While deep learning has shown a great potential in various domains, the lack of transparency limited its application security or safety-critical areas. Existing research attempted to develop explanation techniques provide interpretable explanations for each classification decision. Unfortunately, current methods are optimized non-security tasks ( e.g., image analysis). Their key assumptions often violated applications, leading poor fidelity. In this paper, we propose LEMNA, high-fidelity...

A software system interacts with third-party libraries through various APIs. Using these library APIs often needs tofollow certain usage patterns. Furthermore, ordering rules (specifications) exist between APIs, and govern the secure robust operation of using But patterns may not be well documented by API developers. Previous approaches mine frequent association rules, itemsets, or subsequences that capture call shared client code. However, cannot completely some useful orderings especially...

Address space randomization is an emerging and promising method for stopping a broad range of memory corruption attacks. By randomly shifting critical regions at process initialization time, address converts otherwise successful malicious attack into benign crash. However, existing approaches either introduce insufficient randomness, or require source code modification. While randomness allows brute-force attacks, as shown in recent studies, the required modification prevents this effective...

Most malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these by protecting program control data. We have constructed a new class of that can network applications without tampering with any These non-control data represent challenge security. In this paper, we propose an architectural technique both and based on the notion pointer taintedness. A is said be tainted if user input used as value. attack detected...

An approach to represent a stochastic process by the combination of finite harmonic functions is proposed. The conditions that should be satisfied make sure power spectral density function identical target are firstly studied. Then, two kinds functions, which distribution amplitudes and random frequencies different, discussed. probabilistic characteristics including asymptotic distribution, one-dimensional probability function, rate approaching etc., studied in detail theoretical treatment...

Hybrid testing combines fuzz and concolic execution. It leverages to test easy-to-reach code regions uses execution explore blocks guarded by complex branch conditions. As a result, hybrid is able reach deeper into program state space than or alone. Recently, has seen significant advancement. However, its coverage-centric design inefficient in vulnerability detection. First, it blindly selects seeds for aims new continuously. as statistics show, large portion of the explored often bug-free....

Moving Target Defense techniques have been proposed to increase uncertainty and apparent complexity for attackers. When more than one are effective limit opportunities of an attack, it is required compare these select the best defense choice. In this paper, we propose a three-layer model evaluate effectiveness different Defenses. This designed as attempt fill gap among existing evaluation methods works systematic framework comparison.

Disassembly of binary code is hard, but necessary for improving the security software. Over past few decades, research in disassembly has produced many tools and frameworks, which have been made available to researchers professionals. These employ a variety strategies that grant them different characteristics. The lack systematization, however, impedes new area makes selecting right tool as we do not understand strengths weaknesses existing tools. In this paper, systematize through study...

Cyber attacks against networked computers have become relentless in recent years. The most common attack method is to exploit memory corruption vulnerabilities such as buffer overflow and format string bugs. This paper presents a technique automatically identify both known unknown vulnerabilities. Based on the observation that randomized program usually crashes upon attack, this uses crash trigger initiate an automatic diagnosis algorithm. output of includes instruction tricked corrupt data,...

Self-propagating computer worms have been terrorizing the Internet for last several years. With increasing density, inter-connectivity and bandwidth of combined with security measures that inadequately scale, will continue to plague community. Existing anti-virus intrusion detection systems are clearly inadequate defend against many recent fast-spreading worms. In this paper we explore an active counter-attack method - anti-worms. We propose a transforms malicious worm into anti-worm which...

With the development of satellite communication, number satellites in space continuously increases. However, available spectrum resources are scarce. To address scarcity, sharing between different communication systems is a promising option. In this paper, novel cognitive network with geostationary earth orbit (GEO) and low (LEO) broadband studied downlink case. First, we present general interference analysis model simplify it by transforming spatial dimension into time according to motion....