Visible to the public Biblio

Filters: Keyword is evaluation  [Clear All Filters]
Zhang, Yunxiang, Rao, Zhuyi.  2020.  Research on Information Security Evaluation Based on Artificial Neural Network. 2020 3rd International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE). :424–428.

In order to improve the information security ability of the network information platform, the information security evaluation method is proposed based on artificial neural network. Based on the comprehensive analysis of the security events in the construction of the network information platform, the risk assessment model of the network information platform is constructed based on the artificial neural network theory. The weight calculation algorithm of artificial neural network and the minimum artificial neural network pruning algorithm are also given, which can realize the quantitative evaluation of network information security. The fuzzy neural network weighted control method is used to control the information security, and the non-recursive traversal method is adopted to realize the adaptive training of information security assessment process. The adaptive learning of the artificial neural network is carried out according to the conditions, and the ability of information encryption and transmission is improved. The information security assessment is realized. The simulation results show that the method is accurate and ensures the information security.

Li, H., Xie, R., Kong, X., Wang, L., Li, B..  2020.  An Analysis of Utility for API Recommendation: Do the Matched Results Have the Same Efforts? 2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS). :479—488.

The current evaluation of API recommendation systems mainly focuses on correctness, which is calculated through matching results with ground-truth APIs. However, this measurement may be affected if there exist more than one APIs in a result. In practice, some APIs are used to implement basic functionalities (e.g., print and log generation). These APIs can be invoked everywhere, and they may contribute less than functionally related APIs to the given requirements in recommendation. To study the impacts of correct-but-useless APIs, we use utility to measure them. Our study is conducted on more than 5,000 matched results generated by two specification-based API recommendation techniques. The results show that the matched APIs are heavily overlapped, 10% APIs compose more than 80% matched results. The selected 10% APIs are all correct, but few of them are used to implement the required functionality. We further propose a heuristic approach to measure the utility and conduct an online evaluation with 15 developers. Their reports confirm that the matched results with higher utility score usually have more efforts on programming than the lower ones.

Mitra, Joydeep, Ranganath, Venkatesh-Prasad, Narkar, Aditya.  2019.  BenchPress: Analyzing Android App Vulnerability Benchmark Suites. 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW). :13—18.
In recent years, various benchmark suites have been developed to evaluate the efficacy of Android security analysis tools. Tool developers often choose such suites based on the availability and popularity of suites and not on their characteristics and relevance due to the lack of information about them. In this context, based on a recent effort, we empirically evaluated four Android-specific benchmark suites: DroidBench, Ghera, ICCBench, and UBCBench. For each benchmark suite, we identified the APIs used by the suite that were discussed on Stack Overflow in the context of Android app development and measured the usage of these APIs in a sample of 227K real-world apps (coverage). We also identified security-related APIs used in real-world apps but not in any of the above benchmark suites to assess the opportunities to extend benchmark suites (gaps).
Razaque, Abdul, Frej, Mohamed Ben Haj, Yiming, Huang, Shilin, Yan.  2019.  Analytical Evaluation of k–Anonymity Algorithm and Epsilon-Differential Privacy Mechanism in Cloud Computing Environment. 2019 IEEE Cloud Summit. :103—109.

Expected and unexpected risks in cloud computing, which included data security, data segregation, and the lack of control and knowledge, have led to some dilemmas in several fields. Among all of these dilemmas, the privacy problem is even more paramount, which has largely constrained the prevalence and development of cloud computing. There are several privacy protection algorithms proposed nowadays, which generally include two categories, Anonymity algorithm, and differential privacy mechanism. Since many types of research have already focused on the efficiency of the algorithms, few of them emphasized the different orientation and demerits between the two algorithms. Motivated by this emerging research challenge, we have conducted a comprehensive survey on the two popular privacy protection algorithms, namely K-Anonymity Algorithm and Differential Privacy Algorithm. Based on their principles, implementations, and algorithm orientations, we have done the evaluations of these two algorithms. Several expectations and comparisons are also conducted based on the current cloud computing privacy environment and its future requirements.

Wang, Dongqi, Shuai, Xuanyue, Hu, Xueqiong, Zhu, Li.  2019.  Research on Computer Network Security Evaluation Method Based on Levenberg-Marquardt Algorithms. 2019 International Conference on Communications, Information System and Computer Engineering (CISCE). :399—402.
As we all know, computer network security evaluation is an important link in the field of network security. Traditional computer network security evaluation methods use BP neural network combined with network security standards to train and simulate. However, because BP neural network is easy to fall into local minimum point in the training process, the evalu-ation results are often inaccurate. In this paper, the LM (Levenberg-Marquard) algorithm is used to optimize the BP neural network. The LM-BP algorithm is constructed and applied to the computer network security evaluation. The results show that compared with the traditional evaluation algorithm, the optimized neural network has the advantages of fast running speed and accurate evaluation results.
Guan, Chengli, Yang, Yue.  2019.  Research of Computer Network Security Evaluation Based on Backpropagation Neural Network. 2019 IEEE International Conference on Power, Intelligent Computing and Systems (ICPICS). :181—184.
In recent years, due to the invasion of virus and loopholes, computer networks in colleges and universities have caused great adverse effects on schools, teachers and students. In order to improve the accuracy of computer network security evaluation, Back Propagation (BP) neural network was trained and built. The evaluation index and target expectations have been determined based on the expert system, with 15 secondary evaluation index values taken as input layer parameters, and the computer network security evaluation level values taken as output layer parameter. All data were divided into learning sample sets and forecasting sample sets. The results showed that the designed BP neural network exhibited a fast convergence speed and the system error was 0.000999654. Furthermore, the predictive values of the network were in good agreement with the experimental results, and the correlation coefficient was 0.98723. These results indicated that the network had an excellent training accuracy and generalization ability, which effectively reflected the performance of the system for the computer network security evaluation.
Hasan, Jasim, Zeki, Ahmed M., Alharam, Aysha, Al-Mashhur, Nuha.  2019.  Evaluation of SQL Injection Prevention Methods. 2019 8th International Conference on Modeling Simulation and Applied Optimization (ICMSAO). :1–6.
In the last few years, the usage and dependency on web applications and websites has significantly increased across a number of different areas such as online banking, shopping, financial transactions etc. amongst the several other areas. This has even directly multiplied the threat of SQL injection issue. A number of past studies have suggested that SQL injection should be handled as effectively as possible in order to avoid long term threats and dangers. This paper in specific attempts to discuss and evaluate some of the main SQL injection prevention methods.
Tucker, Scot.  2018.  Engineering Trust: A Graph-Based Algorithm for Modeling, Validating, and Evaluating Trust. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1–9.
Trust is an important topic in today's interconnected world. Breaches of trust in today's systems has had profound effects upon us all, and they are very difficult and costly to fix especially when caused by flaws in the system's architecture. Trust modeling can expose these types of issues, but modeling trust in complex multi-tiered system architectures can be very difficult. Often experts have differing views of trust and how it applies to systems within their domain. This work presents a graph-based modeling methodology that normalizes the application of trust across disparate system domains allowing the modeling of complex intersystem trust relationships. An algorithm is proposed that applies graph theory to model, validate and evaluate trust in system architectures. Also, it provides the means to apply metrics to compare and prioritize the effectiveness of trust management in system and component architectures. The results produced by the algorithm can be used in conjunction with systems engineering processes to ensure both trust and the efficient use of resources.
Kelly, Daniel M., Wellons, Christopher C., Coffman, Joel, Gearhart, Andrew S..  2019.  Automatically Validating the Effectiveness of Software Diversity Schemes. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S). :1–2.
Software diversity promises to invert the current balance of power in cybersecurity by preventing exploit reuse. Nevertheless, the comparative evaluation of diversity techniques has received scant attention. In ongoing work, we use the DARPA Cyber Grand Challenge (CGC) environment to assess the effectiveness of diversifying compilers in mitigating exploits. Our approach provides a quantitative comparison of diversity strategies and demonstrates wide variation in their effectiveness.
Rouhani, Bita Darvish, Riazi, M. Sadegh, Koushanfar, Farinaz.  2018.  Deepsecure: Scalable Provably-secure Deep Learning. Proceedings of the 55th Annual Design Automation Conference. :2:1–2:6.
This paper presents DeepSecure, the an scalable and provably secure Deep Learning (DL) framework that is built upon automated design, efficient logic synthesis, and optimization methodologies. DeepSecure targets scenarios in which neither of the involved parties including the cloud servers that hold the DL model parameters or the delegating clients who own the data is willing to reveal their information. Our framework is the first to empower accurate and scalable DL analysis of data generated by distributed clients without sacrificing the security to maintain efficiency. The secure DL computation in DeepSecure is performed using Yao's Garbled Circuit (GC) protocol. We devise GC-optimized realization of various components used in DL. Our optimized implementation achieves up to 58-fold higher throughput per sample compared with the best prior solution. In addition to the optimized GC realization, we introduce a set of novel low-overhead pre-processing techniques which further reduce the GC overall runtime in the context of DL. Our extensive evaluations demonstrate up to two orders-of-magnitude additional runtime improvement achieved as a result of our pre-processing methodology.
Chen, L., Liu, J., Ha, W..  2018.  Cloud Service Risk in the Smart Grid. 2018 14th International Conference on Computational Intelligence and Security (CIS). :242–244.

Smart grid utilizes cloud service to realize reliable, efficient, secured, and cost-effective power management, but there are a number of security risks in the cloud service of smart grid. The security risks are particularly problematic to operators of power information infrastructure who want to leverage the benefits of cloud. In this paper, security risk of cloud service in the smart grid are categorized and analyzed characteristics, and multi-layered index system of general technical risks is established, which applies to different patterns of cloud service. Cloud service risk of smart grid can evaluate according indexes.

Khayyam, Y. E., Herrou, B..  2017.  Risk assessment of the supply chain: Approach based on analytic hierarchy process and group decision-making. 2017 International Colloquium on Logistics and Supply Chain Management (LOGISTIQUA). :135–141.

Faced with a turbulent economic, political and social environment, Companies need to build effective risk management systems in their supply chains. Risk management can only be effective when the risks identification and analysis are enough accurate. In this perspective, this paper proposes a risk assessment approach based on the analytic hierarchy process and group decision making. In this study, a new method is introduced that will reduce the impact of incoherent judgments on group decision-making, It is, the “reduced weight function” that decreases the weight associated to a member of the expert panel based on the consistency of its judgments.

Parycek, P., Pereira, G. Viale.  2017.  Drivers of Smart Governance: Towards to Evidence-Based Policy-Making. Proceedings of the 18th Annual International Conference on Digital Government Research. :564–565.

This paper presents the preliminary framework proposed by the authors for drivers of Smart Governance. The research question of this study is: What are the drivers for Smart Governance to achieve evidence-based policy-making? The framework suggests that in order to create a smart governance model, data governance and collaborative governance are the main drivers. These pillars are supported by legal framework, normative factors, principles and values, methods, data assets or human resources, and IT infrastructure. These aspects will guide a real time evaluation process in all levels of the policy cycle, towards to the implementation of evidence-based policies.

Vougioukas, Michail, Androutsopoulos, Ion, Paliouras, Georgios.  2017.  A Personalized Global Filter To Predict Retweets. Proceedings of the 25th Conference on User Modeling, Adaptation and Personalization. :393–394.

Information shared on Twitter is ever increasing and users-recipients are overwhelmed by the number of tweets they receive, many of which of no interest. Filters that estimate the interest of each incoming post can alleviate this problem, for example by allowing users to sort incoming posts by predicted interest (e.g., "top stories" vs. "most recent" in Facebook). Global and personal filters have been used to detect interesting posts in social networks. Global filters are trained on large collections of posts and reactions to posts (e.g., retweets), aiming to predict how interesting a post is for a broad audience. In contrast, personal filters are trained on posts received by a particular user and the reactions of the particular user. Personal filters can provide recommendations tailored to a particular user's interests, which may not coincide with the interests of the majority of users that global filters are trained to predict. On the other hand, global filters are typically trained on much larger datasets compared to personal filters. Hence, global filters may work better in practice, especially with new users, for which personal filters may have very few training instances ("cold start" problem). Following Uysal and Croft, we devised a hybrid approach that combines the strengths of both global and personal filters. As in global filters, we train a single system on a large, multi-user collection of tweets. Each tweet, however, is represented as a feature vector with a number of user-specific features.

Robinson, Joseph P., Shao, Ming, Zhao, Handong, Wu, Yue, Gillis, Timothy, Fu, Yun.  2017.  Recognizing Families In the Wild (RFIW): Data Challenge Workshop in Conjunction with ACM MM 2017. Proceedings of the 2017 Workshop on Recognizing Families In the Wild. :5–12.

Recognizing Families In the Wild (RFIW) is a large-scale, multi-track automatic kinship recognition evaluation, supporting both kinship verification and family classification on scales much larger than ever before. It was organized as a Data Challenge Workshop hosted in conjunction with ACM Multimedia 2017. This was achieved with the largest image collection that supports kin-based vision tasks. In the end, we use this manuscript to summarize evaluation protocols, progress made and some technical background and performance ratings of the algorithms used, and a discussion on promising directions for both research and engineers to be taken next in this line of work.

Saarela, Marko, Hosseinzadeh, Shohreh, Hyrynsalmi, Sami, Leppänen, Ville.  2017.  Measuring Software Security from the Design of Software. Proceedings of the 18th International Conference on Computer Systems and Technologies. :179–186.

With the increasing use of mobile phones in contemporary society, more and more networked computers are connected to each other. This has brought along security issues. To solve these issues, both research and development communities are trying to build more secure software. However, there is the question that how the secure software is defined and how the security could be measured. In this paper, we study this problem by studying what kinds of security measurement tools (i.e. metrics) are available, and what these tools and metrics reveal about the security of software. As the result of the study, we noticed that security verification activities fall into two main categories, evaluation and assurance. There exist 34 metrics for measuring the security, from which 29 are assurance metrics and 5 are evaluation metrics. Evaluating and studying these metrics, lead us to the conclusion that the general quality of the security metrics are not in a satisfying level that could be suitably used in daily engineering work flows. They have both theoretical and practical issues that require further research, and need to be improved.

Luger, Ewa, Sellen, Abigail.  2016.  "Like Having a Really Bad PA": The Gulf Between User Expectation and Experience of Conversational Agents. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. :5286–5297.

The past four years have seen the rise of conversational agents (CAs) in everyday life. Apple, Microsoft, Amazon, Google and Facebook have all embedded proprietary CAs within their software and, increasingly, conversation is becoming a key mode of human-computer interaction. Whilst we have long been familiar with the notion of computers that speak, the investigative concern within HCI has been upon multimodality rather than dialogue alone, and there is no sense of how such interfaces are used in everyday life. This paper reports the findings of interviews with 14 users of CAs in an effort to understand the current interactional factors affecting everyday use. We find user expectations dramatically out of step with the operation of the systems, particularly in terms of known machine intelligence, system capability and goals. Using Norman's 'gulfs of execution and evaluation' [30] we consider the implications of these findings for the design of future systems.

Coffman, Joel, Kelly, Daniel M., Wellons, Christopher C., Gearhart, Andrew S..  2016.  ROP Gadget Prevalence and Survival Under Compiler-based Binary Diversification Schemes. Proceedings of the 2016 ACM Workshop on Software PROtection. :15–26.

Diversity has been suggested as an effective alternative to the current trend in rules-based approaches to cybersecurity. However, little work to date has focused on how various techniques generalize to new attacks. That is, there is no accepted methodology that researchers use to evaluate diversity techniques. Starting with the hypothesis that an attacker's effort increases as the common set of executable code snippets (return-oriented programming (ROP) gadgets) decreases across application variants, we explore how different diversification techniques affect the set of ROP gadgets that is available to an attacker. We show that a small population of diversified variants is sufficient to eliminate 90-99% of ROP gadgets across a collection of real-world applications. Finally, we observe that the number of remaining gadgets may still be sufficient for an attacker to mount an effective attack regardless of the presence of software diversity.

Zangerle, Eva, Gassler, Wolfgang, Pichl, Martin, Steinhauser, Stefan, Specht, Günther.  2016.  An Empirical Evaluation of Property Recommender Systems for Wikidata and Collaborative Knowledge Bases. Proceedings of the 12th International Symposium on Open Collaboration. :18:1–18:8.

The Wikidata platform is a crowdsourced, structured knowledgebase aiming to provide integrated, free and language-agnostic facts which are–-amongst others–-used by Wikipedias. Users who actively enter, review and revise data on Wikidata are assisted by a property suggesting system which provides users with properties that might also be applicable to a given item. We argue that evaluating and subsequently improving this recommendation mechanism and hence, assisting users, can directly contribute to an even more integrated, consistent and extensive knowledge base serving a huge variety of applications. However, the quality and usefulness of such recommendations has not been evaluated yet. In this work, we provide the first evaluation of different approaches aiming to provide users with property recommendations in the process of curating information on Wikidata. We compare the approach currently facilitated on Wikidata with two state-of-the-art recommendation approaches stemming from the field of RDF recommender systems and collaborative information systems. Further, we also evaluate hybrid recommender systems combining these approaches. Our evaluations show that the current recommendation algorithm works well in regards to recall and precision, reaching a recall@7 of 79.71% and a precision@7 of 27.97%. We also find that generally, incorporating contextual as well as classifying information into the computation of property recommendations can further improve its performance significantly.

Wang, S., Orwell, J., Hunter, G..  2014.  Evaluation of Bayesian and Dempster-Shafer approaches to fusion of video surveillance information. Information Fusion (FUSION), 2014 17th International Conference on. :1-7.

This paper presents the application of fusion meth- ods to a visual surveillance scenario. The range of relevant features for re-identifying vehicles is discussed, along with the methods for fusing probabilistic estimates derived from these estimates. In particular, two statistical parametric fusion methods are considered: Bayesian Networks and the Dempster Shafer approach. The main contribution of this paper is the development of a metric to allow direct comparison of the benefits of the two methods. This is achieved by generalising the Kelly betting strategy to accommodate a variable total stake for each sample, subject to a fixed expected (mean) stake. This metric provides a method to quantify the extra information provided by the Dempster-Shafer method, in comparison to a Bayesian Fusion approach.