80 research outputs found
Querying Streaming System Monitoring Data for Enterprise System Anomaly Detection
The need for countering Advanced Persistent Threat (APT) attacks has led to
the solutions that ubiquitously monitor system activities in each enterprise
host, and perform timely abnormal system behavior detection over the stream of
monitoring data. However, existing stream-based solutions lack explicit
language constructs for expressing anomaly models that capture abnormal system
behaviors, thus facing challenges in incorporating expert knowledge to perform
timely anomaly detection over the large-scale monitoring data. To address these
limitations, we build SAQL, a novel stream-based query system that takes as
input, a real-time event feed aggregated from multiple hosts in an enterprise,
and provides an anomaly query engine that queries the event feed to identify
abnormal behaviors based on the specified anomaly models. SAQL provides a
domain-specific query language, Stream-based Anomaly Query Language (SAQL),
that uniquely integrates critical primitives for expressing major types of
anomaly models. In the demo, we aim to show the complete usage scenario of SAQL
by (1) performing an APT attack in a controlled environment, and (2) using SAQL
to detect the abnormal behaviors in real time by querying the collected stream
of system monitoring data that contains the attack traces. The audience will
have the option to interact with the system and detect the attack footprints in
real time via issuing queries and checking the query results through a
command-line UI.Comment: Accepted paper at ICDE 2020 demonstrations track. arXiv admin note:
text overlap with arXiv:1806.0933
Class Incremental Learning with Pre-trained Vision-Language Models
With the advent of large-scale pre-trained models, interest in adapting and
exploiting them for continual learning scenarios has grown.
In this paper, we propose an approach to exploiting pre-trained
vision-language models (e.g. CLIP) that enables further adaptation instead of
only using zero-shot learning of new tasks. We augment a pre-trained CLIP model
with additional layers after the Image Encoder or before the Text Encoder. We
investigate three different strategies: a Linear Adapter, a Self-attention
Adapter, each operating on the image embedding, and Prompt Tuning which instead
modifies prompts input to the CLIP text encoder. We also propose a method for
parameter retention in the adapter layers that uses a measure of parameter
importance to better maintain stability and plasticity during incremental
learning. Our experiments demonstrate that the simplest solution -- a single
Linear Adapter layer with parameter retention -- produces the best results.
Experiments on several conventional benchmarks consistently show a significant
margin of improvement over the current state-of-the-art
On the Security Risks of Knowledge Graph Reasoning
Knowledge graph reasoning (KGR) -- answering complex logical queries over
large knowledge graphs -- represents an important artificial intelligence task,
entailing a range of applications (e.g., cyber threat hunting). However,
despite its surging popularity, the potential security risks of KGR are largely
unexplored, which is concerning, given the increasing use of such capability in
security-critical domains.
This work represents a solid initial step towards bridging the striking gap.
We systematize the security threats to KGR according to the adversary's
objectives, knowledge, and attack vectors. Further, we present ROAR, a new
class of attacks that instantiate a variety of such threats. Through empirical
evaluation in representative use cases (e.g., medical decision support, cyber
threat hunting, and commonsense reasoning), we demonstrate that ROAR is highly
effective to mislead KGR to suggest pre-defined answers for target queries, yet
with negligible impact on non-target ones. Finally, we explore potential
countermeasures against ROAR, including filtering of potentially poisoning
knowledge and training with adversarially augmented queries, which leads to
several promising research directions.Comment: In proceedings of USENIX Security'23. Codes:
https://github.com/HarrialX/security-risk-KG-reasonin
Transparent Privacy Control via Static Information Flow Analysis
Abstract A common problem faced by modern mobile-device platforms is that thirdparty applications in the marketplace may leak private information without notifying users. Existing approaches adopted by these platforms provide little information on what applications will do with the private information, failing to effectively assist users in deciding whether to install applications and in controlling their privacy. To address this problem, we propose a transparent privacy control approach, where an automatic static analysis reveals to the user how private information is used inside an application. This flow information provides users with better insights, enabling them to determine when to use anonymized instead of real information, or to force script termination when scripts access private information. To further reduce the user burden in controlling privacy, our approach provides a default setting based on an extended information flow analysis that tracks whether private information is obscured before escaping through output channels. We built our approach into TouchDevelop, a novel application-creation environment that allows users to write application scripts on mobile devices, share them in a web bazaar, and install scripts published by other users. To evaluate our approach, we plan to study a portion of published scripts in order to evaluate the effectiveness and performance of information flow analysis. We also plan to carry out a user survey to evaluate the usability of our privacy control and guide our future design
- …