Sok: Taxonomy of attacks on open-source software supply chains

P Ladisa, H Plate, M Martinez… - 2023 IEEE Symposium …, 2023 - ieeexplore.ieee.org
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …

Intriguing properties of adversarial ml attacks in the problem space

F Pierazzi, F Pendlebury, J Cortellazzi… - … IEEE symposium on …, 2020 - ieeexplore.ieee.org
Recent research efforts on adversarial ML have investigated problem-space attacks,
focusing on the generation of real evasive objects in domains where, unlike images, there is …

Graph backdoor

Z **, R Pang, S Ji, T Wang - 30th USENIX security symposium (USENIX …, 2021 - usenix.org
One intriguing property of deep neural networks (DNNs) is their inherent vulnerability to
backdoor attacks—a trojan model responds to trigger-embedded inputs in a highly …

[PDF][PDF] Towards measuring supply chain attacks on package managers for interpreted languages

R Duan, O Alrawi, RP Kasturi, R Elder… - arxiv preprint arxiv …, 2020 - cyfi.ece.gatech.edu
Package managers have become a vital part of the modern software development process.
They allow developers to reuse third-party code, share their own code, minimize their …

Sok: Pragmatic assessment of machine learning for network intrusion detection

G Apruzzese, P Laskov… - 2023 IEEE 8th European …, 2023 - ieeexplore.ieee.org
Machine Learning (ML) has become a valuable asset to solve many real-world tasks. For
Network Intrusion Detection (NID), however, scientific advances in ML are still seen with …

MAB-Malware: A reinforcement learning framework for blackbox generation of adversarial malware

W Song, X Li, S Afroz, D Garg, D Kuznetsov… - … of the 2022 ACM on Asia …, 2022 - dl.acm.org
Modern commercial antivirus systems increasingly rely on machine learning (ML) to keep up
with the rampant inflation of new malware. However, it is well-known that machine learning …

" Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences

D Olszewski, A Lu, C Stillman, K Warren… - Proceedings of the …, 2023 - dl.acm.org
Reproducibility is crucial to the advancement of science; it strengthens confidence in
seemingly contradictory results and expands the boundaries of known discoveries …

Mining node. js vulnerabilities via object dependence graph and query

S Li, M Kang, J Hou, Y Cao - 31st USENIX Security Symposium …, 2022 - usenix.org
Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

Detecting Node. js prototype pollution vulnerabilities via object lookup analysis

S Li, M Kang, J Hou, Y Cao - Proceedings of the 29th ACM Joint Meeting …, 2021 - dl.acm.org
Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …

Taxonomy of attacks on open-source software supply chains

P Ladisa, H Plate, M Martinez, O Barais - arxiv preprint arxiv:2204.04008, 2022 - arxiv.org
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …