渊漪

寻章摘句

 Tech  954  2 分钟

文句摘录

FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)

  1. While the prevalence and versatility of USB have made our daily life convenient, it has also attracted attackers seeking to exploit vulnerabilities within the USB ecosystem.

Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer

  1. Unfortunately, these more accurate analyses incur a high run-time penalty, impeding fuzzer throughput.
  2. Unlike DTA, which strives for accuracy, we take inspiration from popular greybox fuzzers (e.g., AFL) and embrace some imprecision in an effort to reduce overhead and thus maximize fuzzing throughput.

A Survey on Adversarial Attacks for Malware Analysis

  1. Adversarial attacks has now emerged as a serious concern, threatening to dismantle and undermine all the progress made in the machine learning domain.
  2. The fear of evolving adversarial attack is growing among the cyber security research community and has provoked the everlasting war between adversarial attackers and defenders.

Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)

  1. Orthogonal to our research is the analysis and deobfuscation of script-based malware.

A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)

  1. Using our framework and taxonomy, we study the evasive behaviors adopted by 45,375 malware samples observed in the wild between 2010 and 2019.
  2. We harvest papers, reports, and blog posts from the security community estimating the influence of the public disclosure of evasive techniques on their adoption in the wild.

Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)

  1. In front of the increasing difficulties of Android malware detection, it is non-trivial to build a robust and transparent detecting model or system only by traditional machine learning techniques.

四大调查

  1. [Usenix Security 2022] "I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country
  2. [Usenix Security 2022] "Like Lesbians Walking the Perimeter": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice
  3. [Usenix Security 2022] How and Why People Use Virtual Private Networks
  4. [Usenix Security 2021] "It's the Company, the Government, You and I": User Perceptions of Responsibility for Smart Home Privacy and Security
  5. [Usenix Security 2021] "Shhh...be quiet!" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome
  6. [Usenix Security 2021] Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
  7. [Usenix Security 2021] 'Passwords Keep Me Safe' – Understanding What Children Think about Passwords
  8. [Usenix Security 2021] "It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
  9. [Usenix Security 2021] "Now I'm a bit angry:" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
  10. [Usenix Security 2020] "I am uncomfortable sharing what I can't see": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications
  11. [Usenix Security 2020 | Distingguished Paper Award] Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
  12. [Usenix Security 2020] An Observational Investigation of Reverse Engineers’ Processes
  13. [Usenix Security 2020] That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers
  14. [NDSS 2022] An In-depth Analysis of Duplicated Linux Kernel Bug Reports
  15. [NDSS 2020] Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
  16. [NDSS 2019] Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
  17. [NDSS 2019] A First Look into the Facebook Advertising Ecosystem

有趣文章

  1. [Usenix Security 2021] Understanding and Detecting Disordered Error Handling with Precise Function Pairing 不正确的错误处理函数本身可能也会带来新的错误,尤其是在做一些前期清理工作时,执行顺序不正确会带来提权、崩溃与DoS。本文希望推断出预期的清理函数。
  2. [Usenix Security 2020] Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck 考虑到数据流向的实体,对应用程序的隐私规范进行研究建模。
  3. [NDSS 2019] https://www.youtube.com/watch?v=dMndb0Xmr4k&t=1s&list=PLfUWWM-POgQs9SPvg-UA-TNG7UVEcdz8l&index=5 GitHub上由于一些不当操作可能会导致API密钥泄露。本文研究表明这种泄露非常猖獗,并且远没有解决问题。

文词学习

  • encyclopedic 广博的
  • unprecedented 史无前例的,空前的
  • bluntly 直言不讳地
  • as per some estimates 根据一些估计
  • indispensable 必不可少的
  • to name just a few 仅举几例
  • discriminate 鉴别,区别;有区别的
  • remediation 整治
  • cumbersome 繁琐的
  • drastically 剧烈地
  • impede 阻碍
  • stochastic 随机的
  • sharp-edged plateau
  • saturating 饱和的
  • avert 避免,纾解
  • delineation 划定
  • nuisance 滋扰
  • menace 威胁,危险的人或物
  • dismantle 拆开,拆卸,废除
  • undermine 暗中破坏,从根基处损坏
  • provoke 激起,引起
  • ransomware 勒索软件
  • withstand 抵挡,经受住,抵抗
  • camouflage 伪装,隐蔽,欺瞒
  • influx 大量涌入,汇集
  • nullify 使无效,作废,取消
  • calibrate 校准
  • ameliorate 改善,改良
  • prolifical 多产的