Software defect feature selection has problems of feature space dimensionality reduction and large search space.This research proposes a defect prediction feature selection framework based on improved shuffled frog le...Software defect feature selection has problems of feature space dimensionality reduction and large search space.This research proposes a defect prediction feature selection framework based on improved shuffled frog leaping algorithm(ISFLA).Using the two-level structure of the framework and the improved hybrid leapfrog algorithm's own advantages,the feature values are sorted,and some features with high correlation are selected to avoid other heuristic algorithms in the defect prediction that are easy to produce local The case where the convergence rate of the optimal or parameter optimization process is relatively slow.The framework improves generalization of predictions of unknown data samples and enhances the ability to search for features related to learning tasks.At the same time,this framework further reduces the dimension of the feature space.After the contrast simulation experiment with other common defect prediction methods,we used the actual test data set to verify the framework for multiple iterations on Internet of Things(IoT)system platform.The experimental results show that the software defect prediction feature selection framework based on ISFLA is very effective in defect prediction of IoT communication software.This framework can save the testing time of IoT communication software,effectively improve the performance of software defect prediction,and ensure the software quality.展开更多
Objective: To compare the serum contents of inflammatory mediators and oxidative stress mediators between patients with gram-positive bacteria and gram-negative bacteria infection. Methods: Patients who were diagnosed...Objective: To compare the serum contents of inflammatory mediators and oxidative stress mediators between patients with gram-positive bacteria and gram-negative bacteria infection. Methods: Patients who were diagnosed with bloodstream bacterial infection in Zigong Third People's Hospital between March 2015 and April 2017 were selected as the research subjects and divided into gram-positive group and gram-negative group according to the results of blood culture and strain identification, and serum levels of inflammatory mediators PCT, IL-1β, IL-6, sTREM-1, TNF-α, NGAL, SAA, HPT and hs-CRP as well as oxidative stress mediators MDA, AOPP, TAC, CAT and SOD were determined. Results: Serum PCT, IL-1β, IL-6, sTREM-1, TNF-α, NGAL, SAA, HPT, hs-CRP, MDA and AOPP levels of gram-negative group were greatly higher than those of gram-positive group while TAC, CAT and SOD levels were greatly lower than those of gram-positive group. Conclusion: The changes of inflammatory mediators and oxidative stress mediators in the serum of patients with gram-negative bacteria infection are more significant than those of patients with gram-positive bacteria infection.展开更多
The estrogen signaling system is a crucial regulator of metabolicandphysiologicalprocesses.However,abnormal activation of estrogen signaling may play a role in breast cancer initiation and progression.Crucial to this ...The estrogen signaling system is a crucial regulator of metabolicandphysiologicalprocesses.However,abnormal activation of estrogen signaling may play a role in breast cancer initiation and progression.Crucial to this pathway is the interaction between estrogen receptor alpha(ERa)and various co-transcription activators.1 Although numerous studies have investigated ER coregulators,the protein-protein interaction networks of ERa are not fully understood.Recent research has shown that high chromodomain helicase DNA-binding 4(CHD4)expression is linked to poor prognosis in various cancers.2,?In this study,we demonstrated that both CHD4 and ERαcontribute to breast cancer progression while providing evidence of the regulatory processes and functional interplay between these two proteins.展开更多
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw...The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.展开更多
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw...The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.展开更多
Network function virtualization provides programmable in-network middlewares by leveraging virtualization tech-nologies and commodity hardware and has gained popularity among all mainstream network device manufacturer...Network function virtualization provides programmable in-network middlewares by leveraging virtualization tech-nologies and commodity hardware and has gained popularity among all mainstream network device manufacturers.Yet it is challenging to apply coverage-guided fuzzing,one of the state-of-the-art vulnerability discovery approaches,to those virtualized network devices,due to inevitable integrity protection adopted by those devices.In this paper,we propose a coverage-guided fuzzing framework NDFuzz for virtualized network devices with a novel integrity protec-tion bypassing method,which is able to distinguish processes of virtualized network devices from hypervisors with a carefully designed non-intrusive page global directory inference technique.We implement NDFuzz atop of two black-box fuzzers and evaluate NDFuzz with three representative network protocols,SNMP,DHCP and NTP,on nine popular virtualized network devices.NDFuzz obtains an average 36%coverage improvement in comparison with its black-box counterparts.NDFuzz discovers 2 O-Day vulnerabilities and 11-Day vulnerability with coverage guidance while the black-box fuzzer can find only one of them.All discovered vulnerabilities are confirmed by corresponding vendors.展开更多
Mutation-based greybox fuzzing has been one of the most prevalent techniques for security vulnerability discovery and a great deal of research work has been proposed to improve both its efficiency and effectiveness.Mu...Mutation-based greybox fuzzing has been one of the most prevalent techniques for security vulnerability discovery and a great deal of research work has been proposed to improve both its efficiency and effectiveness.Mutation-based greybox fuzzing generates input cases by mutating the input seed,i.e.,applying a sequence of mutation operators to randomly selected mutation positions of the seed.However,existing fruitful research work focuses on scheduling mutation operators,leaving the schedule of mutation positions as an overlooked aspect of fuzzing efficiency.This paper proposes a novel greybox fuzzing method,PosFuzz,that statistically schedules mutation positions based on their historical performance.PosFuzz makes use of a concept of effective position distribution to represent the semantics of the input and to guide the mutations.PosFuzz first utilizes Good-Turing frequency estimation to calculate an effective position distribution for each mutation operator.It then leverages two sampling methods in different mutating stages to select the positions from the distribution.We have implemented PosFuzz on top of AFL,AFLFast and MOPT,called Pos-AFL,-AFLFast and-MOPT respectively,and evaluated them on the UNIFUZZ benchmark(20 widely used open source programs)and LAVA-M dataset.The result shows that,under the same testing time budget,the Pos-AFL,-AFLFast and-MOPT outperform their counterparts in code coverage and vulnerability discovery ability.Compared with AFL,AFLFast,and MOPT,PosFuzz gets 21%more edge coverage and finds 133%more paths on average.It also triggers 275%more unique bugs on average.展开更多
Codes of Open Source Software(OSS)are widely reused during software development nowadays.However,reusing some specific versions of OSS introduces 1-day vulnerabilities of which details are publicly available,which may...Codes of Open Source Software(OSS)are widely reused during software development nowadays.However,reusing some specific versions of OSS introduces 1-day vulnerabilities of which details are publicly available,which may be exploited and lead to serious security issues.Existing state-of-the-art OSS reuse detection work can not identify the specific versions of reused OSS well.The features they selected are not distinguishable enough for version detection and the matching scores are only based on similarity.This paper presents B2SMatcher,a fine-grained version identification tool for OSS in commercial off-the-shelf(COTS)software.We first discuss five kinds of version-sensitive code features that are trackable in both binary and source code.We categorize these features into program-level features and function-level features and propose a two-stage version identification approach based on the two levels of code features.B2SMatcher also identifies different types of OSS version reuse based on matching scores and matched feature instances.In order to extract source code features as accurately as possible,B2SMatcher innovatively uses machine learning methods to obtain the source files involved in the compilation and uses function abstraction and normalization methods to eliminate the comparison costs on redundant functions across versions.We have evaluated B2SMatcher using 6351 candidate OSS versions and 585 binaries.The result shows that B2SMatcher achieves a high precision up to 89.2%and outperforms state-of-the-art tools.Finally,we show how B2SMatcher can be used to evaluate real-world software and find some security risks in practice.展开更多
SOHO(small office/home office)routers provide services for end devices to connect to the Internet,playing an important role in cyberspace.Unfortunately,security vulnerabilities pervasively exist in these routers,espec...SOHO(small office/home office)routers provide services for end devices to connect to the Internet,playing an important role in cyberspace.Unfortunately,security vulnerabilities pervasively exist in these routers,especially in the web server modules,greatly endangering end users.To discover these vulnerabilities,fuzzing web server modules of SOHO routers is the most popular solution.However,its effectiveness is limited due to the lack of input specification,lack of routers’internal running states,and lack of testing environment recovery mechanisms.Moreover,existing works for device fuzzing are more likely to detect memory corruption vulnerabilities.In this paper,we propose a solution ESRFuzzer to address these issues.It is a fully automated fuzzing framework for testing physical SOHO devices.It continuously and effectively generates test cases by leveraging two input semantic models,i.e.,KEY-VALUE data model and CONF-READ communication model,and automatically recovers the testing environment with power management.It also coordinates diversified mutation rules with multiple monitoring mechanisms to trigger multi-type vulnerabilities.With the guidance of the two semantic models,ESRFuzzer can work in two ways:general mode fuzzing and D-CONF mode fuzzing.General mode fuzzing can discover both issues which occur in the CONF and READ operation,while D-CONF mode fuzzing focus on the READ-op issues especially missed by general mode fuzzing.We ran ESRFuzzer on 10 popular routers across five vendors.In total,it discovered 136 unique issues,120 of which have been confirmed as 0-day vulnerabilities we found.As an improvement of SRFuzzer,ESRFuzzer have discovered 35 previous undiscovered READ-op issues that belong to three vulnerability types,and 23 of them have been confirmed as 0-day vulnerabilities by vendors.The experimental results show that ESRFuzzer outperforms state-of-the-art solutions in terms of types and number of vulnerabilities found.展开更多
基金This work was supported by Liaoning Natural Fund Guidance Plan Project(No.20180550021)Dalian Science and Technology Star Project(No.2017RQ021)2019 Qingdao Binhai University-level Science and Technology Plan Research Project(No.2019KY09).
文摘Software defect feature selection has problems of feature space dimensionality reduction and large search space.This research proposes a defect prediction feature selection framework based on improved shuffled frog leaping algorithm(ISFLA).Using the two-level structure of the framework and the improved hybrid leapfrog algorithm's own advantages,the feature values are sorted,and some features with high correlation are selected to avoid other heuristic algorithms in the defect prediction that are easy to produce local The case where the convergence rate of the optimal or parameter optimization process is relatively slow.The framework improves generalization of predictions of unknown data samples and enhances the ability to search for features related to learning tasks.At the same time,this framework further reduces the dimension of the feature space.After the contrast simulation experiment with other common defect prediction methods,we used the actual test data set to verify the framework for multiple iterations on Internet of Things(IoT)system platform.The experimental results show that the software defect prediction feature selection framework based on ISFLA is very effective in defect prediction of IoT communication software.This framework can save the testing time of IoT communication software,effectively improve the performance of software defect prediction,and ensure the software quality.
文摘Objective: To compare the serum contents of inflammatory mediators and oxidative stress mediators between patients with gram-positive bacteria and gram-negative bacteria infection. Methods: Patients who were diagnosed with bloodstream bacterial infection in Zigong Third People's Hospital between March 2015 and April 2017 were selected as the research subjects and divided into gram-positive group and gram-negative group according to the results of blood culture and strain identification, and serum levels of inflammatory mediators PCT, IL-1β, IL-6, sTREM-1, TNF-α, NGAL, SAA, HPT and hs-CRP as well as oxidative stress mediators MDA, AOPP, TAC, CAT and SOD were determined. Results: Serum PCT, IL-1β, IL-6, sTREM-1, TNF-α, NGAL, SAA, HPT, hs-CRP, MDA and AOPP levels of gram-negative group were greatly higher than those of gram-positive group while TAC, CAT and SOD levels were greatly lower than those of gram-positive group. Conclusion: The changes of inflammatory mediators and oxidative stress mediators in the serum of patients with gram-negative bacteria infection are more significant than those of patients with gram-positive bacteria infection.
基金We thank Professor Wei Cheng(Dalian Medical University)for generously offering T47D,MCF7,ZR-75-1,and SK-BR-3 breast cancer cells and Professor WeiGuo Zhu(Peking University Health Science Center)for providing the full-length human Flag-CHD4,GFP-CHD4,and GST-CHD4 plasmids.
文摘The estrogen signaling system is a crucial regulator of metabolicandphysiologicalprocesses.However,abnormal activation of estrogen signaling may play a role in breast cancer initiation and progression.Crucial to this pathway is the interaction between estrogen receptor alpha(ERa)and various co-transcription activators.1 Although numerous studies have investigated ER coregulators,the protein-protein interaction networks of ERa are not fully understood.Recent research has shown that high chromodomain helicase DNA-binding 4(CHD4)expression is linked to poor prognosis in various cancers.2,?In this study,we demonstrated that both CHD4 and ERαcontribute to breast cancer progression while providing evidence of the regulatory processes and functional interplay between these two proteins.
基金This research was supported in part by the National Natural Science Foundation of China(Grant No.61802394,U1836209)Foundation of Science and Technology on Information Assurance Laboratory(No.KJ-17-110)+1 种基金National Key Research and Development Program of China(2016QY071405)Strategic Priority Research Program of the CAS(XDC02040100,XDC02030200,XDC02020200).
文摘The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.
基金supported in part by the National Natural Science Foundation of China(Grant No.61802394,U1836209)Foundation of Science and Technology on Information Assurance Laboratory(No.KJ-17-110)+1 种基金National Key Research and Development Program of China(2016QY071405)Strategic Priority Research Program of the CAS(XDC02040100,XDC02030200,XDC02020200).
文摘The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.
基金This work is supported in part by Chinese National Natural Science Foundation(61802394,U1836209,62032010)Strategic Priority Research Program of theCAS(XDC02040100)。
文摘Network function virtualization provides programmable in-network middlewares by leveraging virtualization tech-nologies and commodity hardware and has gained popularity among all mainstream network device manufacturers.Yet it is challenging to apply coverage-guided fuzzing,one of the state-of-the-art vulnerability discovery approaches,to those virtualized network devices,due to inevitable integrity protection adopted by those devices.In this paper,we propose a coverage-guided fuzzing framework NDFuzz for virtualized network devices with a novel integrity protec-tion bypassing method,which is able to distinguish processes of virtualized network devices from hypervisors with a carefully designed non-intrusive page global directory inference technique.We implement NDFuzz atop of two black-box fuzzers and evaluate NDFuzz with three representative network protocols,SNMP,DHCP and NTP,on nine popular virtualized network devices.NDFuzz obtains an average 36%coverage improvement in comparison with its black-box counterparts.NDFuzz discovers 2 O-Day vulnerabilities and 11-Day vulnerability with coverage guidance while the black-box fuzzer can find only one of them.All discovered vulnerabilities are confirmed by corresponding vendors.
基金This research was supported by National Key R&D Program of China(2022YFB3103900)National Natural Science Foundation of China(62032010,62202462)Strategic Priority Research Program of the CAS(XDC02030200).
文摘Mutation-based greybox fuzzing has been one of the most prevalent techniques for security vulnerability discovery and a great deal of research work has been proposed to improve both its efficiency and effectiveness.Mutation-based greybox fuzzing generates input cases by mutating the input seed,i.e.,applying a sequence of mutation operators to randomly selected mutation positions of the seed.However,existing fruitful research work focuses on scheduling mutation operators,leaving the schedule of mutation positions as an overlooked aspect of fuzzing efficiency.This paper proposes a novel greybox fuzzing method,PosFuzz,that statistically schedules mutation positions based on their historical performance.PosFuzz makes use of a concept of effective position distribution to represent the semantics of the input and to guide the mutations.PosFuzz first utilizes Good-Turing frequency estimation to calculate an effective position distribution for each mutation operator.It then leverages two sampling methods in different mutating stages to select the positions from the distribution.We have implemented PosFuzz on top of AFL,AFLFast and MOPT,called Pos-AFL,-AFLFast and-MOPT respectively,and evaluated them on the UNIFUZZ benchmark(20 widely used open source programs)and LAVA-M dataset.The result shows that,under the same testing time budget,the Pos-AFL,-AFLFast and-MOPT outperform their counterparts in code coverage and vulnerability discovery ability.Compared with AFL,AFLFast,and MOPT,PosFuzz gets 21%more edge coverage and finds 133%more paths on average.It also triggers 275%more unique bugs on average.
基金the National Natural Science Foundation of China(Grant No.61802394,U1836209)Key Program of the National Natural Science Foundation of China(Grant No.62032010).
文摘Codes of Open Source Software(OSS)are widely reused during software development nowadays.However,reusing some specific versions of OSS introduces 1-day vulnerabilities of which details are publicly available,which may be exploited and lead to serious security issues.Existing state-of-the-art OSS reuse detection work can not identify the specific versions of reused OSS well.The features they selected are not distinguishable enough for version detection and the matching scores are only based on similarity.This paper presents B2SMatcher,a fine-grained version identification tool for OSS in commercial off-the-shelf(COTS)software.We first discuss five kinds of version-sensitive code features that are trackable in both binary and source code.We categorize these features into program-level features and function-level features and propose a two-stage version identification approach based on the two levels of code features.B2SMatcher also identifies different types of OSS version reuse based on matching scores and matched feature instances.In order to extract source code features as accurately as possible,B2SMatcher innovatively uses machine learning methods to obtain the source files involved in the compilation and uses function abstraction and normalization methods to eliminate the comparison costs on redundant functions across versions.We have evaluated B2SMatcher using 6351 candidate OSS versions and 585 binaries.The result shows that B2SMatcher achieves a high precision up to 89.2%and outperforms state-of-the-art tools.Finally,we show how B2SMatcher can be used to evaluate real-world software and find some security risks in practice.
基金Chinese National Natural Science Foundation(61802394,U1836209,62032010)National Key Research and Development Program of China(2016QY071405)+2 种基金Strategic Priority Research Program of the CAS(XDC02040100,XDC02030200,XDC02020200)Program No.2017-JCJQ-ZD-043-01BNRist Network and Software Security Research Program(BNR2019TD01004,BNR2019RC01-009).
文摘SOHO(small office/home office)routers provide services for end devices to connect to the Internet,playing an important role in cyberspace.Unfortunately,security vulnerabilities pervasively exist in these routers,especially in the web server modules,greatly endangering end users.To discover these vulnerabilities,fuzzing web server modules of SOHO routers is the most popular solution.However,its effectiveness is limited due to the lack of input specification,lack of routers’internal running states,and lack of testing environment recovery mechanisms.Moreover,existing works for device fuzzing are more likely to detect memory corruption vulnerabilities.In this paper,we propose a solution ESRFuzzer to address these issues.It is a fully automated fuzzing framework for testing physical SOHO devices.It continuously and effectively generates test cases by leveraging two input semantic models,i.e.,KEY-VALUE data model and CONF-READ communication model,and automatically recovers the testing environment with power management.It also coordinates diversified mutation rules with multiple monitoring mechanisms to trigger multi-type vulnerabilities.With the guidance of the two semantic models,ESRFuzzer can work in two ways:general mode fuzzing and D-CONF mode fuzzing.General mode fuzzing can discover both issues which occur in the CONF and READ operation,while D-CONF mode fuzzing focus on the READ-op issues especially missed by general mode fuzzing.We ran ESRFuzzer on 10 popular routers across five vendors.In total,it discovered 136 unique issues,120 of which have been confirmed as 0-day vulnerabilities we found.As an improvement of SRFuzzer,ESRFuzzer have discovered 35 previous undiscovered READ-op issues that belong to three vulnerability types,and 23 of them have been confirmed as 0-day vulnerabilities by vendors.The experimental results show that ESRFuzzer outperforms state-of-the-art solutions in terms of types and number of vulnerabilities found.
