no code implementations • 24 May 2023 • Keith Paarporn, Shouhuai Xu
In this paper, we analyze the infection spreading dynamics of malware in a population of cyber nodes (i. e., computers or devices).
1 code implementation • 22 Feb 2023 • Deqiang Li, Shicheng Cui, Yun Li, Jia Xu, Fu Xiao, Shouhuai Xu
To promote defense effectiveness, we propose a new mixture of attacks to instantiate PAD to enhance deep neural network-based measurements and malware detectors.
1 code implementation • 12 Feb 2022 • Zhen Li, Guenevere, Chen, Chen Chen, Yayi Zou, Shouhuai Xu
Recent studies show that current source code authorship attribution methods can be compromised by attackers exploiting adversarial examples and coding style manipulation.
1 code implementation • 20 Sep 2021 • Deqiang Li, Tian Qiu, Shuo Chen, Qianmu Li, Shouhuai Xu
Our main findings are: (i) predictive uncertainty indeed helps achieve reliable malware detection in the presence of dataset shift, but cannot cope with adversarial evasion attacks; (ii) approximate Bayesian methods are promising to calibrate and generalize malware detectors to deal with dataset shift, but cannot cope with adversarial evasion attacks; (iii) adversarial evasion attacks can render calibration methods useless, and it is an open problem to quantify the uncertainty associated with the predicted labels of adversarial examples (i. e., it is not effective to use predictive uncertainty to detect adversarial examples).
1 code implementation • 2 Aug 2021 • Zhen Li, Jing Tang, Deqing Zou, Qian Chen, Shouhuai Xu, Chao Zhang, Yichen Li, Hai Jin
Automatically detecting software vulnerabilities in source code is an important problem that has attracted much attention.
no code implementations • 24 May 2020 • Deqiang Li, Qianmu Li, Yanfang Ye, Shouhuai Xu
In this paper, we survey and systematize the field of Adversarial Malware Detection (AMD) through the lens of a unified conceptual framework of assumptions, attacks, defenses, and security properties.
1 code implementation • 15 Apr 2020 • Deqiang Li, Qianmu Li, Yanfang Ye, Shouhuai Xu
By conducting experiments with the Drebin Android malware dataset, we show that the framework can achieve a 98. 49\% accuracy (on average) against grey-box attacks, where the attacker knows some information about the defense and the defender knows some information about the attack, and an 89. 14% accuracy (on average) against the more capable white-box attacks, where the attacker knows everything about the defense and the defender knows some information about the attack.
no code implementations • 8 Jan 2020 • Deqing Zou, Sujuan Wang, Shouhuai Xu, Zhen Li, Hai Jin
Existing vulnerability detection methods based on deep learning can detect the presence of vulnerabilities (i. e., addressing the binary classification or detection problem), but cannot pinpoint types of vulnerabilities (i. e., incapable of addressing multiclass classification).
1 code implementation • 19 Dec 2018 • Deqiang Li, Qianmu Li, Yanfang Ye, Shouhuai Xu
However, machine learning is known to be vulnerable to adversarial evasion attacks that manipulate a small number of features to make classifiers wrongly recognize a malware sample as a benign one.
Cryptography and Security 68-06
no code implementations • 7 Nov 2018 • Lin Chen, Lei Xu, Shouhuai Xu, Zhimin Gao, Weidong Shi
In this paper, we introduce a novel variant of the bribery problem, "Election with Bribed Voter Uncertainty" or BVU for short, accommodating the uncertainty that the vote of a bribed voter may or may not be counted.
no code implementations • 18 Sep 2018 • Deqiang Li, Ramesh Baral, Tao Li, Han Wang, Qianmu Li, Shouhuai Xu
Adversarial machine learning in the context of image processing and related applications has received a large amount of attention.
4 code implementations • 18 Jul 2018 • Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen
Our experiments with 4 software products demonstrate the usefulness of the framework: we detect 15 vulnerabilities that are not reported in the National Vulnerability Database.
4 code implementations • 5 Jan 2018 • Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, Yuyi Zhong
Since deep learning is motivated to deal with problems that are very different from the problem of vulnerability detection, we need some guiding principles for applying deep learning to vulnerability detection.
no code implementations • 24 Mar 2016 • Zhenxin Zhan, Maochao Xu, Shouhuai Xu
In this paper, we propose the {\em first} statistical framework for rigorously analyzing honeypot-captured cyber attack data.
Cryptography and Security Applications
no code implementations • 8 Aug 2014 • Li Xu, Zhenxin Zhan, Shouhuai Xu, Keyin Ye
Within this framework, we show that an adaptive attacker can make malicious websites evade powerful detection models, but proactive training can be an effective counter-evasion defense mechanism.