Visible to the public Biblio

Found 221 results

Filters: First Letter Of Title is U  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T [U] V W X Y Z   [Show ALL]
U
Yang, Shouguo, Shi, Zhiqiang, Zhang, Guodong, Li, Mingxuan, Ma, Yuan, Sun, Limin.  2019.  Understand Code Style: Efficient CNN-Based Compiler Optimization Recognition System. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.
Compiler optimization level recognition can be applied to vulnerability discovery and binary analysis. Due to the exists of many different compilation optimization options, the difference in the contents of the binary file is very complicated. There are thousands of compiler optimization algorithms and multiple different processor architectures, so it is very difficult to manually analyze binary files and recognize its compiler optimization level with rules. This paper first proposes a CNN-based compiler optimization level recognition model: BinEye. The system extracts semantic and structural differences and automatically recognize the compiler optimization levels. The model is designed to be very suitable for binary file processing and is easy to understand. We built a dataset containing 80028 binary files for the model training and testing. Our proposed model achieves an accuracy of over 97%. At the same time, BinEye is a fully CNN-based system and it has a faster forward calculation speed, at least 8 times faster than the normal RNN-based model. Through our analysis of the model output, we successfully found the difference in assembly codes caused by the different compiler optimization level. This means that the model we proposed is interpretable. Based on our model, we propose a method to analyze the code differences caused by different compiler optimization levels, which has great guiding significance for analyzing closed source compilers and binary security analysis.
Dao, Ha, Mazel, Johan, Fukuda, Kensuke.  2018.  Understanding Abusive Web Resources: Characteristics and Counter-measures of Malicious Web Resources and Cryptocurrency Mining. Proceedings of the Asian Internet Engineering Conference. :54–61.
Web security is a big concern in the current Internet; users may visit websites that automatically download malicious codes for leaking user's privacy information, or even mildly their web browser may help for someone's cryptomining. In this paper, we analyze abusive web resources (i.e. malicious resources and cryptomining) crawled from the Alexa Top 150,000 sites. We highlight the abusive web resources on Alexa ranking, TLD usage, website geolocation, and domain lifetime. Our results show that abusive resources are spread in the Alexa ranking, websites particularly generic Top Level Domain (TLD) and their recently registered domains. In addition, websites with malicious resources are mainly located in China while cryptomining is located in USA. We further evaluate possible counter-measures against abusive web resources. We observe that ad or privacy block lists are ineffective to block against malicious resources while coin-blocking lists are powerful enough to mitigate in-browser cryptomining. Our observations shed light on a little studied, yet important, aspect of abusive resources, and can help increase user awareness about the malicious resources and drive-by mining on web browsers.
Jim Blythe, University of Southern California, Sean Smith, Dartmouth College.  2015.  Understanding and Accounting for Human Behavior.

Since computers are machines, it's tempting to think of computer security as purely a technical problem. However, computing systems are created, used, and maintained by humans, and exist to serve the goals of human and institutional stakeholders. Consequently, effectively addressing the security problem requires understanding this human dimension.


In this tutorial, we discuss this challenge and survey principal research approaches to it.
 

Invited Tutorial, Symposium and Bootcamp on the Science of Security (HotSoS 2015), April 2015, Urbana, IL.

Feng, Huan, Shin, Kang G..  2016.  Understanding and Defending the Binder Attack Surface in Android. Proceedings of the 32Nd Annual Conference on Computer Security Applications. :398–409.
In Android, communications between apps and system services are supported by a transaction-based Inter-Process Communication (IPC) mechanism. Binder, as the cornerstone of this IPC mechanism, separates two communicating parties as client and server. As with any client-server model, the server should not make any assumption on the validity (sanity) of client-side transaction. To our surprise, we find this principle has frequently been overlooked in the implementation of Android system services. In this paper, we try to answer why developers keep making this seemingly simple mistake by studying more than 100 vulnerabilities on this attack surface. We analyzed these vulnerabilities to find that most of them are rooted at a common confusion of where the actual security boundary is among system developers. We thus highlight the deficiency of testing only on client-side public APIs and argue for the necessity of testing and protection on the Binder interface — the actual security boundary. Specifically, we design and implement BinderCracker, an automatic testing framework that supports context-aware fuzzing and actively manages the dependency between transactions. It does not require the source codes of the component under test, is compatible with services in different layers, and performs much more effectively than simple black-box fuzzing. We also call attention to the attack attribution problem for IPC-based attacks. The lack of OS-level support makes it very difficult to identify the culprit apps even for developers with adb access. We address this issue by providing an informative runtime diagnostic tool that tracks the origin, schema, content, and parsing details of each failed transaction. This brings transparency into the IPC process and provides an essential step for other in-depth analysis or forensics.
Liu, Yepang, Xu, Chang, Cheung, Shing-Chi, Terragni, Valerio.  2016.  Understanding and Detecting Wake Lock Misuses for Android Applications. Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. :396–409.

Wake locks are widely used in Android apps to protect critical computations from being disrupted by device sleeping. Inappropriate use of wake locks often seriously impacts user experience. However, little is known on how wake locks are used in real-world Android apps and the impact of their misuses. To bridge the gap, we conducted a large-scale empirical study on 44,736 commercial and 31 open-source Android apps. By automated program analysis and manual investigation, we observed (1) common program points where wake locks are acquired and released, (2) 13 types of critical computational tasks that are often protected by wake locks, and (3) eight patterns of wake lock misuses that commonly cause functional and non-functional issues, only three of which had been studied by existing work. Based on our findings, we designed a static analysis technique, Elite, to detect two most common patterns of wake lock misuses. Our experiments on real-world subjects showed that Elite is effective and can outperform two state-of-the-art techniques.

Badis, H., Doyen, G., Khatoun, R..  2014.  Understanding botclouds from a system perspective: A principal component analysis. Network Operations and Management Symposium (NOMS), 2014 IEEE. :1-9.

Cloud computing is gaining ground and becoming one of the fast growing segments of the IT industry. However, if its numerous advantages are mainly used to support a legitimate activity, it is now exploited for a use it was not meant for: malicious users leverage its power and fast provisioning to turn it into an attack support. Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use since they can be setup on demand and at very large scale without requiring a long dissemination phase nor an expensive deployment costs. For cloud service providers, preventing their infrastructure from being turned into an Attack as a Service delivery model is very challenging since it requires detecting threats at the source, in a highly dynamic and heterogeneous environment. In this paper, we present the result of an experiment campaign we performed in order to understand the operational behavior of a botcloud used for a DDoS attack. The originality of our work resides in the consideration of system metrics that, while never considered for state-of-the-art botnets detection, can be leveraged in the context of a cloud to enable a source based detection. Our study considers both attacks based on TCP-flood and UDP-storm and for each of them, we provide statistical results based on a principal component analysis, that highlight the recognizable behavior of a botcloud as compared to other legitimate workloads.

Badis, H., Doyen, G., Khatoun, R..  2014.  Understanding botclouds from a system perspective: A principal component analysis. Network Operations and Management Symposium (NOMS), 2014 IEEE. :1-9.

Cloud computing is gaining ground and becoming one of the fast growing segments of the IT industry. However, if its numerous advantages are mainly used to support a legitimate activity, it is now exploited for a use it was not meant for: malicious users leverage its power and fast provisioning to turn it into an attack support. Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use since they can be setup on demand and at very large scale without requiring a long dissemination phase nor an expensive deployment costs. For cloud service providers, preventing their infrastructure from being turned into an Attack as a Service delivery model is very challenging since it requires detecting threats at the source, in a highly dynamic and heterogeneous environment. In this paper, we present the result of an experiment campaign we performed in order to understand the operational behavior of a botcloud used for a DDoS attack. The originality of our work resides in the consideration of system metrics that, while never considered for state-of-the-art botnets detection, can be leveraged in the context of a cloud to enable a source based detection. Our study considers both attacks based on TCP-flood and UDP-storm and for each of them, we provide statistical results based on a principal component analysis, that highlight the recognizable behavior of a botcloud as compared to other legitimate workloads.

Miao, Hui, Deshpande, Amol.  2019.  Understanding Data Science Lifecycle Provenance via Graph Segmentation and Summarization. 2019 IEEE 35th International Conference on Data Engineering (ICDE). :1710–1713.
Increasingly modern data science platforms today have non-intrusive and extensible provenance ingestion mechanisms to collect rich provenance and context information, handle modifications to the same file using distinguishable versions, and use graph data models (e.g., property graphs) and query languages (e.g., Cypher) to represent and manipulate the stored provenance/context information. Due to the schema-later nature of the metadata, multiple versions of the same files, and unfamiliar artifacts introduced by team members, the resulting "provenance graphs" are quite verbose and evolving; further, it is very difficult for the users to compose queries and utilize this valuable information just using standard graph query model. In this paper, we propose two high-level graph query operators to address the verboseness and evolving nature of such provenance graphs. First, we introduce a graph segmentation operator, which queries the retrospective provenance between a set of source vertices and a set of destination vertices via flexible boundary criteria to help users get insight about the derivation relationships among those vertices. We show the semantics of such a query in terms of a context-free grammar, and develop efficient algorithms that run orders of magnitude faster than state-of-the-art. Second, we propose a graph summarization operator that combines similar segments together to query prospective provenance of the underlying project. The operator allows tuning the summary by ignoring vertex details and characterizing local structures, and ensures the provenance meaning using path constraints. We show the optimal summary problem is PSPACE-complete and develop effective approximation algorithms. We implement the operators on top of Neo4j, evaluate our query techniques extensively, and show the effectiveness and efficiency of the proposed methods.
Kumar, Sumeet, Carley, Kathleen M..  2016.  Understanding DDoS cyber-attacks using social media analytics. :231–236.

Cyber-attacks are cheap, easy to conduct and often pose little risk in terms of attribution, but their impact could be lasting. The low attribution is because tracing cyber-attacks is primitive in the current network architecture. Moreover, even when attribution is known, the absence of enforcement provisions in international law makes cyber attacks tough to litigate, and hence attribution is hardly a deterrent. Rather than attributing attacks, we can re-look at cyber-attacks as societal events associated with social, political, economic and cultural (SPEC) motivations. Because it is possible to observe SPEC motives on the internet, social media data could be valuable in understanding cyber attacks. In this research, we use sentiment in Twitter posts to observe country-to-country perceptions, and Arbor Networks data to build ground truth of country-to-country DDoS cyber-attacks. Using this dataset, this research makes three important contributions: a) We evaluate the impact of heightened sentiments towards a country on the trend of cyber-attacks received by the country. We find that, for some countries, the probability of attacks increases by up to 27% while experiencing negative sentiments from other nations. b) Using cyber-attacks trend and sentiments trend, we build a decision tree model to find attacks that could be related to extreme sentiments. c) To verify our model, we describe three examples in which cyber-attacks follow increased tension between nations, as perceived in social media.

Kumar, Sumeet, Carley, Kathleen M..  2016.  Understanding DDoS cyber-attacks using social media analytics. :231–236.

Cyber-attacks are cheap, easy to conduct and often pose little risk in terms of attribution, but their impact could be lasting. The low attribution is because tracing cyber-attacks is primitive in the current network architecture. Moreover, even when attribution is known, the absence of enforcement provisions in international law makes cyber attacks tough to litigate, and hence attribution is hardly a deterrent. Rather than attributing attacks, we can re-look at cyber-attacks as societal events associated with social, political, economic and cultural (SPEC) motivations. Because it is possible to observe SPEC motives on the internet, social media data could be valuable in understanding cyber attacks. In this research, we use sentiment in Twitter posts to observe country-to-country perceptions, and Arbor Networks data to build ground truth of country-to-country DDoS cyber-attacks. Using this dataset, this research makes three important contributions: a) We evaluate the impact of heightened sentiments towards a country on the trend of cyber-attacks received by the country. We find that, for some countries, the probability of attacks increases by up to 27% while experiencing negative sentiments from other nations. b) Using cyber-attacks trend and sentiments trend, we build a decision tree model to find attacks that could be related to extreme sentiments. c) To verify our model, we describe three examples in which cyber-attacks follow increased tension between nations, as perceived in social media.

Sawant, Anand Ashok, Aniche, Maurício, van Deursen, Arie, Bacchelli, Alberto.  2018.  Understanding Developers' Needs on Deprecation As a Language Feature. Proceedings of the 40th International Conference on Software Engineering. :561-571.

Deprecation is a language feature that allows API producers to mark a feature as obsolete. We aim to gain a deep understanding of the needs of API producers and consumers alike regarding deprecation. To that end, we investigate why API producers deprecate features, whether they remove deprecated features, how they expect consumers to react, and what prompts an API consumer to react to deprecation. To achieve this goal we conduct semi-structured interviews with 17 third-party Java API producers and survey 170 Java developers. We observe that the current deprecation mechanism in Java and the proposal to enhance it does not address all the needs of a developer. This leads us to propose and evaluate three further enhancements to the deprecation mechanism.

Li, Guanpeng, Hari, Siva Kumar Sastry, Sullivan, Michael, Tsai, Timothy, Pattabiraman, Karthik, Emer, Joel, Keckler, Stephen W..  2017.  Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications. Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis. :8:1–8:12.
Deep learning neural networks (DNNs) have been successful in solving a wide range of machine learning problems. Specialized hardware accelerators have been proposed to accelerate the execution of DNN algorithms for high-performance and energy efficiency. Recently, they have been deployed in datacenters (potentially for business-critical or industrial applications) and safety-critical systems such as self-driving cars. Soft errors caused by high-energy particles have been increasing in hardware systems, and these can lead to catastrophic failures in DNN systems. Traditional methods for building resilient systems, e.g., Triple Modular Redundancy (TMR), are agnostic of the DNN algorithm and the DNN accelerator's architecture. Hence, these traditional resilience approaches incur high overheads, which makes them challenging to deploy. In this paper, we experimentally evaluate the resilience characteristics of DNN systems (i.e., DNN software running on specialized accelerators). We find that the error resilience of a DNN system depends on the data types, values, data reuses, and types of layers in the design. Based on our observations, we propose two efficient protection techniques for DNN systems.
Schroeder, Jill M., Manz, David O., Amaya, Jodi P., McMakin, Andrea H., Bays, Ryan M..  2018.  Understanding Past, Current and Future Communication and Situational Awareness Technologies for First Responders. Proceedings of the Fifth Cybersecurity Symposium. :2:1-2:14.
This study builds a foundation for improving research for first responder communication and situational awareness technology in the future. In an online survey, we elicited the opinions of 250 U.S. first responders about effectiveness, security, and reliability of past, current, and future Internet of Things technology. The most desired features respondents identified were connectivity, reliability, interoperability, and affordability. The top barriers to technology adoption and use included restricted budgets/costs, interoperability, insufficient training resources, and insufficient interagency collaboration and communication. First responders in all job types indicated that technology has made first responder equipment more useful, and technology that supports situational awareness is particularly valued. As such, future Internet of Things capabilities, such as tapping into smart device data in residences and piggybacking onto alternative communication channels, could be valuable for future first responders. Potential areas for future investigation are suggested for technology development and research.
Hou, Ye, Such, Jose, Rashid, Awais.  2019.  Understanding Security Requirements for Industrial Control System Supply Chains. 2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS). :50–53.

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.

Ricard López Fogués, Pradeep K. Murukannaiah, Jose M. Such, Munindar P. Singh.  2017.  Understanding Sharing Policies in Multiparty Scenarios: Incorporating Context, Preferences, and Arguments into Decision Making. ACM Transactions on Computer-Human Interaction.

Social network services enable users to conveniently share personal information.  Often, the information shared concerns other people, especially other members of the social network service.  In such situations, two or more people can have conflicting privacy preferences; thus, an appropriate sharing policy may not be apparent. We identify such situations as multiuser privacy scenarios. Current approaches propose finding a sharing policy through preference aggregation.  However, studies suggest that users feel more confident in their decisions regarding sharing when they know the reasons behind each other's preferences.  The goals of this paper are (1) understanding how people decide the appropriate sharing policy in multiuser scenarios where arguments are employed, and (2) developing a computational model to predict an appropriate sharing policy for a given scenario. We report on a study that involved a survey of 988 Amazon MTurk users about a variety of multiuser scenarios and the optimal sharing policy for each scenario.  Our evaluation of the participants' responses reveals that contextual factors, user preferences, and arguments influence the optimal sharing policy in a multiuser scenario.  We develop and evaluate an inference model that predicts the optimal sharing policy given the three types of features.  We analyze the predictions of our inference model to uncover potential scenario types that lead to incorrect predictions, and to enhance our understanding of when multiuser scenarios are more or less prone to dispute.

 

To appear

Cao, Cong, Yan, Jun, Li, Mengxiang.  2016.  Understanding the Influence and Service Type of Trusted Third Party on Consumers' Online Trust: Evidence from Australian B2C Marketplace. Proceedings of the 18th Annual International Conference on Electronic Commerce: E-Commerce in Smart Connected World. :18:1–18:8.

In this study, the trusted third party (TTP) in Australia's B2C marketplace is studied and the factors influencing consumers' trust behaviour are examined from the perspective of consumers' online trust. Based on the literature review and combined with the development status and background of Australia's e-commerce, underpinned by the Theory of Planned Behaviour (TPB) and a conceptual trust model, this paper expatiates the specific factors and influence mechanism of TTP on consumers' trust behaviour. Also this paper explains two different functions of TTP to solve the online trust problem faced by consumers. Meanwhile, this paper summarizes five different types of services provided by TTPs during the establishment of the trust relationship. Finally, the present study selects 100 B2C enterprises by the simple random sampling method and makes a detailed analysis of their TTPs, to verify the services and functions of the proposed TTP in the trust model. This study is of some significance for comprehending the influence mechanism, functions and services of TTPs on consumers' trust behaviour in the realistic Australian B2C environment.

Su, Liya, Yao, Yepeng, Lu, Zhigang, Liu, Baoxu.  2019.  Understanding the Influence of Graph Kernels on Deep Learning Architecture: A Case Study of Flow-Based Network Attack Detection. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :312–318.
Flow-based network attack detection technology is able to identify many threats in network traffic. Existing techniques have several drawbacks: i) rule-based approaches are vulnerable because it needs all the signatures defined for the possible attacks, ii) anomaly-based approaches are not efficient because it is easy to find ways to launch attacks that bypass detection, and iii) both rule-based and anomaly-based approaches heavily rely on domain knowledge of networked system and cyber security. The major challenge to existing methods is to understand novel attack scenarios and design a model to detect novel and more serious attacks. In this paper, we investigate network attacks and unveil the key activities and the relationships between these activities. For that reason, we propose methods to understand the network security practices using theoretic concepts such as graph kernels. In addition, we integrate graph kernels over deep learning architecture to exploit the relationship expressiveness among network flows and combine ability of deep neural networks (DNNs) with deep architectures to learn hidden representations, based on the communication representation graph of each network flow in a specific time interval, then the flow-based network attack detection can be done effectively by measuring the similarity between the graphs to two flows. The proposed study provides the effectiveness to obtain insights about network attacks and detect network attacks. Using two real-world datasets which contain several new types of network attacks, we achieve significant improvements in accuracies over existing network attack detection tasks.
van der Veen, Rosa, Hakkerainen, Viola, Peeters, Jeroen, Trotto, Ambra.  2018.  Understanding Transformations Through Design: Can Resilience Thinking Help? Proceedings of the Twelfth International Conference on Tangible, Embedded, and Embodied Interaction. :694–702.
The interaction design community increasingly addresses how digital technologies may contribute to societal transformations. This paper aims at understanding transformation ignited by a particular constructive design research project. This transformation will be discussed and analysed using resilience thinking, an established approach within sustainability science. By creating a common language between these two disciplines, we start to identify what kind of transformation took place, what factors played a role in the transformation, and which transformative qualities played a role in creating these factors. Our intention is to set out how the notion of resilience might provide a new perspective to understand how constructive design research may produce results that have a sustainable social impact. The findings point towards ways in which these two different perspectives on transformation the analytical perspective of resilience thinking and the generative perspective of constructive design research - may become complementary in both igniting and understanding transformations.
Jiao, Y., Hohlfield, J., Victora, R. H..  2018.  Understanding Transition and Remanence Noise in HAMR. IEEE Transactions on Magnetics. 54:1–5.

Transition noise and remanence noise are the two most important types of media noise in heat-assisted magnetic recording. We examine two methods (spatial splitting and principal components analysis) to distinguish them: both techniques show similar trends with respect to applied field and grain pitch (GP). It was also found that PW50can be affected by GP and reader design, but is almost independent of write field and bit length (larger than 50 nm). Interestingly, our simulation shows a linear relationship between jitter and PW50NSRrem, which agrees qualitatively with experimental results.

Haddad, G. El, Aïmeur, E., Hage, H..  2018.  Understanding Trust, Privacy and Financial Fears in Online Payment. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :28–36.
In online payment, customers must transmit their personal and financial information through the website to conclude their purchase and pay the services or items selected. They may face possible fears from online transactions raised by their risk perception about financial or privacy loss. They may have concerns over the payment decision with the possible negative behaviors such as shopping cart abandonment. Therefore, customers have three major players that need to be addressed in online payment: the online seller, the payment page, and their own perception. However, few studies have explored these three players in an online purchasing environment. In this paper, we focus on the customer concerns and examine the antecedents of trust, payment security perception as well as their joint effect on two fundamentally important customers' aspects privacy concerns and financial fear perception. A total of 392 individuals participated in an online survey. The results highlight the importance, of the seller website's components (such as ease of use, security signs, and quality information) and their impact on the perceived payment security as well as their impact on customer's trust and financial fear perception. The objective of our study is to design a research model that explains the factors contributing to an online payment decision.
Chakraborty, Arpita, Zhang, Yue, Ramesh, Arti.  2018.  Understanding Types of Cyberbullying in an Anonymous Messaging Application. Companion Proceedings of the The Web Conference 2018. :1001–1005.

The possibility of anonymity and lack of effective ways to identify inappropriate messages have resulted in a significant amount of online interaction data that attempt to harass, bully, or offend the recipient. In this work, we perform a preliminary linguistic study on messages exchanged using one such popular web/smartphone application—Sarahah, that allows friends to exchange messages anonymously. Since messages exchanged via Sarahah are private, we collect them when the recipient shares it on Twitter. We then perform an analysis of the different kinds of messages exchanged through this application. Our linguistic analysis reveals that a significant number of these messages ($\backslash$textasciitilde20%) include inappropriate, hurtful, or profane language intended to embarrass, offend, or bully the recipient. Our analysis helps in understanding the different ways in which anonymous message exchange platforms are used and the different types of bullying present in such exchanges.

Kiseleva, Julia, Williams, Kyle, Jiang, Jiepu, Hassan Awadallah, Ahmed, Crook, Aidan C., Zitouni, Imed, Anastasakos, Tasos.  2016.  Understanding User Satisfaction with Intelligent Assistants. Proceedings of the 2016 ACM on Conference on Human Information Interaction and Retrieval. :121–130.

Voice-controlled intelligent personal assistants, such as Cortana, Google Now, Siri and Alexa, are increasingly becoming a part of users' daily lives, especially on mobile devices. They introduce a significant change in information access, not only by introducing voice control and touch gestures but also by enabling dialogues where the context is preserved. This raises the need for evaluation of their effectiveness in assisting users with their tasks. However, in order to understand which type of user interactions reflect different degrees of user satisfaction we need explicit judgements. In this paper, we describe a user study that was designed to measure user satisfaction over a range of typical scenarios of use: controlling a device, web search, and structured search dialogue. Using this data, we study how user satisfaction varied with different usage scenarios and what signals can be used for modeling satisfaction in the different scenarios. We find that the notion of satisfaction varies across different scenarios, and show that, in some scenarios (e.g. making a phone call), task completion is very important while for others (e.g. planning a night out), the amount of effort spent is key. We also study how the nature and complexity of the task at hand affects user satisfaction, and find that preserving the conversation context is essential and that overall task-level satisfaction cannot be reduced to query-level satisfaction alone. Finally, we shed light on the relative effectiveness and usefulness of voice-controlled intelligent agents, explaining their increasing popularity and uptake relative to the traditional query-response interaction.

Yang, Zihan, Mi, Zeyu, Xia, Yubin.  2019.  Undertow: An Intra-Kernel Isolation Mechanism for Hardware-Assisted Virtual Machines. 2019 IEEE International Conference on Service-Oriented System Engineering (SOSE). :257—2575.
The prevalence of Cloud Computing has appealed many users to put their business into low-cost and flexible cloud servers instead of bare-metal machines. Most virtual machines in the cloud run commodity operating system(e.g., linux), and the complexity of such operating systems makes them more bug-prone and easier to be compromised. To mitigate the security threats, previous works attempt to mediate and filter system calls, transform all unpopular paths into popular paths, or implement a nested kernel along with the untrusted outter kernel to enforce certain security policies. However, such solutions only enforce read-only protection or assume that popular paths in the kernel to contain almost no bug, which is not always the case in the real world. To overcome their shortcomings and combine their advantages as much as possible, we propose a hardware-assisted isolation mechanism that isolates untrusted part of the kernel. To achieve isolation, we prepare multiple restricted Extended Page Table (EPT) during boot time, each of which has certain critical data unmapped from it so that the code executing in the isolated environment could not access sensitive data. We leverage the VMFUNC instruction already available in recent Intel processors to directly switch to another pre-defined EPT inside guest virtual machine without trapping into the underlying hypervisor, which is faster than the traditional trap-and-emulate procedure. The semantic gap is minimized and real-time check is achieved by allowing EPT violations to be converted to Virtualization Exception (VE), which could be handled inside guest kernel in non-root mode. Our preliminary evaluation shows that with hardware virtualization feature, we are able to run the untrusted code in an isolated environment with negligible overhead.
Sun, Jie, Yu, Jiancheng, Zhang, Aiqun, Song, Aijun, Zhang, Fumin.  2018.  Underwater Acoustic Intensity Field Reconstruction by Kriged Compressive Sensing. Proceedings of the Thirteenth ACM International Conference on Underwater Networks & Systems. :5:1-5:8.

This paper presents a novel Kriged Compressive Sensing (KCS) approach for the reconstruction of underwater acoustic intensity fields sampled by multiple gliders following sawtooth sampling patterns. Blank areas in between the sampling trajectories may cause unsatisfying reconstruction results. The KCS method leverages spatial statistical correlation properties of the acoustic intensity field being sampled to improve the compressive reconstruction process. Virtual data samples generated from a kriging method are inserted into the blank areas. We show that by using the virtual samples along with real samples, the acoustic intensity field can be reconstructed with higher accuracy when coherent spatial patterns exist. Corresponding algorithms are developed for both unweighted and weighted KCS methods. By distinguishing the virtual samples from real samples through weighting, the reconstruction results can be further improved. Simulation results show that both algorithms can improve the reconstruction results according to the PSNR and SSIM metrics. The methods are applied to process the ocean ambient noise data collected by the Sea-Wing acoustic gliders in the South China Sea.

Shakeri, S., Leus, G..  2014.  Underwater ultra-wideband fingerprinting-based sparse localization. Signal Processing Advances in Wireless Communications (SPAWC), 2014 IEEE 15th International Workshop on. :140-144.

In this work, a new fingerprinting-based localization algorithm is proposed for an underwater medium by utilizing ultra-wideband (UWB) signals. In many conventional underwater systems, localization is accomplished by utilizing acoustic waves. On the other hand, electromagnetic waves haven't been employed for underwater localization due to the high attenuation of the signal in water. However, it is possible to use UWB signals for short-range underwater localization. In this work, the feasibility of performing localization for an underwater medium is illustrated by utilizing a fingerprinting-based localization approach. By employing the concept of compressive sampling, we propose a sparsity-based localization method for which we define a system model exploiting the spatial sparsity.