Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.00-11
Fang Liu, E. Eugenio, Ick-Hoon Jin, C. Bowen
Many social networks contain sensitive relational information. One approach to protect the sensitive relational information while offering flexibility for social network research and analysis is to release synthetic social networks at a pre-specified privacy risk level, given the original observed network. We propose the DP-ERGM procedure that synthesizes networks that satisfy the differential privacy (DP) via the exponential random graph model (EGRM). We apply DP-ERGM to a college student friendship network and compare its original network information preservation in the generated private networks with two other approaches: differentially private DyadWise Randomized Response (DWRR) and Sanitization of the Conditional probability of Edge given Attribute classes (SCEA). The results suggest that DP-EGRM preserves the original information significantly better than DWRR and SCEA in both network statistics and inferences from ERGMs and latent space models. In addition, DP-ERGM satisfies the node DP, a stronger notion of privacy than the edge DP that DWRR and SCEA satisfy.
{"title":"Differentially Private Generation of Social Networks via Exponential Random Graph Models","authors":"Fang Liu, E. Eugenio, Ick-Hoon Jin, C. Bowen","doi":"10.1109/COMPSAC48688.2020.00-11","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.00-11","url":null,"abstract":"Many social networks contain sensitive relational information. One approach to protect the sensitive relational information while offering flexibility for social network research and analysis is to release synthetic social networks at a pre-specified privacy risk level, given the original observed network. We propose the DP-ERGM procedure that synthesizes networks that satisfy the differential privacy (DP) via the exponential random graph model (EGRM). We apply DP-ERGM to a college student friendship network and compare its original network information preservation in the generated private networks with two other approaches: differentially private DyadWise Randomized Response (DWRR) and Sanitization of the Conditional probability of Edge given Attribute classes (SCEA). The results suggest that DP-EGRM preserves the original information significantly better than DWRR and SCEA in both network statistics and inferences from ERGMs and latent space models. In addition, DP-ERGM satisfies the node DP, a stronger notion of privacy than the edge DP that DWRR and SCEA satisfy.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124133924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.00-94
A. Gálvez, A. Iglesias, E. Osaba, J. Ser
This paper presents a new artificial intelligence-based method to address the following problem: given an initial digital image (source image), and a modification of the image (mod image) obtained from the source through a color map and visual attributes assumed to be unknown, determine suitable values for color map and contrast such that, when applied to the mod image, a similar image to the source is obtained. This problem has several applications in the fields of image restoration and cleaning. Our approach is based on the application of a powerful swarm intelligence method called bat algorithm. The method is tested on an illustrative example of the digital image of a famous oil painting. The experimental results show that the method performs very well, with a similarity error rate between the source and the reconstructed images of only 8.37%.
{"title":"Bat Algorithm Method for Automatic Determination of Color and Contrast of Modified Digital Images","authors":"A. Gálvez, A. Iglesias, E. Osaba, J. Ser","doi":"10.1109/COMPSAC48688.2020.00-94","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.00-94","url":null,"abstract":"This paper presents a new artificial intelligence-based method to address the following problem: given an initial digital image (source image), and a modification of the image (mod image) obtained from the source through a color map and visual attributes assumed to be unknown, determine suitable values for color map and contrast such that, when applied to the mod image, a similar image to the source is obtained. This problem has several applications in the fields of image restoration and cleaning. Our approach is based on the application of a powerful swarm intelligence method called bat algorithm. The method is tested on an illustrative example of the digital image of a famous oil painting. The experimental results show that the method performs very well, with a similarity error rate between the source and the reconstructed images of only 8.37%.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129122997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.00011
Md. Delwar Hossain, Hiroyuki Inoue, H. Ochiai, Doudou Fall, Y. Kadobayashi
The Controller Area Network (CAN) bus system works inside connected cars as a central system for communication between electronic control units (ECUs). Despite its central importance, the CAN does not support an authentication mechanism, i.e., CAN messages are broadcast without basic security features. As a result, it is easy for attackers to launch attacks at the CAN bus network system. Attackers can compromise the CAN bus system in several ways: denial of service, fuzzing, spoofing, etc. It is imperative to devise methodologies to protect modern cars against the aforementioned attacks. In this paper, we propose a Long Short-Term Memory (LSTM)-based Intrusion Detection System (IDS) to detect and mitigate the CAN bus network attacks. We first inject attacks at the CAN bus system in a car that we have at our disposal to generate the attack dataset, which we use to test and train our model. Our results demonstrate that our classifier is efficient in detecting the CAN attacks. We achieved a detection accuracy of 99.9949%.
{"title":"Long Short-Term Memory-Based Intrusion Detection System for In-Vehicle Controller Area Network Bus","authors":"Md. Delwar Hossain, Hiroyuki Inoue, H. Ochiai, Doudou Fall, Y. Kadobayashi","doi":"10.1109/COMPSAC48688.2020.00011","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.00011","url":null,"abstract":"The Controller Area Network (CAN) bus system works inside connected cars as a central system for communication between electronic control units (ECUs). Despite its central importance, the CAN does not support an authentication mechanism, i.e., CAN messages are broadcast without basic security features. As a result, it is easy for attackers to launch attacks at the CAN bus network system. Attackers can compromise the CAN bus system in several ways: denial of service, fuzzing, spoofing, etc. It is imperative to devise methodologies to protect modern cars against the aforementioned attacks. In this paper, we propose a Long Short-Term Memory (LSTM)-based Intrusion Detection System (IDS) to detect and mitigate the CAN bus network attacks. We first inject attacks at the CAN bus system in a car that we have at our disposal to generate the attack dataset, which we use to test and train our model. Our results demonstrate that our classifier is efficient in detecting the CAN attacks. We achieved a detection accuracy of 99.9949%.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"194 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116785685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.00043
Hirofumi Tsuruta, Ryosuke Matsumoto
To respond to various requests from users, web service infrastructure must change system configurations quickly and flexibly without making users aware of the system configuration. However, because SSH used as a secure remote connection service to a server must send a connection request by specifying the IP address or hostname of the server, the SSH client must know the changed information when the IP address or hostname is changed. To overcome this difficulty, a method exists by which a client tool such as gcloud command obtains the IP address or hostname of the destination server based on unique label information of each server. However, this method requires restrictions and changes to the tools used by the client side. Another method is to use a proxy server, such as SSH Piper, to obtain the IP address or hostname of the destination server based on the SSH username. In existing SSH proxy servers, the source code must be changed directly to change the proxy server behavior. As described herein, we propose an SSH proxy server which can follow system changes using hook functions that can be incorporated by system administrators without requiring restrictions or changes to the clients. The proposed method has high extensibility for system changes because the proxy server behavior can be changed easily merely by modifying the hook function to be incorporated. Furthermore, using the proposed method confirmed that the overhead of establishing an SSH session is about 20 ms, which is a short time during which the SSH client does not feel a delay when logging into the server with SSH.
{"title":"sshr: An SSH Proxy Server Responsive to System Changes without Forcing Clients to Change","authors":"Hirofumi Tsuruta, Ryosuke Matsumoto","doi":"10.1109/COMPSAC48688.2020.00043","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.00043","url":null,"abstract":"To respond to various requests from users, web service infrastructure must change system configurations quickly and flexibly without making users aware of the system configuration. However, because SSH used as a secure remote connection service to a server must send a connection request by specifying the IP address or hostname of the server, the SSH client must know the changed information when the IP address or hostname is changed. To overcome this difficulty, a method exists by which a client tool such as gcloud command obtains the IP address or hostname of the destination server based on unique label information of each server. However, this method requires restrictions and changes to the tools used by the client side. Another method is to use a proxy server, such as SSH Piper, to obtain the IP address or hostname of the destination server based on the SSH username. In existing SSH proxy servers, the source code must be changed directly to change the proxy server behavior. As described herein, we propose an SSH proxy server which can follow system changes using hook functions that can be incorporated by system administrators without requiring restrictions or changes to the clients. The proposed method has high extensibility for system changes because the proxy server behavior can be changed easily merely by modifying the hook function to be incorporated. Furthermore, using the proposed method confirmed that the overhead of establishing an SSH session is about 20 ms, which is a short time during which the SSH client does not feel a delay when logging into the server with SSH.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131066358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.00-77
You Liang, A. Thavaneswaran, Zimo Zhu, R. Thulasiram, Md. Erfanul Hoque
Regularization methods allow data scientists and risk managers to enhance the predictive power of a statistical model and improve the quality of risk forecasts. Financial risk forecasting is about forecasting volatility, Value at Risk (VaR), expected shortfall (ES) and model risk ratio. While regularized estimates have been shown to perform well in model selection and parameter estimation, their applications in financial risk forecasting has not yet been studied. In this paper, regularized adaptive forecasts and computationally efficient forecasting algorithms for volatility, VaR, ES and model risk are studied using various regularization methods such as ridge, lasso and elastic net. Sample sign correlation of standardized log returns (standardized by volatility forecasts) is used to identify the conditional distribution of the log returns series and provide regularized interval forecasts as well as regularized probability forecasts. Superiority of the regularized risk forecasts is demonstrated using different volatility models including a recently proposed generalized data-driven volatility model in [8]. Validation of the regularized risk forecasts using real financial data is given. Regularized probabilistic forecasts for stationary time series models are also discussed in some detail.
{"title":"Data-Driven Adaptive Regularized Risk Forecasting","authors":"You Liang, A. Thavaneswaran, Zimo Zhu, R. Thulasiram, Md. Erfanul Hoque","doi":"10.1109/COMPSAC48688.2020.00-77","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.00-77","url":null,"abstract":"Regularization methods allow data scientists and risk managers to enhance the predictive power of a statistical model and improve the quality of risk forecasts. Financial risk forecasting is about forecasting volatility, Value at Risk (VaR), expected shortfall (ES) and model risk ratio. While regularized estimates have been shown to perform well in model selection and parameter estimation, their applications in financial risk forecasting has not yet been studied. In this paper, regularized adaptive forecasts and computationally efficient forecasting algorithms for volatility, VaR, ES and model risk are studied using various regularization methods such as ridge, lasso and elastic net. Sample sign correlation of standardized log returns (standardized by volatility forecasts) is used to identify the conditional distribution of the log returns series and provide regularized interval forecasts as well as regularized probability forecasts. Superiority of the regularized risk forecasts is demonstrated using different volatility models including a recently proposed generalized data-driven volatility model in [8]. Validation of the regularized risk forecasts using real financial data is given. Regularized probabilistic forecasts for stationary time series models are also discussed in some detail.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"443 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132932544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.0-210
Na Li, R. Murugesan, Lin Li, Hao Zheng
In the era of digital communities, a massive volume of data is created from people's online activities on a daily basis. Such data is sometimes shared with third-parties for commercial benefits, which has caused people's concerns about privacy disclosure. Privacy preserving technologies have been developed to protect people's sensitive information in data publishing. However, due to the availability of data from other sources, e.g., blogging, it is still possible to de-anonymize users even from anonymized data sets. This paper presents the design and implementation of an Interactive De-Anonymization Learning system—IDEAL. The system can help students learn about de-anonymization through engaging hands-on activities, such as tuning different parameters to evaluate their impact on the accuracy of de-anonymization, and observing the affect of data anonymization on de-anonymization. A pilot lab session to evaluate the system was conducted among thirty-five students at Prairie View A&M University and the feedback was very positive.
{"title":"IDEAL: An Interactive De-Anonymization Learning System","authors":"Na Li, R. Murugesan, Lin Li, Hao Zheng","doi":"10.1109/COMPSAC48688.2020.0-210","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.0-210","url":null,"abstract":"In the era of digital communities, a massive volume of data is created from people's online activities on a daily basis. Such data is sometimes shared with third-parties for commercial benefits, which has caused people's concerns about privacy disclosure. Privacy preserving technologies have been developed to protect people's sensitive information in data publishing. However, due to the availability of data from other sources, e.g., blogging, it is still possible to de-anonymize users even from anonymized data sets. This paper presents the design and implementation of an Interactive De-Anonymization Learning system—IDEAL. The system can help students learn about de-anonymization through engaging hands-on activities, such as tuning different parameters to evaluate their impact on the accuracy of de-anonymization, and observing the affect of data anonymization on de-anonymization. A pilot lab session to evaluate the system was conducted among thirty-five students at Prairie View A&M University and the feedback was very positive.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133493100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.0-111
H. Washizaki, Junzo Hagimoto, Kazuo Hamai, Mitsunori Seki, Takeshi Inoue, Shinya Taniguchi, Hiroshi Kobayashi, Kenji Hiranabe, E. Hanyuda
Successful digital transformation (DX) requires not only technology, but also an understanding of the importance of business agility. In addition, without careful traceability, software engineering projects can be not based on business and social values. To address these issues, we categorize useful methods, practices, and models in software development and operations that make connections and traceability from business ideas incorporating business agility to software products, services, and user experiences. Then we propose a typical value-driven process stemming from business and social perspectives as new software engineering necessary for the DX era.
{"title":"Value Driven Process Towards Software Engineering for Business and Society (SE4BS)","authors":"H. Washizaki, Junzo Hagimoto, Kazuo Hamai, Mitsunori Seki, Takeshi Inoue, Shinya Taniguchi, Hiroshi Kobayashi, Kenji Hiranabe, E. Hanyuda","doi":"10.1109/COMPSAC48688.2020.0-111","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.0-111","url":null,"abstract":"Successful digital transformation (DX) requires not only technology, but also an understanding of the importance of business agility. In addition, without careful traceability, software engineering projects can be not based on business and social values. To address these issues, we categorize useful methods, practices, and models in software development and operations that make connections and traceability from business ideas incorporating business agility to software products, services, and user experiences. Then we propose a typical value-driven process stemming from business and social perspectives as new software engineering necessary for the DX era.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123939095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.00020
M. Andreozzi, Frances Conboy, G. Stea, Raffaele Zippo
Computing Systems are evolving towards more complex, hetero-geneous systems where multiple computing cores and accelera-tors on the same system concur to improve computing resources utilization, resources re-use and the efficiency of data sharing across workloads. Such complex systems require equally complex tools and models to design and engineer them so that their use-case requirements can be satisfied. Adaptive Traffic Profiles (ATP) introduce a fast prototyping technology, which allows one to model the dynamic memory behavior of computer system de-vices when executing their workloads. ATP defines a standard file format and comes with an open source transaction generator engine written in C++. Both ATP files and the engine are porta-ble and pluggable to different host platforms, to allow workloads to be assessed with various models at different levels of abstraction. We present here the ATP technology developed at Arm and published in [5]. We present a case-study involving the usage of ATP, namely the analysis of the worst-case latency at a DRAM controller, which is assessed via two separate toolchains, both using traffic modelling encoded in ATP.
{"title":"Heterogeneous Systems Modelling with Adaptive Traffic Profiles and Its Application to Worst-Case Analysis of a DRAM Controller","authors":"M. Andreozzi, Frances Conboy, G. Stea, Raffaele Zippo","doi":"10.1109/COMPSAC48688.2020.00020","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.00020","url":null,"abstract":"Computing Systems are evolving towards more complex, hetero-geneous systems where multiple computing cores and accelera-tors on the same system concur to improve computing resources utilization, resources re-use and the efficiency of data sharing across workloads. Such complex systems require equally complex tools and models to design and engineer them so that their use-case requirements can be satisfied. Adaptive Traffic Profiles (ATP) introduce a fast prototyping technology, which allows one to model the dynamic memory behavior of computer system de-vices when executing their workloads. ATP defines a standard file format and comes with an open source transaction generator engine written in C++. Both ATP files and the engine are porta-ble and pluggable to different host platforms, to allow workloads to be assessed with various models at different levels of abstraction. We present here the ATP technology developed at Arm and published in [5]. We present a case-study involving the usage of ATP, namely the analysis of the worst-case latency at a DRAM controller, which is assessed via two separate toolchains, both using traffic modelling encoded in ATP.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127663601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.0-150
Qiwei Song, Xianglong Kong, Lulu Wang, Bixin Li
Comments are beneficial for developers to understand and maintain the code in software development life cycle. Well-commented code can generally help developers to resolve issues efficiently. Due to the complexity of code implementation, code comments may be generated to represent different types of information. And it is hard to keep all the code well-commented in real-world projects. In this case, it is meaningful to investigate how the different types of comments impact the resolution of issues. Then we can maintain the code comments purposefully, and we can also provide some suggestions for the comment generation techniques. To analyze the efforts of different comments on issue resolution, we classify code comments into two categories, i.e., functionality-aspect and non-functionality-aspect comments. In this paper, we analyze the effects of 53k pieces of code comments on the issues from 10 open-source projects within a period of 24 months. The results show that the majority of code comments are used to represent the functionality, e.g., the summary and purpose of code. Nevertheless, the other non-functionality-aspect comments have much stronger correlation with the resolution of software issues. For the resolved patches, the non-functionality-aspect comments are more frequently to be updated or added than the functionality-aspect comments. These findings confirm the important role of non-functionality-aspect comments during issue resolution, although their proportion is far less than that of functionality-aspect comments.
{"title":"An Empirical Investigation into the Effects of Code Comments on Issue Resolution","authors":"Qiwei Song, Xianglong Kong, Lulu Wang, Bixin Li","doi":"10.1109/COMPSAC48688.2020.0-150","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.0-150","url":null,"abstract":"Comments are beneficial for developers to understand and maintain the code in software development life cycle. Well-commented code can generally help developers to resolve issues efficiently. Due to the complexity of code implementation, code comments may be generated to represent different types of information. And it is hard to keep all the code well-commented in real-world projects. In this case, it is meaningful to investigate how the different types of comments impact the resolution of issues. Then we can maintain the code comments purposefully, and we can also provide some suggestions for the comment generation techniques. To analyze the efforts of different comments on issue resolution, we classify code comments into two categories, i.e., functionality-aspect and non-functionality-aspect comments. In this paper, we analyze the effects of 53k pieces of code comments on the issues from 10 open-source projects within a period of 24 months. The results show that the majority of code comments are used to represent the functionality, e.g., the summary and purpose of code. Nevertheless, the other non-functionality-aspect comments have much stronger correlation with the resolution of software issues. For the resolved patches, the non-functionality-aspect comments are more frequently to be updated or added than the functionality-aspect comments. These findings confirm the important role of non-functionality-aspect comments during issue resolution, although their proportion is far less than that of functionality-aspect comments.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127850242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.1109/COMPSAC48688.2020.0-163
Mordechai Guri
Air-gapped networks are isolated from the Internet, since they store and process sensitive information. It has been shown that attackers can exfiltrate data from air-gapped networks by sending acoustic signals generated by computer speakers, however this type of covert channel relies on the existence of loudspeakers in the air-gapped environment. In this paper, we present CD-LEAK - a novel acoustic covert channel that works in constrained environments where loudspeakers are not available to the attacker. Malware installed on a compromised computer can maliciously generate acoustic signals via the optical CD/DVD drives. Binary information can then be modulated over the acoustic signals and be picked up by a nearby Internet connected receiver (e.g., a workstation, hidden microphone, smartphone, laptop, etc.). We examine CD/DVD drives and discuss their acoustical characteristics. We also present signal generation and detection, and data modulation and demodulation algorithms. Based on our proposed method, we developed a transmitter and receiver for PCs and smartphones, and provide the design and implementation details. We examine the channel and evaluate it on various optical drives. We also provide a set of countermeasures against this threat - which has been overlooked.
{"title":"CD-LEAK: Leaking Secrets from Audioless Air-Gapped Computers Using Covert Acoustic Signals from CD/DVD Drives","authors":"Mordechai Guri","doi":"10.1109/COMPSAC48688.2020.0-163","DOIUrl":"https://doi.org/10.1109/COMPSAC48688.2020.0-163","url":null,"abstract":"Air-gapped networks are isolated from the Internet, since they store and process sensitive information. It has been shown that attackers can exfiltrate data from air-gapped networks by sending acoustic signals generated by computer speakers, however this type of covert channel relies on the existence of loudspeakers in the air-gapped environment. In this paper, we present CD-LEAK - a novel acoustic covert channel that works in constrained environments where loudspeakers are not available to the attacker. Malware installed on a compromised computer can maliciously generate acoustic signals via the optical CD/DVD drives. Binary information can then be modulated over the acoustic signals and be picked up by a nearby Internet connected receiver (e.g., a workstation, hidden microphone, smartphone, laptop, etc.). We examine CD/DVD drives and discuss their acoustical characteristics. We also present signal generation and detection, and data modulation and demodulation algorithms. Based on our proposed method, we developed a transmitter and receiver for PCs and smartphones, and provide the design and implementation details. We examine the channel and evaluate it on various optical drives. We also provide a set of countermeasures against this threat - which has been overlooked.","PeriodicalId":430098,"journal":{"name":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128842462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: