314 research outputs found
Illuminati: Towards Explaining Graph Neural Networks for Cybersecurity Analysis
Graph neural networks (GNNs) have been utilized to create multi-layer graph
models for a number of cybersecurity applications from fraud detection to
software vulnerability analysis. Unfortunately, like traditional neural
networks, GNNs also suffer from a lack of transparency, that is, it is
challenging to interpret the model predictions. Prior works focused on specific
factor explanations for a GNN model. In this work, we have designed and
implemented Illuminati, a comprehensive and accurate explanation framework for
cybersecurity applications using GNN models. Given a graph and a pre-trained
GNN model, Illuminati is able to identify the important nodes, edges, and
attributes that are contributing to the prediction while requiring no prior
knowledge of GNN models. We evaluate Illuminati in two cybersecurity
applications, i.e., code vulnerability detection and smart contract
vulnerability detection. The experiments show that Illuminati achieves more
accurate explanation results than state-of-the-art methods, specifically, 87.6%
of subgraphs identified by Illuminati are able to retain their original
prediction, an improvement of 10.3% over others at 77.3%. Furthermore, the
explanation of Illuminati can be easily understood by the domain experts,
suggesting the significant usefulness for the development of cybersecurity
applications.Comment: EuroS&P 202
Grapy-ML: Graph Pyramid Mutual Learning for Cross-dataset Human Parsing
Human parsing, or human body part semantic segmentation, has been an active
research topic due to its wide potential applications. In this paper, we
propose a novel GRAph PYramid Mutual Learning (Grapy-ML) method to address the
cross-dataset human parsing problem, where the annotations are at different
granularities. Starting from the prior knowledge of the human body hierarchical
structure, we devise a graph pyramid module (GPM) by stacking three levels of
graph structures from coarse granularity to fine granularity subsequently. At
each level, GPM utilizes the self-attention mechanism to model the correlations
between context nodes. Then, it adopts a top-down mechanism to progressively
refine the hierarchical features through all the levels. GPM also enables
efficient mutual learning. Specifically, the network weights of the first two
levels are shared to exchange the learned coarse-granularity information across
different datasets. By making use of the multi-granularity labels, Grapy-ML
learns a more discriminative feature representation and achieves
state-of-the-art performance, which is demonstrated by extensive experiments on
the three popular benchmarks, e.g. CIHP dataset. The source code is publicly
available at https://github.com/Charleshhy/Grapy-ML.Comment: Accepted as an oral paper in AAAI2020. 9 pages, 4 figures.
https://www.aaai.org/Papers/AAAI/2020GB/AAAI-HeH.2317.pd
Progressive One-shot Human Parsing
Prior human parsing models are limited to parsing humans into classes
pre-defined in the training data, which is not flexible to generalize to unseen
classes, e.g., new clothing in fashion analysis. In this paper, we propose a
new problem named one-shot human parsing (OSHP) that requires to parse human
into an open set of reference classes defined by any single reference example.
During training, only base classes defined in the training set are exposed,
which can overlap with part of reference classes. In this paper, we devise a
novel Progressive One-shot Parsing network (POPNet) to address two critical
challenges , i.e., testing bias and small sizes. POPNet consists of two
collaborative metric learning modules named Attention Guidance Module and
Nearest Centroid Module, which can learn representative prototypes for base
classes and quickly transfer the ability to unseen classes during testing,
thereby reducing testing bias. Moreover, POPNet adopts a progressive human
parsing framework that can incorporate the learned knowledge of parent classes
at the coarse granularity to help recognize the descendant classes at the fine
granularity, thereby handling the small sizes issue. Experiments on the ATR-OS
benchmark tailored for OSHP demonstrate POPNet outperforms other representative
one-shot segmentation models by large margins and establishes a strong
baseline. Source code can be found at
https://github.com/Charleshhy/One-shot-Human-Parsing.Comment: Accepted in AAAI 2021. 9 pages, 4 figure
A General Static Binary Rewriting Framework for WebAssembly
Binary rewriting is a widely adopted technique in software analysis.
WebAssembly (Wasm), as an emerging bytecode format, has attracted great
attention from our community. Unfortunately, there is no general-purpose binary
rewriting framework for Wasm, and existing effort on Wasm binary modification
is error-prone and tedious. In this paper, we present BREWasm, the first
general purpose static binary rewriting framework for Wasm, which has addressed
inherent challenges of Wasm rewriting including high complicated binary
structure, strict static syntax verification, and coupling among sections. We
perform extensive evaluation on diverse Wasm applications to show the
efficiency, correctness and effectiveness of BREWasm. We further show the
promising direction of implementing a diverse set of binary rewriting tasks
based on BREWasm in an effortless and user-friendly manner
Label-Free Multivariate Time Series Anomaly Detection
Anomaly detection in multivariate time series (MTS) has been widely studied
in one-class classification (OCC) setting. The training samples in OCC are
assumed to be normal, which is difficult to guarantee in practical situations.
Such a case may degrade the performance of OCC-based anomaly detection methods
which fit the training distribution as the normal distribution. In this paper,
we propose MTGFlow, an unsupervised anomaly detection approach for MTS anomaly
detection via dynamic Graph and entity-aware normalizing Flow. MTGFlow first
estimates the density of the entire training samples and then identifies
anomalous instances based on the density of the test samples within the fitted
distribution. This relies on a widely accepted assumption that anomalous
instances exhibit more sparse densities than normal ones, with no reliance on
the clean training dataset. However, it is intractable to directly estimate the
density due to complex dependencies among entities and their diverse inherent
characteristics. To mitigate this, we utilize the graph structure learning
model to learn interdependent and evolving relations among entities, which
effectively captures complex and accurate distribution patterns of MTS. In
addition, our approach incorporates the unique characteristics of individual
entities by employing an entity-aware normalizing flow. This enables us to
represent each entity as a parameterized normal distribution. Furthermore,
considering that some entities present similar characteristics, we propose a
cluster strategy that capitalizes on the commonalities of entities with similar
characteristics, resulting in more precise and detailed density estimation. We
refer to this cluster-aware extension as MTGFlow_cluster. Extensive experiments
are conducted on six widely used benchmark datasets, in which MTGFlow and
MTGFlow cluster demonstrate their superior detection performance.Comment: arXiv admin note: substantial text overlap with arXiv:2208.0210
Knowledge Restore and Transfer for Multi-label Class-Incremental Learning
Current class-incremental learning research mainly focuses on single-label
classification tasks while multi-label class-incremental learning (MLCIL) with
more practical application scenarios is rarely studied. Although there have
been many anti-forgetting methods to solve the problem of catastrophic
forgetting in class-incremental learning, these methods have difficulty in
solving the MLCIL problem due to label absence and information dilution. In
this paper, we propose a knowledge restore and transfer (KRT) framework for
MLCIL, which includes a dynamic pseudo-label (DPL) module to restore the old
class knowledge and an incremental cross-attention(ICA) module to save
session-specific knowledge and transfer old class knowledge to the new model
sufficiently. Besides, we propose a token loss to jointly optimize the
incremental cross-attention module. Experimental results on MS-COCO and PASCAL
VOC datasets demonstrate the effectiveness of our method for improving
recognition performance and mitigating forgetting on multi-label
class-incremental learning tasks
- ā¦