Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00072
Godswill Lucky, F. Jjunju, A. Marshall
The development of an accurate, efficient and lightweight distributed solution for the detection and prevention of DDoS attacks provides network designers with new options to monitor and secure networks according to their strategic needs. Here we present, a lightweight architecture that distinguishes attack network flows from normal traffic flows with a detection accuracy of over 99.9%. The architecture presented is optimised for deployment in low-cost environments for efficient, rapid detection and prevention of DDoS attacks. To achieve a computationally efficiency architecture, the system was trained with a minimal number of features using a robust features selection approach and validated against the CIC 2017 and 2019 datasets. Analysis of the design is presented and results shows that the new architecture uses just 7% processing power of the detection system and provides no additional overhead to the monitored network.
{"title":"A Lightweight Decision-Tree Algorithm for detecting DDoS flooding attacks","authors":"Godswill Lucky, F. Jjunju, A. Marshall","doi":"10.1109/QRS-C51114.2020.00072","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00072","url":null,"abstract":"The development of an accurate, efficient and lightweight distributed solution for the detection and prevention of DDoS attacks provides network designers with new options to monitor and secure networks according to their strategic needs. Here we present, a lightweight architecture that distinguishes attack network flows from normal traffic flows with a detection accuracy of over 99.9%. The architecture presented is optimised for deployment in low-cost environments for efficient, rapid detection and prevention of DDoS attacks. To achieve a computationally efficiency architecture, the system was trained with a minimal number of features using a robust features selection approach and validated against the CIC 2017 and 2019 datasets. Analysis of the design is presented and results shows that the new architecture uses just 7% processing power of the detection system and provides no additional overhead to the monitored network.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132818320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00018
Peng Wu, Liangze Yin, Xiang Du, Liyuan Jia, Wei Dong
With the development of open source software and open source community, there are more available codes on the Internet. And the open vulnerability information can be found on the Internet. In fact, using known vulnerabilities to calculate the similarity with the source code has been demonstrated a useful method to detect vulnerabilities. But the vulnerabilities often have many irrelevant codes, which may cause false positives and reduce the accuracy of vulnerability detection. Besides, the program code may have been patched. This also leads to false positives. We use code property graphs to extract source code and calculate the similarity between the vulnerable code and the source code to judge whether the software has vulnerabilities. By using the patched code, we can reduce the false positive. We use our approach on LibTIFF and Linux kernel. The experimental results show that the approach can effectively find vulnerabilities and reduce the false positive.
{"title":"Graph-based Vulnerability Detection via Extracting Features from Sliced Code","authors":"Peng Wu, Liangze Yin, Xiang Du, Liyuan Jia, Wei Dong","doi":"10.1109/QRS-C51114.2020.00018","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00018","url":null,"abstract":"With the development of open source software and open source community, there are more available codes on the Internet. And the open vulnerability information can be found on the Internet. In fact, using known vulnerabilities to calculate the similarity with the source code has been demonstrated a useful method to detect vulnerabilities. But the vulnerabilities often have many irrelevant codes, which may cause false positives and reduce the accuracy of vulnerability detection. Besides, the program code may have been patched. This also leads to false positives. We use code property graphs to extract source code and calculate the similarity between the vulnerable code and the source code to judge whether the software has vulnerabilities. By using the patched code, we can reduce the false positive. We use our approach on LibTIFF and Linux kernel. The experimental results show that the approach can effectively find vulnerabilities and reduce the false positive.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123413403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00044
Mengqi Luo, Fengchang Yu, Haihua Chen
Clinical case reports are the ‘eyewitness’ in biomedical literature and provide a valuable, unique, albeit noisy and underutilized type of evidence. Main finding is the reason for writing up the reports. Main finding based case reports retrieval provides way for user to conveniently access information of eyewitness evidence. However, user retrieval requirements are often ambiguous and diverse, traditional similarity based retrieval mechanism cannot meet different needs of users. Here, we conduct research of result diversification in case reports retrieval based on main finding. First, four similarity measurements for comparing main finding contents are used for initial result ranking; second, two implicit reranking algorithms and two explicit reranking algorithms are applied for result diversification. Experimental result showed that the methods we used had improved sub-topics coverage rate (CR@ X%) in re-ranking result, which proved the effectiveness of our research work for improving result diversification degree.
{"title":"Result Diversification in Clinical Case Reports Retrieval based on Main Finding","authors":"Mengqi Luo, Fengchang Yu, Haihua Chen","doi":"10.1109/QRS-C51114.2020.00044","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00044","url":null,"abstract":"Clinical case reports are the ‘eyewitness’ in biomedical literature and provide a valuable, unique, albeit noisy and underutilized type of evidence. Main finding is the reason for writing up the reports. Main finding based case reports retrieval provides way for user to conveniently access information of eyewitness evidence. However, user retrieval requirements are often ambiguous and diverse, traditional similarity based retrieval mechanism cannot meet different needs of users. Here, we conduct research of result diversification in case reports retrieval based on main finding. First, four similarity measurements for comparing main finding contents are used for initial result ranking; second, two implicit reranking algorithms and two explicit reranking algorithms are applied for result diversification. Experimental result showed that the methods we used had improved sub-topics coverage rate (CR@ X%) in re-ranking result, which proved the effectiveness of our research work for improving result diversification degree.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130584845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00035
Dongcheng Li, W. E. Wong, Man Zhao, Qiang Hou
Computerized systems and software, which allow optimizing and planning the processes of production, storage, transportation, sale, and distribution of goods, have emerged in the industry. Scheduling systems, in particular, are designed to control and optimize the manufacturing process. This tool can have a significant effect on the productivity of the industry because it reduces the time and cost through well-defined optimization algorithms. Recently, the applicability of blockchain technology has been demonstrated in scheduling systems to add decentralization, traceability, au-ditability, and verifiability of the immutable information that this technology provides. This is a novel contribution that provides scheduling systems with an additional layer of security. With the latest version of Hyperledger Fabric, the appropriate levels of permission and policies for access to information can be established with significant levels of privacy and security, which prevent malicious actors from trying to cheat or abuse the system. Different alternatives exist to manage all processes associated with the operation of a blockchain network, and among them, providers of blockchain as a service have emerged. Chainstack stands out for its simplicity and scalability features to deploy and operate a blockchain network. Our goal in this work is to create a solution for secure storage of and access to task-scheduling scheme on the consortium blockchain and inter-planetary file system as a proof of concept to demonstrate its potential and usability.
{"title":"Secure Storage and Access for Task-Scheduling Schemes on Consortium Blockchain and Interplanetary File System","authors":"Dongcheng Li, W. E. Wong, Man Zhao, Qiang Hou","doi":"10.1109/QRS-C51114.2020.00035","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00035","url":null,"abstract":"Computerized systems and software, which allow optimizing and planning the processes of production, storage, transportation, sale, and distribution of goods, have emerged in the industry. Scheduling systems, in particular, are designed to control and optimize the manufacturing process. This tool can have a significant effect on the productivity of the industry because it reduces the time and cost through well-defined optimization algorithms. Recently, the applicability of blockchain technology has been demonstrated in scheduling systems to add decentralization, traceability, au-ditability, and verifiability of the immutable information that this technology provides. This is a novel contribution that provides scheduling systems with an additional layer of security. With the latest version of Hyperledger Fabric, the appropriate levels of permission and policies for access to information can be established with significant levels of privacy and security, which prevent malicious actors from trying to cheat or abuse the system. Different alternatives exist to manage all processes associated with the operation of a blockchain network, and among them, providers of blockchain as a service have emerged. Chainstack stands out for its simplicity and scalability features to deploy and operate a blockchain network. Our goal in this work is to create a solution for secure storage of and access to task-scheduling scheme on the consortium blockchain and inter-planetary file system as a proof of concept to demonstrate its potential and usability.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130936204","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00047
Renzhi Tang, Zhihao Jiang
Vision is the primary way to perceive the environment during driving. However, due to its low spatial and temporal resolution, a driver may fail to perceive agents on the road, which may lead to collisions. Modern vehicles are equipped with sensors that can better perceive the driving environment, as well as ADAS to provide driving assist. However, ADAS does not consider the driver's perception, which may result in unnecessary warnings or actions against the driver's will. These false-positives may cause distractions and confusions in complex driving scenarios, which pose safety threat. In this project, we proposed a driving assist system which can reduce the number of unnecessary warnings by taking into account the driver's perception of the driving environment. The driver's perception model combines estimation of driving environment update and driver's observation. The driver's observation is obtained from gaze tracking and the driving environment update is estimated based on the last observation. In this paper, we formulated inference problem on the driver's perception, and developed a virtual driving simulator to evaluate the feasibility of the system.
{"title":"Driver's Perception Model in Driving Assist","authors":"Renzhi Tang, Zhihao Jiang","doi":"10.1109/QRS-C51114.2020.00047","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00047","url":null,"abstract":"Vision is the primary way to perceive the environment during driving. However, due to its low spatial and temporal resolution, a driver may fail to perceive agents on the road, which may lead to collisions. Modern vehicles are equipped with sensors that can better perceive the driving environment, as well as ADAS to provide driving assist. However, ADAS does not consider the driver's perception, which may result in unnecessary warnings or actions against the driver's will. These false-positives may cause distractions and confusions in complex driving scenarios, which pose safety threat. In this project, we proposed a driving assist system which can reduce the number of unnecessary warnings by taking into account the driver's perception of the driving environment. The driver's perception model combines estimation of driving environment update and driver's observation. The driver's observation is obtained from gaze tracking and the driving environment update is estimated based on the last observation. In this paper, we formulated inference problem on the driver's perception, and developed a virtual driving simulator to evaluate the feasibility of the system.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129645841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00029
Xudong He
Blockchain technology has gained wide acceptance in recent years. Smart contracts facilitate the application of the blockchain technology. Smart contracts are programs running distributed environments and are thus error prone. Smart contracts often lack precise specifications and are written in high-level programming languages such as Solidity. In this paper, we present an approach to formally model and analyze smart contracts using predicate transitions nets. We use the blind auction smart contract to demonstrate our approach, which reveals some problematic implementation of some smart contract functions. We have applied predicate transition nets in modeling and analyzing all 11 smart contracts in Azure blockchain workbench. Although we cannot tell whether there is any problem in these smart contracts based on their informal descriptions and Solidity programs without designer input. Our experience has shown the applicability and suitability of predicate transition nets. We believe that our approach can help smart contract designers to detect and prevent early design problems in the current practice of using informal textual descriptions of smart contracts.
{"title":"Modeling and Analyzing Smart Contracts using Predicate Transition Nets","authors":"Xudong He","doi":"10.1109/QRS-C51114.2020.00029","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00029","url":null,"abstract":"Blockchain technology has gained wide acceptance in recent years. Smart contracts facilitate the application of the blockchain technology. Smart contracts are programs running distributed environments and are thus error prone. Smart contracts often lack precise specifications and are written in high-level programming languages such as Solidity. In this paper, we present an approach to formally model and analyze smart contracts using predicate transitions nets. We use the blind auction smart contract to demonstrate our approach, which reveals some problematic implementation of some smart contract functions. We have applied predicate transition nets in modeling and analyzing all 11 smart contracts in Azure blockchain workbench. Although we cannot tell whether there is any problem in these smart contracts based on their informal descriptions and Solidity programs without designer input. Our experience has shown the applicability and suitability of predicate transition nets. We believe that our approach can help smart contract designers to detect and prevent early design problems in the current practice of using informal textual descriptions of smart contracts.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"25 21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125764058","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00112
Jie Jian, Xiaotong Zhang, Ping-Ping Ma
This paper attempts to understand the theoretical connotation of creative computing constructively through an experimental study. In this experiment, the somatosensory game designed and developed by integrating multidisciplinary knowledge and human power can help leaners develop their intention understanding ability. The data showed that the leaners in the experimental group performed better in intention understanding tasks in the somatosensory interaction environment. The activation of motor related brain regions in mirror neurons may be the basis for understanding the experimental results. From the design and conclusion of this experiment, we constructively verify that a creative computing based method is an effective one.
{"title":"Creative Computing based Experimental Study of Somatosensory Games for Promoting Intention Understanding","authors":"Jie Jian, Xiaotong Zhang, Ping-Ping Ma","doi":"10.1109/QRS-C51114.2020.00112","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00112","url":null,"abstract":"This paper attempts to understand the theoretical connotation of creative computing constructively through an experimental study. In this experiment, the somatosensory game designed and developed by integrating multidisciplinary knowledge and human power can help leaners develop their intention understanding ability. The data showed that the leaners in the experimental group performed better in intention understanding tasks in the somatosensory interaction environment. The activation of motor related brain regions in mirror neurons may be the basis for understanding the experimental results. From the design and conclusion of this experiment, we constructively verify that a creative computing based method is an effective one.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"159 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131442560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/qrs-c51114.2020.00114
Halit Alptekin, Simge Demir, Şevval Şimşek, Cemal Yilmaz
Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in a system. Vulnerability scanners can, for example, scan a website for known vulnerabilities by running a repository of security tests, each of which is designed to reveal a known vulnerability. As the security tests need to be executed on each and every web page encountered, it may take quite a while for these scanners to report vulnerabilities. In this work, we present an approach for revealing the vulnerabilities faster by prioritizing the executions of the security tests on a per web page basis. The approach is based on a simple conjecture that “similar” web pages may possess “similar” vulnerabilities and that identifying these similarities can help prioritize the security tests. The results of the experiments we carried out by using 2927 distinct web pages (collected from 80 web sites), support our basic hypothesis; the percentages of the times the actual vulnerabilities appear in the top 8 and 15 predicted vulnerabilities were 86.9% and 98.4%, respectively.
{"title":"Towards Prioritizing Vulnerability Testing","authors":"Halit Alptekin, Simge Demir, Şevval Şimşek, Cemal Yilmaz","doi":"10.1109/qrs-c51114.2020.00114","DOIUrl":"https://doi.org/10.1109/qrs-c51114.2020.00114","url":null,"abstract":"Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in a system. Vulnerability scanners can, for example, scan a website for known vulnerabilities by running a repository of security tests, each of which is designed to reveal a known vulnerability. As the security tests need to be executed on each and every web page encountered, it may take quite a while for these scanners to report vulnerabilities. In this work, we present an approach for revealing the vulnerabilities faster by prioritizing the executions of the security tests on a per web page basis. The approach is based on a simple conjecture that “similar” web pages may possess “similar” vulnerabilities and that identifying these similarities can help prioritize the security tests. The results of the experiments we carried out by using 2927 distinct web pages (collected from 80 web sites), support our basic hypothesis; the percentages of the times the actual vulnerabilities appear in the top 8 and 15 predicted vulnerabilities were 86.9% and 98.4%, respectively.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"208 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115799301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/QRS-C51114.2020.00060
H. Tao, Yixiang Chen, Hengyang Wu
In order to make the software trustworthiness measures more rigorous, we once applied axiomatic approaches to measure software trustworthiness, and established a software trustworthiness measure based on the decomposition of attributes (STMBDA for short). For the sake of validating the effectiveness of STMBDA, in this paper we use it to assess the trustworthiness of 23 spacecraft softwares whose total code is about 300,000 lines. The validation result shows that STMBDA can effectively evaluate the trustworthiness of the spacecraft softwares and identify the weak links in the development process.
{"title":"Decomposition of Attributes Oriented Software Trustworthiness Measure Based on Axiomatic Approaches","authors":"H. Tao, Yixiang Chen, Hengyang Wu","doi":"10.1109/QRS-C51114.2020.00060","DOIUrl":"https://doi.org/10.1109/QRS-C51114.2020.00060","url":null,"abstract":"In order to make the software trustworthiness measures more rigorous, we once applied axiomatic approaches to measure software trustworthiness, and established a software trustworthiness measure based on the decomposition of attributes (STMBDA for short). For the sake of validating the effectiveness of STMBDA, in this paper we use it to assess the trustworthiness of 23 spacecraft softwares whose total code is about 300,000 lines. The validation result shows that STMBDA can effectively evaluate the trustworthiness of the spacecraft softwares and identify the weak links in the development process.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"17 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114108950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: