21,406 research outputs found
Recommended from our members
A comparative survey of integrated learning systems
This paper presents the duction framework for unifying the three basic forms of inference - deduction, abduction, and induction - by specifying the possible relationships and influences among them in the context of integrated learning. Special assumptive forms of inference are defined that extend the use of these inference methods, and the properties of these forms are explored. A comparison to a related inference-based learning frame work is made. Finally several existing integrated learning programs are examined in the perspective of the duction framework
Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems
Voice Processing Systems (VPSes), now widely deployed, have been made
significantly more accurate through the application of recent advances in
machine learning. However, adversarial machine learning has similarly advanced
and has been used to demonstrate that VPSes are vulnerable to the injection of
hidden commands - audio obscured by noise that is correctly recognized by a VPS
but not by human beings. Such attacks, though, are often highly dependent on
white-box knowledge of a specific machine learning model and limited to
specific microphones and speakers, making their use across different acoustic
hardware platforms (and thus their practicality) limited. In this paper, we
break these dependencies and make hidden command attacks more practical through
model-agnostic (blackbox) attacks, which exploit knowledge of the signal
processing algorithms commonly used by VPSes to generate the data fed into
machine learning systems. Specifically, we exploit the fact that multiple
source audio samples have similar feature vectors when transformed by acoustic
feature extraction algorithms (e.g., FFTs). We develop four classes of
perturbations that create unintelligible audio and test them against 12 machine
learning models, including 7 proprietary models (e.g., Google Speech API, Bing
Speech API, IBM Speech API, Azure Speaker API, etc), and demonstrate successful
attacks against all targets. Moreover, we successfully use our maliciously
generated audio samples in multiple hardware configurations, demonstrating
effectiveness across both models and real systems. In so doing, we demonstrate
that domain-specific knowledge of audio signal processing represents a
practical means of generating successful hidden voice command attacks
FuzzTheREST - Intelligent Automated Blackbox RESTful API Fuzzer
In recent years, the pervasive influence of technology has deeply intertwined with human life, impacting diverse fields. This relationship has evolved into a dependency, with software systems playing a pivotal role, necessitating a high level of trust. Today, a substantial portion of software is accessed through Application Programming Interfaces, particularly web APIs, which predominantly adhere to the Representational State Transfer architecture. However, this architectural choice introduces a wide range of potential vulnerabilities, which are available and accessible at a network level. The significance of Software testing becomes evident when considering the widespread use of software in various daily tasks that impact personal safety and security, making the identification and assessment of faulty software of paramount importance. In this thesis, FuzzTheREST, a black-box RESTful API fuzzy testing framework, is introduced with the primary aim of addressing the challenges associated with understanding the context of each system under test and conducting comprehensive automated testing using diverse inputs. Operating from a black-box perspective, this fuzzer leverages Reinforcement Learning to efficiently uncover vulnerabilities in RESTful APIs by optimizing input values and combinations, relying on mutation methods for input exploration. The system's value is further enhanced through the provision of a thoroughly documented vulnerability discovery process for the user. This proposal stands out for its emphasis on explainability and the application of RL to learn the context of each API, thus eliminating the necessity for source code knowledge and expediting the testing process. The developed solution adheres rigorously to software engineering best practices and incorporates a novel Reinforcement Learning algorithm, comprising a customized environment for API Fuzzy Testing and a Multi-table Q-Learning Agent. The quality and applicability of the tool developed are also assessed, relying on the results achieved on two case studies, involving the Petstore API and an Emotion Detection module which was part of the CyberFactory#1 European research project. The results demonstrate the tool's effectiveness in discovering vulnerabilities, having found 7 different vulnerabilities and the agents' ability to learn different API contexts relying on API responses while maintaining reasonable code coverage levels.Ultimamente, a influência da tecnologia espalhou-se pela vida humana de uma forma abrangente, afetando uma grande diversidade dos seus aspetos. Com a evolução tecnológica esta acabou por se tornar uma dependência. Os sistemas de software começam assim a desempenhar um papel crucial, o que em contrapartida obriga a um elevado grau de confiança. Atualmente, uma parte substancial do software é implementada em formato de Web APIs, que na sua maioria seguem a arquitetura de transferência de estado representacional. No entanto, esta introduz uma série vulnerabilidade. A importância dos testes de software torna-se evidente quando consideramos o amplo uso de software em várias tarefas diárias que afetam a segurança, elevando ainda mais a importância da identificação e mitigação de falhas de software. Nesta tese é apresentado o FuzzTheREST, uma framework de teste fuzzy de APIs RESTful num modelo caixa preta, com o objetivo principal de abordar os desafios relacionados com a compreensão do contexto de cada sistema sob teste e a realização de testes automatizados usando uma variedade de possíveis valores. Este fuzzer utiliza aprendizagem por reforço de forma a compreender o contexto da API que está sob teste de forma a guiar a geração de valores de teste, recorrendo a métodos de mutação, para descobrir vulnerabilidades nas mesmas. Todo o processo desempenhado pelo sistema é devidamente documentado para que o utilizador possa tomar ações mediante os resultados obtidos. Esta explicabilidade e aplicação de inteligência artificial para aprender o contexto de cada API, eliminando a necessidade de analisar código fonte e acelerando o processo de testagem, enaltece e distingue a solução proposta de outras. A solução desenvolvida adere estritamente às melhores práticas de engenharia de software e inclui um novo algoritmo de aprendizagem por reforço, que compreende um ambiente personalizado para testagem Fuzzy de APIs e um Agente de QLearning com múltiplas Q-tables. A qualidade e aplicabilidade da ferramenta desenvolvida também são avaliadas com base nos resultados obtidos em dois casos de estudo, que envolvem a conhecida API Petstore e um módulo de Deteção de Emoções que fez parte do projeto de investigação europeu CyberFactory#1. Os resultados demonstram a eficácia da ferramenta na descoberta de vulnerabilidades, tendo identificado 7 vulnerabilidades distintas, e a capacidade dos agentes em aprender diferentes contextos de API com base nas respostas da mesma, mantendo níveis de cobertura aceitáveis
Automated Game Design Learning
While general game playing is an active field of research, the learning of
game design has tended to be either a secondary goal of such research or it has
been solely the domain of humans. We propose a field of research, Automated
Game Design Learning (AGDL), with the direct purpose of learning game designs
directly through interaction with games in the mode that most people experience
games: via play. We detail existing work that touches the edges of this field,
describe current successful projects in AGDL and the theoretical foundations
that enable them, point to promising applications enabled by AGDL, and discuss
next steps for this exciting area of study. The key moves of AGDL are to use
game programs as the ultimate source of truth about their own design, and to
make these design properties available to other systems and avenues of inquiry.Comment: 8 pages, 2 figures. Accepted for CIG 201
Recommended from our members
Toward Autonomous Verification Systems
Design verification has been a challenging problem due to the increasing complexity of modern system-on-chip (SoC) designs and it is considered one of the costliest processes in hardware design flow. This dissertation investigates a major labor-intensive task, generating tests to hit a given coverage point, in simulation-based verification, and proposes an autonomous software system capable of completing the task. A key feature of the proposed system is its learning capability -- it can learn from examples provided by human engineers to improve itself. There are three major components in the proposed system: test generation, a knowledge database, and rule learning algorithms. The proposed system is able to retrieve information from the database, use the information to analyze simulation results, and generate new tests based on the analysis. Several machine learning techniques are used in the proposed system. For test generation, a novel method, constrained process discovery, is used to learn a test case generation model from manually developed tests. The test case generation model can create new tests and increase its test generation capability by learning from tests developed by humans. For creating a knowledge database, text mining methods are used to extract important design features from design documents. Experiments showed that the extracted signals can be utilized as observation points to infer important hardware events. Last, a novel rule learning method, VeSC-CoL, is proposed to analyze simulation results. VeSC-CoL can handle extremely imbalanced data, which is common in verification, while traditional rule learning methods cannot
Dimensional Reduction Analysis for Constellation-Based DNA Fingerprinting to Improve Industrial IoT Wireless Security
The Industrial Internet of Things (IIoT) market is skyrocketing towards 100 billion deployed devices and cybersecurity remains a top priority. This includes security of ZigBee communication devices that are widely used in industrial control system applications. IIoT device security is addressed using Constellation-Based Distinct Native Attribute (CB-DNA) Fingerprinting to augment conventional bit-level security mechanisms. This work expands upon recent CB-DNA “discovery” activity by identifying reduced dimensional fingerprints that increase the computational efficiency and effectiveness of device discrimination methods. The methods considered include Multiple Discriminant Analysis (MDA) and Random Forest (RndF) classification. RndF deficiencies in classification and post-classification feature selection are highlighted and addressed using a pre-classification feature selection method based on a Wilcoxon Rank Sum (WRS) test. Feature down-selection based on WRS testing proves to very reliable, with reduced feature subsets yielding cross-device discrimination performance consistent with full-dimensional feature sets, while being more computationally efficient
- …