The powdery mildew(Erysiphe necator)is a prevalent pathogen hampering grapevine growth in the vineyard.An arsenal of candidate secreted effector proteins(CSEPs)was encoded in the E.necator genome,but it is largely unc...The powdery mildew(Erysiphe necator)is a prevalent pathogen hampering grapevine growth in the vineyard.An arsenal of candidate secreted effector proteins(CSEPs)was encoded in the E.necator genome,but it is largely unclear what role CSEPs plays during the E.necator infection.In the present study,we identified a secreted effector CSEP080 of E.necator,which was located in plant chloroplasts and plasma membrane.Transient expressing CSEP080 promotes plant photosynthesis and inhibits INF1-induced cell death in tobacco leaves.We found that CSEP080 was a necessary effector for the E.necator pathogenicity,which interacted with grapevine chloroplast protein VviB6f(cytochrome b6-f complex iron–sulfur subunit),affecting plant photosynthesis.Transient silencing VviB6f increased the plant hydrogen peroxide production,and the plant resistance to powdery mildew.In addition,CSEP080 manipulated the VviPE(pectinesterase)to promote pectin degradation.Our results demonstrated the molecular mechanisms that an effector of E.necator translocates to host chloroplasts and plasma membrane,which suppresses with the grapevine immunity system by targeting the chloroplast protein VviB6f to suppress hydrogen peroxide accumulation and manipulating VviPE to promote pectin degradation.展开更多
In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions t...In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.展开更多
Energy is often partitioned into heat and work by two independent paths corresponding to the change in the eigenenergies or the probability distributions of a quantum system. The discrepancies of the heat and work for...Energy is often partitioned into heat and work by two independent paths corresponding to the change in the eigenenergies or the probability distributions of a quantum system. The discrepancies of the heat and work for various quantum thermodynamic processes have not been well characterized in literature. Here we show how the work in quantum machines is differentially related to the isochoric, isothermal, and adiabatic processes. We prove that the energy exchanges during the quantum isochoric and isothermal processes are simply depending on the change in the eigenenergies or the probability distributions. However, for a time-dependent system in a non-adiabatic quantum evolution, the transitions between the different quantum states representing the quantum coherence can affect the essential thermodynamic properties, and thus the general definitions of the heat and work should be clarified with respect to the microscopic generic time-dependent system. By integrating the coherence effects in the exactly-solvable dynamics of quantum-spin precession, the internal energy is rigorously transferred as the work in the thermodynamic adiabatic process. The present study demonstrates that the quantum adiabatic process is sufficient but not necessary for the thermodynamic adiabatic process.展开更多
Software an important way to vulnerability mining is detect whether there are some loopholes existing in the software, and also is an important way to ensure the secu- rity of information systems. With the rapid devel...Software an important way to vulnerability mining is detect whether there are some loopholes existing in the software, and also is an important way to ensure the secu- rity of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively de- tect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the common- ly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of eval- uation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Final- ly, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testingframework, with the results showing that the final test results will serve as a form of guid- ance to aid the selection of the most appropri- ate and effective method or tools in vulnera- bility detection activity.展开更多
Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source...Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective.展开更多
The growing popularity and application of Web services have led to increased attention regarding the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness and reduces th...The growing popularity and application of Web services have led to increased attention regarding the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness and reduces the security risks of software systems. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on Simple Object Access Protocol (SOAP) messages. Based on characteristics of SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The corresponding automatic test case generation algorithm, namely, the Test Case generation based on the Farthest Neighbor (TCFN), is also presented. The method involves partitioning the input domain into sub-domains according to the number and type of SOAP message parameters in the TCFN, selecting the candidate test case whose distance is the farthest from all executed test cases, and applying it to test the Web service. We also implement and describe a prototype Web service vulnerability testing tool. The tool was applied to the testing of Web services on the Internet. The experimental results show that the proposed approach can find more vulnerability faults than other related approaches.展开更多
Cross-project software defect prediction solves the problem of insufficient training data for traditional defect prediction,and overcomes the challenge of applying models learned from multiple different source project...Cross-project software defect prediction solves the problem of insufficient training data for traditional defect prediction,and overcomes the challenge of applying models learned from multiple different source projects to target project.At the same time,two new problems emerge:(1)too many irrelevant and redundant features in the model training process will affect the training efficiency and thus decrease the prediction accuracy of the model;(2)the distribution of metric values will vary greatly from project to project due to the development environment and other factors,resulting in lower prediction accuracy when the model achieves cross-project prediction.In the proposed method,the Pearson feature selection method is introduced to address data redundancy,and the metric compensation based transfer learning technique is used to address the problem of large differences in data distribution between the source project and target project.In this paper,we propose a software defect prediction method with metric compensation based on feature selection and transfer learning.The experimental results show that the model constructed with this method achieves better results on area under the receiver operating characteristic curve(AUC)value and F1-measure metric.展开更多
Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keywor...Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.展开更多
基金supported by the National Natural Science Foundation of China(Grant No.31972986,32272670)the Key Research and Development Program of Shaanxi province(2023-YBNY-059).
文摘The powdery mildew(Erysiphe necator)is a prevalent pathogen hampering grapevine growth in the vineyard.An arsenal of candidate secreted effector proteins(CSEPs)was encoded in the E.necator genome,but it is largely unclear what role CSEPs plays during the E.necator infection.In the present study,we identified a secreted effector CSEP080 of E.necator,which was located in plant chloroplasts and plasma membrane.Transient expressing CSEP080 promotes plant photosynthesis and inhibits INF1-induced cell death in tobacco leaves.We found that CSEP080 was a necessary effector for the E.necator pathogenicity,which interacted with grapevine chloroplast protein VviB6f(cytochrome b6-f complex iron–sulfur subunit),affecting plant photosynthesis.Transient silencing VviB6f increased the plant hydrogen peroxide production,and the plant resistance to powdery mildew.In addition,CSEP080 manipulated the VviPE(pectinesterase)to promote pectin degradation.Our results demonstrated the molecular mechanisms that an effector of E.necator translocates to host chloroplasts and plasma membrane,which suppresses with the grapevine immunity system by targeting the chloroplast protein VviB6f to suppress hydrogen peroxide accumulation and manipulating VviPE to promote pectin degradation.
基金supported by National Natural Science Foundation of China (NSFC grant number:61202110,61401180 and 61502205)the Postdoctoral Science Foundation of China (Grant number:2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province(KYLX15_1079 and KYLX16_0900)
文摘In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.
基金supported by the National Natural Science Foundation of China(Grant Nos.11421063,11534002,and 51776178)the National Key Basic Research Program of China(Grant Nos.2012CB922104 and 2014CB921403)
文摘Energy is often partitioned into heat and work by two independent paths corresponding to the change in the eigenenergies or the probability distributions of a quantum system. The discrepancies of the heat and work for various quantum thermodynamic processes have not been well characterized in literature. Here we show how the work in quantum machines is differentially related to the isochoric, isothermal, and adiabatic processes. We prove that the energy exchanges during the quantum isochoric and isothermal processes are simply depending on the change in the eigenenergies or the probability distributions. However, for a time-dependent system in a non-adiabatic quantum evolution, the transitions between the different quantum states representing the quantum coherence can affect the essential thermodynamic properties, and thus the general definitions of the heat and work should be clarified with respect to the microscopic generic time-dependent system. By integrating the coherence effects in the exactly-solvable dynamics of quantum-spin precession, the internal energy is rigorously transferred as the work in the thermodynamic adiabatic process. The present study demonstrates that the quantum adiabatic process is sufficient but not necessary for the thermodynamic adiabatic process.
基金partly supported by National Natural Science Foundation of China (NSFC grant numbers: 61202110 and 61502205)the project of Jiangsu provincial Six Talent Peaks (Grant numbers: XYDXXJS-016)
文摘Software an important way to vulnerability mining is detect whether there are some loopholes existing in the software, and also is an important way to ensure the secu- rity of information systems. With the rapid development of information technology and software industry, most of the software has not been rigorously tested before being put in use, so that the hidden vulnerabilities in software will be exploited by the attackers. Therefore, it is of great significance for us to actively de- tect the software vulnerabilities in the security maintenance of information systems. In this paper, we firstly studied some of the common- ly used vulnerability detection methods and detection tools, and analyzed the advantages and disadvantages of each method in different scenarios. Secondly, we designed a set of eval- uation criteria for different mining methods in the loopholes evaluation. Thirdly, we also proposed and designed an integration testing framework, on which we can test the typical static analysis methods and dynamic mining methods as well as make the comparison, so that we can obtain an intuitive comparative analysis for the experimental results. Final- ly, we reported the experimental analysis to verify the feasibility and effectiveness of the proposed evaluation method and the testingframework, with the results showing that the final test results will serve as a form of guid- ance to aid the selection of the most appropri- ate and effective method or tools in vulnera- bility detection activity.
基金funded by the National Natural Science Foundation of China(Nos.U1836116 and 61872167)the Project of Jiangsu Provincial Six Talent Peaks(No.XYDXXJS-016)the Graduate Research Innovation Project of Jiangsu Province(No.KYCX171807)。
文摘Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective.
基金supported by the National Natural Science Foundation of China (Nos. 61202110 and 61063013)the Natural Science Foundation of Jiangsu Province (No. BK2012284)
文摘The growing popularity and application of Web services have led to increased attention regarding the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness and reduces the security risks of software systems. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on Simple Object Access Protocol (SOAP) messages. Based on characteristics of SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The corresponding automatic test case generation algorithm, namely, the Test Case generation based on the Farthest Neighbor (TCFN), is also presented. The method involves partitioning the input domain into sub-domains according to the number and type of SOAP message parameters in the TCFN, selecting the candidate test case whose distance is the farthest from all executed test cases, and applying it to test the Web service. We also implement and describe a prototype Web service vulnerability testing tool. The tool was applied to the testing of Web services on the Internet. The experimental results show that the proposed approach can find more vulnerability faults than other related approaches.
基金Project supported by the National Natural Science Foundation of China(Nos.62172194 and U1836116)the National Key R&D Program of China(No.2020YFB1005500)+3 种基金the Leadingedge Technology Program of Jiangsu Provincial Natural Science Foundation,China(No.BK20202001)the China Postdoctoral Science Foundation(No.2021M691310)the Postdoctoral Science Foundation of Jiangsu Province,China(No.2021K636C)the Future Network Scientific Research Fund Project,China(No.FNSRFP-2021-YB-50)。
文摘Cross-project software defect prediction solves the problem of insufficient training data for traditional defect prediction,and overcomes the challenge of applying models learned from multiple different source projects to target project.At the same time,two new problems emerge:(1)too many irrelevant and redundant features in the model training process will affect the training efficiency and thus decrease the prediction accuracy of the model;(2)the distribution of metric values will vary greatly from project to project due to the development environment and other factors,resulting in lower prediction accuracy when the model achieves cross-project prediction.In the proposed method,the Pearson feature selection method is introduced to address data redundancy,and the metric compensation based transfer learning technique is used to address the problem of large differences in data distribution between the source project and target project.In this paper,we propose a software defect prediction method with metric compensation based on feature selection and transfer learning.The experimental results show that the model constructed with this method achieves better results on area under the receiver operating characteristic curve(AUC)value and F1-measure metric.
基金supported by the National Natural Science Foundation of China (Nos.61202110 and 61502205)the Postdoctoral Science Foundation of China (Nos.2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province (No.KYLX15 1079)
文摘Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.