosion problem caused by the huge number of possible transaction sequences, the efficiency and scalability for existing security analyzers to detect multi-transaction sequence vulnerabilities are limited. To alleviate the problem, we propose a vulnerability detection approach based on symbolic execution and inter-path data dependency. In the approach, we first traverse paths in a contract, and record read and write operations of each path. Then, we selectively execute paths which are conducive to discovering vulnerabilities during the subsequent detection process according to inter-path data dependencies. By pruning out most paths that are not relevant to vulnerabilities, we improve the efficiency and scalability of detecting multi-transaction sequence vulnerabilities. We evaluate our approach on 442 contracts collected from CVE reports and 104 contracts with Ether leakage and suicide defects. The experimental results show that our approach reaches an average 2x speedup comparing to Mythril.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124227594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A New Code Review Method based on Human Errors 一种新的基于人为错误的代码审查方法
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00041
Fuqun Huang, Bo Zhao, H. Madeira
{"title":"A New Code Review Method based on Human Errors","authors":"Fuqun Huang, Bo Zhao, H. Madeira","doi":"10.1109/QRS57517.2022.00041","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00041","url":null,"abstract":"Modern code reviews tend to take a lightweight process, in which the accuracy and efficiency of identifying defects rely heavily on code reviewers’ experience. The human errors of developers, as a significant cause of software defects, is a key to identifying defects. However, there is a lack of understanding of the human error mechanisms underlying defects in code. This paper proposes an innovative code review method for identifying defects by pinpointing the scenarios that developers tend to commit errors. The method was validated by a comprehensive experimental study that involved 49 code reviewers organized in two independent groups, i.e. experimental group vs. controlled group for each other. Forty reviewers have completed the whole experiment and provided the data for statistical analysis on the effects of the approach. The experiment shows that the proposed method has significantly improved True Positives and Sensitivity by about 400%, improved Precision by approximately 200%, and reduced around one-third of False Positives. The effects were consistent across different tasks and different code reviewers.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132517420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SAS-GKE: A Secure Authenticated Scalable Group Key Exchange SAS-GKE:一个安全的认证可扩展组密钥交换
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00064
Abu Faisal, Mohammad Zulkernine
{"title":"SAS-GKE: A Secure Authenticated Scalable Group Key Exchange","authors":"Abu Faisal, Mohammad Zulkernine","doi":"10.1109/QRS57517.2022.00064","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00064","url":null,"abstract":"Secure group communication is one of the challenging issues of present times. With the advancements of the cloud technologies and the internet services, people are getting more dependent on multi-party services, such as online meetings and classes, video and audio group calling and messaging, online conferences and webinars, and online gaming. To secure these multi-party communications, one of the most important components is the group key exchange (GKE). The existing GKE approaches are computationally expensive and do not offer scalability. These approaches only support small static groups to share a common secret key and do not properly address the situation of adding or removing group member(s). This is not acceptable for the multi-party communications with a large number of participants, especially when any participant(s) can join or leave the communications at any time. In this paper, we propose a secure, authenticated, and scalable group key exchange (SAS-GKE) that implements a constant-round contributory approach to generate the common secret key between any number of participants. SAS-GKE arranges all the participants in a three-tiered (depth = 2) m-ary tree structure that distributes the computational load between the participants in a balanced way. The proposed GKE utilizes public key authentication that prevents man-in-the-middle (MITM) attacks at every step of the group key exchange.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131753188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Anomaly Detection in Encrypted Identity Resolution Traffic based on Machine Learning 基于机器学习的加密身份解析流量异常检测
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00036
Zhishen Zhu, Hao Zhou, Qingya Yang, Chonghua Wang, Zhuguo Li
{"title":"Anomaly Detection in Encrypted Identity Resolution Traffic based on Machine Learning","authors":"Zhishen Zhu, Hao Zhou, Qingya Yang, Chonghua Wang, Zhuguo Li","doi":"10.1109/QRS57517.2022.00036","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00036","url":null,"abstract":"Identity resolution is an emerging network resource widely applied in Industrial Internet of Things. Although encryption improves the privacy of identity resolution, it also challenges DPI-based anomaly detection. Therefore, it is imperative to recognize and supplement the encrypted information of IDS. In this paper, we design a machine learning-based framework to automatically extract critical information of identity resolution system from network traffic. According to the characteristics of traffic, we use the hybrid feature of statistics and sequences to describe encrypted traffic. Besides, a supervised classification algorithm is applied to explore the effective classification of two communication processes, which are service attribution information for node addressing and operation behavior for data management. We tested this method based on the encrypted traffic collected from a realistic identity resolution system. The results indicate that our approach exhibits good performance, outperforms related works, and can be applied in resource-constrained industrial scenario. This is the first work analysing the identity resolution system from the perspective of traffic analysis.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131282348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ucXception: A Framework for Evaluating Dependability of Software Systems ucXception:评估软件系统可靠性的框架
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00063
Pedro David Almeida, F. Cerveira, R. Barbosa, H. Madeira
{"title":"ucXception: A Framework for Evaluating Dependability of Software Systems","authors":"Pedro David Almeida, F. Cerveira, R. Barbosa, H. Madeira","doi":"10.1109/QRS57517.2022.00063","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00063","url":null,"abstract":"Fault injection is a well-established technique in the research community that consists of emulating faults in order to obtain dependability-related data. Despite its potential, fault injection has been less widely adopted outside of academia, due to the expertise required to effectively conduct fault injection campaigns and to the lack of tools that can be easily adapted to different systems. This paper presents ucXception, an easy-to-install, extendable, open-source framework for orchestrating the entire lifecycle of fault injection campaigns without requiring expert knowledge and using a graphical interface. ucXception supports injection of software and hardware faults using realistic fault models and can be applied to a variety of target systems, including virtualized systems and complex cloud computing deployments. This brings fault injection to modern environments of cloud computing. As a use case, a preliminary analysis on the usage of failure models as a valid alternative to fault models is performed.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126683756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Safety SysML: An Executable Safety-Critical Avionics Requirement Modeling Language 安全SysML:一种可执行的安全关键航空电子需求建模语言
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00047
Huiyu Liu, Jing Liu, Wei Yin, Haiying Sun, Chenchen Yang
{"title":"Safety SysML: An Executable Safety-Critical Avionics Requirement Modeling Language","authors":"Huiyu Liu, Jing Liu, Wei Yin, Haiying Sun, Chenchen Yang","doi":"10.1109/QRS57517.2022.00047","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00047","url":null,"abstract":"Establishing formal modeling and verification methods for requirements has become the key to enhancing avionics software’s safety and development efficiency. As the mainstream modeling language used in Model-Based Software Engineering (MBSE), SysML is often applied to software requirements specifications. However, due to the lack of systematic and rigorous semantic definitions, SysML can cause problems in terms of accuracy and consistency in system development, threatening the correctness of safety-critical avionics software. To address the problem, this paper defines Safety SysML State Machine, an extended SysML state machine for safety control functions. Stepwise, the authors illustrate the formal specification and the refinement rules of the Safety SysML State Machine to construct the avionics integration model. Furthermore, a tool is implemented integrating the modeling and verification of the Safety SysML State Machine. Our contribution has a profound potential to broaden the use of MBSE and its well-known advantages in safety-critical applications. A specific case study on the aircraft roll angle control system demonstrates the effectiveness of our approach and the tool.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123670098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信