Search

Your search keyword '"Shouhuai Xu"' showing total 380 results
Start Over Author "Shouhuai Xu"

Refine your results

380 results on '"Shouhuai Xu"'

1. CVMan: A Framework for Clone-Incurred Vulnerability Management

Author

Jian Shi, Deqing Zou, Shouhuai Xu, and Hai Jin

Subjects
vulnerability, risk management, clone, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999
Abstract

Software clones may cause vulnerability proliferation, which highlights the importance of investigating clone-incurred vulnerabilities. In this paper, we propose a framework for automatically managing clone-incurred vulnerabilities. Two innovations of the framework are the notion of the spatial clone-relation graph, which describes clone-based relationships between software programs, and the temporal clone-relation graph, which describes the evolution of clones in software over time. As a case study, we apply the framework to analyze eight versions of Ubuntu while drawing a number of insights, such as: (i) clones are prevalent with about one-sixth of the codebase being clones; (ii) intra-program clones are often attributed to polymorphisms or functional similarities between procedures, while inter-program clones are often attributed to shared code repositories and the reuse of libraries; (iii) the clone surface of Linux remains stable at around 0.6, meaning that spatial and temporal clones in Linux account for about 60% of the codebase, while the lifetime of 53% clones spans eight versions; and (iv) the clone-incurred vulnerability surface in Linux is small, while vulnerable clones and non-vulnerable clones have similar lifetimes.

Published
2023
Full Text
View/download PDF

2. IEEE Access Special Section Editorial: Internet-of-Things Attacks and Defenses: Recent Advances and Challenges

Author

Weizhi Meng, Javier Lopez, Shouhuai Xu, Chunhua Su, and Rongxing Lu

Subjects
Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Internet of Things (IoT) technology has been widely adopted by the vast majority of businesses and is influencing every aspect of the world. However, the nature of the internet, communication means, embedded OS, and backend recourses make IoT objects vulnerable to cyber-attacks. For example, the Mirai botnet attack used the IoT to perform the DDoS attack that took down many popular websites. In addition, most standard and conventional security solutions designed for enterprise systems are not applicable to IoT devices. As a result, we are facing a big IoT security and protection challenge, and there is an urgent need to analyze current IoT-specific cyber-attacks and to design suitable and efficient security mechanisms.

Published
2021
Full Text
View/download PDF

3. Quantifying Privacy Risks for Continuous Trait Data

Author

Muqing He, Deqing Zou, Weizhong Qiang, Shouhuai Xu, Wenbo Wu, and Hai Jin

Subjects
genomic privacy, re-identification, quantitative trait locus, sensitivity, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999
Abstract

In the context of life sciences, the rapid biotechnical development leads to the creation of huge amounts of biological data. The use of such data naturally brings concerns on human genetic privacy breaches, which also discourage biological data sharing. Prior studies have investigated the possibility of the privacy issues associated with individuals’ trait data. However, there are few studies on quantitatively analyzing the probability of the privacy risk. In this paper, we fill this void by proposing a scheme for systematically breaching genomic privacy, which is centered on quantifying the probability of the privacy risk of continuous trait data. With well-designed synthetic datasets, our theoretical analysis and experiments lead to several important findings, such as: (i) The size of genetic signatures and the sensitivity (true positive rate) significantly affect the accuracy of re-identification attack. (ii) Both the size of genetic signatures and the minor allele frequency have a significant impact on distinguishing true positive and false positive matching between traits and genetic profiles. (iii) The size of the matching quantitative trait locus dataset has a large impact on the confidence of the privacy risk assessment. Validation with a real dataset shows that our findings can effectively estimate the privacy risks of the continuous trait dataset.

Published
2022
Full Text
View/download PDF

4. A deep learning framework for predicting cyber attacks rates

Author

Xing Fang, Maochao Xu, Shouhuai Xu, and Peng Zhao

Subjects
ARIMA, GARCH, RNN, Hybrid models, LSTM, Deep learning, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95
Abstract

Abstract Like how useful weather forecasting is, the capability of forecasting or predicting cyber threats can never be overestimated. Previous investigations show that cyber attack data exhibits interesting phenomena, such as long-range dependence and high nonlinearity, which impose a particular challenge on modeling and predicting cyber attack rates. Deviating from the statistical approach that is utilized in the literature, in this paper we develop a deep learning framework by utilizing the bi-directional recurrent neural networks with long short-term memory, dubbed BRNN-LSTM. Empirical study shows that BRNN-LSTM achieves a significantly higher prediction accuracy when compared with the statistical approach.

Published
2019
Full Text
View/download PDF

5. Human Cognition Through the Lens of Social Engineering Cyberattacks

Author

Rosana Montañez, Edward Golob, and Shouhuai Xu

Subjects
social engineering cyberattacks, cyberattacks, cyberdefenses, human cognition, cognitive psychology, cybersecurity, Psychology, BF1-990
Abstract

Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention, but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavor toward a new sub-field that can be called Cybersecurity Cognitive Psychology, which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.

Published
2020
Full Text
View/download PDF

6. Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study

Author

Van Trieu-Do, Richard Garcia-Lebron, Maochao Xu, Shouhuai Xu, and Yusheng Feng

Subjects
granger causality, causality, cyber attack forecasting, cyber attack rate, time series, Technology
Abstract

Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework offers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.

Published
2020
Full Text
View/download PDF

7. Efficient Public Blockchain Client for Lightweight Users

Author

Lei Xu, Lin Chen, Zhimin Gao, Shouhuai Xu, and Weidong Shi

Subjects
blockchain, lightweight client, security, Technology
Abstract

Public blockchains provide a decentralized method for storing transaction data and have many applications in different sectors. In order for users to track transactions, a simple method is to let them keep a local copy of the entire public ledger. Since the size of the ledger keeps growing, this method becomes increasingly less practical, especially for lightweight users such as IoT devices and smartphones. In order to cope with the problem, several solutions have been proposed to reduce the storage burden. However, existing solutions either achieve a limited storage reduction (e.g., simple payment verification), or rely on some strong security assumption (e.g., the use of trusted server). In this paper, we propose a new approach to solving the problem. Specifically, we propose an efficient verification protocol for public blockchains, or EPBC for short. EPBC is particularly suitable for lightweight users, who only need to store a small amount of data that is independent of the size of the blockchain. We analyze EPBC’s performance and security, and discuss its integration with existing public ledger systems. Experimental results confirm that EPBC is practical for lightweight users.

Published
2018
Full Text
View/download PDF

11. Spatiotemporal patterns and predictability of cyberattacks.

Author

Yu-Zhong Chen, Zi-Gang Huang, Shouhuai Xu, and Ying-Cheng Lai

Subjects
Medicine, Science
Abstract

A relatively unexplored issue in cybersecurity science and engineering is whether there exist intrinsic patterns of cyberattacks. Conventional wisdom favors absence of such patterns due to the overwhelming complexity of the modern cyberspace. Surprisingly, through a detailed analysis of an extensive data set that records the time-dependent frequencies of attacks over a relatively wide range of consecutive IP addresses, we successfully uncover intrinsic spatiotemporal patterns underlying cyberattacks, where the term "spatio" refers to the IP address space. In particular, we focus on analyzing macroscopic properties of the attack traffic flows and identify two main patterns with distinct spatiotemporal characteristics: deterministic and stochastic. Strikingly, there are very few sets of major attackers committing almost all the attacks, since their attack "fingerprints" and target selection scheme can be unequivocally identified according to the very limited number of unique spatiotemporal characteristics, each of which only exists on a consecutive IP region and differs significantly from the others. We utilize a number of quantitative measures, including the flux-fluctuation law, the Markov state transition probability matrix, and predictability measures, to characterize the attack patterns in a comprehensive manner. A general finding is that the attack patterns possess high degrees of predictability, potentially paving the way to anticipating and, consequently, mitigating or even preventing large-scale cyberattacks using macroscopic approaches.

Published
2015
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results