发布求助
文献互助 智能选刊 最新文献

2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)最新文献

筛选
英文 中文
Joint Prediction of Multiple Vulnerability Characteristics Through Multi-Task Learning 基于多任务学习的多漏洞特征联合预测
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00011
Xiujun Gong, Zhenchang Xing, Xiaohong Li, Zhiyong Feng, Zhuobing Han
{"title":"Joint Prediction of Multiple Vulnerability Characteristics Through Multi-Task Learning","authors":"Xiujun Gong, Zhenchang Xing, Xiaohong Li, Zhiyong Feng, Zhuobing Han","doi":"10.1109/ICECCS.2019.00011","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00011","url":null,"abstract":"Software vulnerabilities seriously affect the security of computing systems and they are continuously disclosed and reported. When documenting software vulnerabilities, characterizing the severity, exploitability and impact of a vulnerability is critical for effective triaging and management of software vulnerabilities. Faced with ever-growing number of new vulnerabilities, we observe a significant lag between the disclosure of a vulnerability and the specification of its characteristics. This lag calls for automated, reliable assessment of vulnerability characteristics to assist security analysts in allocating their limited efforts to potentially most serious vulnerabilities. Existing automated techniques for vulnerability assessment require hand-crafted features and balanced data, and consider each specific characteristic independently at a time. In this paper, we propose a multi-task machine learning approach for the joint prediction of multiple vulnerability characteristics based on the vulnerability descriptions. Our approach gets rid of the requirement of balanced data, and it relies on neural networks that learn to extract features from training data. Using the large-scale vulnerability data in the Common Vulnerabilities and Exposure(CVE) database, we conduct extensive experiments to compare different configurations of neural network feature extractors, study the impact of multi-task learning versus independent-task learning, and investigate the performance of our approach for predicting the characteristics of newly disclosed vulnerabilities and the minimum requirement of historical vulnerability data for training reliable prediction model.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133630281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Industry-Oriented Project-Based Learning of Software Engineering 面向行业的基于项目的软件工程学习
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00013
M. Spichkova
{"title":"Industry-Oriented Project-Based Learning of Software Engineering","authors":"M. Spichkova","doi":"10.1109/ICECCS.2019.00013","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00013","url":null,"abstract":"Teaching of Software Engineering is challenging, especially when dealing with large cohorts of students, as well as cohorts with the diversity in the students' backgrounds, workloads and availabilities for face-to-face study. Especially challenging it becomes when we aim not only to provide necessary theoretical knowledge, but also to improve students' employability by making the projects really industry-oriented. This paper presents our experience on the redesign of Software Engineering project course to meet the above challenges, the lessons learned and the feedback from the students. The course is provided for both Bachelor and Master students at their final year of study, so our goal is to make students work-ready and to provide opportunities for networking with local and global companies, as well as other university disciplines.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122625132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Adaptive Randomized Scheduling for Concurrency Bug Detection 并发Bug检测的自适应随机调度
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00021
Zan Wang, Dongdi Zhang, Shuang Liu, Jun Sun, Yingquan Zhao
{"title":"Adaptive Randomized Scheduling for Concurrency Bug Detection","authors":"Zan Wang, Dongdi Zhang, Shuang Liu, Jun Sun, Yingquan Zhao","doi":"10.1109/ICECCS.2019.00021","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00021","url":null,"abstract":"Multi-threaded programs often exhibit erroneous behaviours due to unintended interactions among threads. Those bugs are often difficult to find because they typically manifest under very specific thread schedules. The traditional randomized algorithms increase the probability of exploring infrequent interleavings using randomized scheduling and improve the chances of detecting concurrency defects. However, they may generate many redundant trials, especially for those hard-to-detect defects, and thus their performance is often not stable. In this work, we propose an adaptive randomized scheduling algorithm~(ARS), which adaptively explores the search space and detects concurrency bugs more efficiently with less efforts. We compare ARS with random searching and the state-of-the-art maximal causality reduction method on 27 concurrent Java programs. The evaluation results show that ARS shows a more stable performance in terms of effectiveness in detecting multi-threaded bugs. Particularly, ARS shows a good potential in detecting hard-to-expose bugs.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125465018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform MobiDroid:一种性能敏感的移动平台恶意软件检测系统
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00014
Ruitao Feng, Sen Chen, Xiaofei Xie, L. Ma, Guozhu Meng, Y. Liu, Shang-Wei Lin
{"title":"MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform","authors":"Ruitao Feng, Sen Chen, Xiaofei Xie, L. Ma, Guozhu Meng, Y. Liu, Shang-Wei Lin","doi":"10.1109/ICECCS.2019.00014","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00014","url":null,"abstract":"Currently, Android malware detection is mostly performed on the server side against the increasing number of Android malware. Powerful computing resource gives more exhaustive protection for Android markets than maintaining detection by a single user in many cases. However, apart from the Android apps provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing a serious security threat to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection because the network transmission has a lot of overhead. In addition, the uploading process also suffers from the threat of attackers. Consequently, a last line of defense on Android devices is necessary and much-needed. To address these problems, in this paper, we propose an effective Android malware detection system, MobiDroid, leveraging deep learning to provide a real-time secure and fast response environment on Android devices. Although a deep learning-based approach can be maintained on server side efficiently for detecting Android malware, deep learning models cannot be directly deployed and executed on Android devices due to various performance limitations such as computation power, memory size, and energy. Therefore, we evaluate and investigate the different performances with various feature categories, and further provide an effective solution to detect malware on Android devices. The proposed detection system on Android devices in this paper can serve as a starting point for further study of this important area.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121629552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
A Formal Methods Approach to Security Requirements Specification and Verification 安全需求规范和验证的形式化方法
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00033
Quentin Rouland, B. Hamid, J. Bodeveix, M. Filali
{"title":"A Formal Methods Approach to Security Requirements Specification and Verification","authors":"Quentin Rouland, B. Hamid, J. Bodeveix, M. Filali","doi":"10.1109/ICECCS.2019.00033","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00033","url":null,"abstract":"The specification and the verification of security requirements is one of the major computer-based systems challenges. Security requirements need to be precisely specified before a tool can manipulate them, and though several approaches to security requirements specification have been proposed, they do not provide the scalability and flexibility required in practice. We take this problem towards an integrated approach for security requirement specification and treatment during the software architecture design time. The general idea of the approach is to: (1) specify security requirements as properties of a modeled system in a technology-independent specification language; (2) implement the developed model in a suitable language with tool support for requirement satisfaction through model verification; and (3) suggest a set of security policies to constrain the operation of the system and to guarantee the security properties. In the scope of this paper, we use first-order logic as a formalism that is abstract and technology-independent and Alloy as a tooled language used in modeling and software development. To validate our work, we explore a set of representative security properties from categories based on CIA classification in the context of secure component-based software architecture development.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129322247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
EFLightPM: An Efficient and Lightweight Persistent Memory System EFLightPM:一个高效和轻量级的持久内存系统
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00024
Kaixin Huang, Yan Yan, Linpeng Huang
{"title":"EFLightPM: An Efficient and Lightweight Persistent Memory System","authors":"Kaixin Huang, Yan Yan, Linpeng Huang","doi":"10.1109/ICECCS.2019.00024","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00024","url":null,"abstract":"Emerging non-volatile memory (also termed as persistent memory, PM) technologies promise persistence, byte addressability and DRAM-like read/write latency. A proliferation of persistent memory systems such as Mnemosyne, NVHeaps, PMDK and HEAPO have been proposed to leverage PM for fast data persistence. However, their performance may suffer from inefficiency issues, mainly caused by kernel/user layer context switches and heavy transaction logging overhead. Concretely, getting a persistent region in Mnemosyne, NV-Heaps and PMDK needs two kernel/user layer context switches since the mmap-like system calls are used, which leads to high latency. To guarantee data consistency, existing systems employ redo or undo logging techniques but they bring non-negligible overhead due to double writes and persistence ordering. In this paper, we develop EFlightPM, an efficient and lightweight persistent memory system to manage data in a fine-grained style. We decouple the data organization for persistent regions by placing large regions in the kernel layer while exposing small regions in the user layer. We also design a lightweight transaction mechanism using hybrid logging with high efficiency by minimizing the writes in the critical path. The experimental results show that compared with state-of-the-art persistent memory systems, EFlightPM manipulates fine-grained persistent data with less persistent region operation overhead and more transaction throughput.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129505920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Assessing the Relation Between Hazards and Variability in Automotive Systems 评估汽车系统中危险与变异性之间的关系
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00028
Xiaoyi Zhang, Paolo Arcaini, F. Ishikawa
{"title":"Assessing the Relation Between Hazards and Variability in Automotive Systems","authors":"Xiaoyi Zhang, Paolo Arcaini, F. Ishikawa","doi":"10.1109/ICECCS.2019.00028","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00028","url":null,"abstract":"Safety assessment of automotive systems is highly demanded, as failure of such systems can lead to dramatic consequences. Usually, these systems are affected by some variability as they contain some production parameters (e.g., the car power, or the braking force) that may drastically affect the behaviour of the system, and so the safety guarantees. Moreover, these systems operate in diverse environmental conditions (e.g., dry or slippery road) that may also affect the system behaviour (we name them as environmental parameters). Classical verification/validation techniques perform safety assessment by considering one particular instance of the system in one particular environmental setting. However, they do not assess the influence of system variability on the final safety. In this paper, we propose a framework for assessing the relation of production and environmental parameters with the overall safety. We first propose an approach based on simulation that assigns hazard degrees to partitions of each parameter domain (defined in terms of fuzzy sets). However, the safety could be affected by interactions of different parameters. Therefore, we also propose a clustering approach that aims at identifying patterns of parameter values providing similar hazard degrees. The approaches have been experimented on an industrial case study related to an automotive collision avoidance system implemented in Simulink. Critical parameters and parameter patterns related to potential collisions were identified and explained.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129540910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
[Title page iii] [标题页iii]
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/iceccs.2019.00002
{"title":"[Title page iii]","authors":"","doi":"10.1109/iceccs.2019.00002","DOIUrl":"https://doi.org/10.1109/iceccs.2019.00002","url":null,"abstract":"","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123065586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Static Detection of Control-Flow-Related Vulnerabilities Using Graph Embedding 基于图嵌入的控制流相关漏洞静态检测
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00012
Xiao Cheng, Haoyu Wang, Jiayi Hua, Miao Zhang, Guoai Xu, Li Yi, Yulei Sui
{"title":"Static Detection of Control-Flow-Related Vulnerabilities Using Graph Embedding","authors":"Xiao Cheng, Haoyu Wang, Jiayi Hua, Miao Zhang, Guoai Xu, Li Yi, Yulei Sui","doi":"10.1109/ICECCS.2019.00012","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00012","url":null,"abstract":"Static vulnerability detection has shown its effectiveness in detecting well-defined low-level memory errors. However, high-level control-flow related (CFR) vulnerabilities, such as insufficient control flow management (CWE-691), business logic errors (CWE-840), and program behavioral problems (CWE-438), which are often caused by a wide variety of bad programming practices, posing a great challenge for existing general static analysis solutions. This paper presents a new deep-learning-based graph embedding approach to accurate detection of CFR vulnerabilities. Our approach makes a new attempt by applying a recent graph convolutional network to embed code fragments in a compact and low-dimensional representation that preserves high-level control-flow information of a vulnerable program. We have conducted our experiments using 8,368 real-world vulnerable programs by comparing our approach with several traditional static vulnerability detectors and state-of-the-art machine-learning-based approaches. The experimental results show the effectiveness of our approach in terms of both accuracy and recall. Our research has shed light on the promising direction of combining program analysis with deep learning techniques to address the general static analysis challenges.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124374498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Safe Inputs Approximation for Black-Box Systems 黑箱系统的安全输入近似
2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) Pub Date : 2019-11-01 DOI: 10.1109/ICECCS.2019.00027
Bai Xue, Yang Liu, L. Ma, Xiyue Zhang, Meng Sun, Xiaofei Xie
{"title":"Safe Inputs Approximation for Black-Box Systems","authors":"Bai Xue, Yang Liu, L. Ma, Xiyue Zhang, Meng Sun, Xiaofei Xie","doi":"10.1109/ICECCS.2019.00027","DOIUrl":"https://doi.org/10.1109/ICECCS.2019.00027","url":null,"abstract":"Given a family of independent and identically distributed samples extracted from the input region and their corresponding outputs, in this paper we propose a method to under-approximate the set of safe inputs that lead the black-box system to respect a given safety specification. Our method falls within the framework of probably approximately correct (PAC) learning. The computed under-approximation comes with statistical soundness provided by the underlying PAC learning process. Such a set, which we call a PAC under-approximation, is obtained by computing a PAC model of the black-box system with respect to the specified safety specification. In our method, the PAC model is computed based on the scenario approach, which encodes as a linear program. The linear program is constructed based on the given family of input samples and their corresponding outputs. The size of the linear program does not depend on the dimensions of the state space of the black-box system, thus providing scalability. Moreover, the linear program does not depend on the internal mechanism of the black-box system, thus being applicable to systems that existing methods are not capable of dealing with. Some case studies demonstrate these properties, general performance and usefulness of our approach.","PeriodicalId":432828,"journal":{"name":"2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","volume":"253 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124172675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信