云时代,云API作为服务交付、数据交换和能力复制的最佳载体,已成长为当今面向服务软件开发和企业数字化转型不可或缺的核心要素.然而动态开放网络中持续增长的云API在给开发者提供了更多选择的同时,也将其淹没在海量的云API选择之中,设...云时代,云API作为服务交付、数据交换和能力复制的最佳载体,已成长为当今面向服务软件开发和企业数字化转型不可或缺的核心要素.然而动态开放网络中持续增长的云API在给开发者提供了更多选择的同时,也将其淹没在海量的云API选择之中,设计有效的云API推荐方法就此成为API经济健康发展中迫切要解决的现实问题.但是,现有研究主要利用搜索关键词、服务质量和调用偏好进行建模,生成质量高功能单一的云API推荐列表,没有考虑服务化软件实际开发中开发者对多元化高阶互补云API的客观需要.高阶互补云API推荐旨在为多个查询云API生成多元互补云API列表,要求推荐结果与查询云API均互补,以满足开发者的联合需求.针对此问题,本文提出基于概率逻辑推理的高阶互补云API推荐方法(Probabilistic Logic Reasoning for High-order Complementary Cloud API Recom⁃mendation,PLR4HCCR).首先,通过云API生态真实数据分析论证云API互补推荐需求的必要性和互补关系建模中替补噪声的客观存在,为云API互补推荐问题研究提供动机和数据支持.其次,采用Beta概率嵌入对云API及其之间的关系约束进行编码,以刻画云API间互补关系的不确定性和支持互补逻辑推理.接着,设计由投影、取反和交并三个基本逻辑算子构建的互补关系逻辑推理网络,使查询集中的每个云API获得非对称互补关系感知和替补噪声消解约束下的互补云API表示.然后,引入注意力机制为查询云API的互补云API分配不同权重,增强高阶互补云API基向量的表征能力.在此基础上,采用KL散度度量高阶互补云API基向量与候选云API之间的距离,并根据KL散度排序生成高阶互补性可感知下的云API推荐结果.最后,我们利用两个真实云API数据集在不同阶互补推荐场景下进行实验,实验表明,与传统启发式推荐方法和深度学习推荐方法相比,PLR4HCCR在互补关系感知推理和替补噪声消解方面均具有较大的优势,继而使其在低阶、高阶和混合阶互补云API推荐中均展示出更优的推荐效果和更强的泛化能力.进一步,超参数敏感性实验、实例分析和用户调查验证了方法的有效性、实用性和可行性,这使结合高阶互补关系的云API推荐方法PLR4HCCR不仅更有可能生成开发者满意的结果,而且可有效提升云API服务提供者的收益.展开更多
RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms.Existing tools struggle with generating lengthy,high-semantic request sequences that can pass Kubernetes API gate...RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms.Existing tools struggle with generating lengthy,high-semantic request sequences that can pass Kubernetes API gateway checks.To address this,we propose KubeFuzzer,a black-box fuzzing tool designed for Kubernetes RESTful APIs.KubeFuzzer utilizes Natural Language Processing(NLP)to extract and integrate semantic information from API specifications and response messages,guiding the generation of more effective request sequences.Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86%to 36.34%,increases the successful response rate by 6.7%to 83.33%,and detects 16.7%to 133.3%more bugs compared to three leading techniques.KubeFuzzer identified over 1000 service crashes,which were narrowed down to 7 unique bugs.We tested these bugs on 10 real-world Kubernetes projects,including major providers like AWS(EKS),Microsoft Azure(AKS),and Alibaba Cloud(ACK),and confirmed that these issues could trigger service crashes.We have reported and confirmed these bugs with the Kubernetes community,and they have been addressed.展开更多
加密型勒索软件通过加密用户文件来勒索赎金.现有的基于第一条加密应用编程接口(Application Programming Interface,API)的早期检测方法无法在勒索软件执行加密行为前将其检出.由于不同家族的勒索软件开始执行其加密行为的时刻各不相同...加密型勒索软件通过加密用户文件来勒索赎金.现有的基于第一条加密应用编程接口(Application Programming Interface,API)的早期检测方法无法在勒索软件执行加密行为前将其检出.由于不同家族的勒索软件开始执行其加密行为的时刻各不相同,现有的基于固定时间阈值的早期检测方法仅能将少量勒索软件在其执行加密行为前准确检出.为进一步提升勒索软件检测的及时性,本文在分析多款勒索软件运行初期调用动态链接库(Dynamic Link Library,DLL)和API行为的基础上,提出了一个表征软件从开始运行到首次调用加密相关DLL之间的时间段的概念——运行初始阶段(Initial Phase of Operation,IPO),并提出了一个以软件在IPO内产生的API序列为检测对象的勒索软件早期检测方法,即基于API潜在语义的勒索软件早期检测方法(Ransomware Early Detection Method based on API Latent Semantics,REDMALS).REDMALS采集IPO内的API序列后,采用TF-IDF(Term Frequency-Inverse Document Frequency)算法以及潜在语义分析(Latent Semantic Analysis,LSA)算法对采集的API序列生成特征向量及提取潜在的语义结构,再运用机器学习算法构建检测模型用于勒索软件检测.实验结果显示运用随机森林算法的REDMALS在构建的变种测试集和未知测试集上可分别获得97.7%、96.0%的准确率,且两个测试集中83%和76%的勒索软件样本可在其执行加密行为前被检出.展开更多
针对目前恶意软件检测分类方法在特征提取、检测准确率等方面面临的挑战,提出一种基于API分组重构与图像表示的恶意软件检测分类方法。首先,对恶意软件调用的API类别统一编号,将API指令序列中相同编号的API聚合为同一API组,根据恶意软...针对目前恶意软件检测分类方法在特征提取、检测准确率等方面面临的挑战,提出一种基于API分组重构与图像表示的恶意软件检测分类方法。首先,对恶意软件调用的API类别统一编号,将API指令序列中相同编号的API聚合为同一API组,根据恶意软件运行时各类API的首次调用顺序对API组重排序,将各API组的条目数记录为该类API对软件样本的贡献度。经分组重构后,各API组按序组织,其顺序为软件样本调用各类API的顺序。各API组内部有序,其内部各API的排列顺序即为软件样本对单个API的调用顺序。有序化的API分组有助于API指令序列信息的图像化表达。基于重组的API指令序列提取API编号作为全局特征列表、API贡献度作为局部特征列表、API顺序索引作为时序特征列表,对特征列表进行标准化与零填充,转化为统一尺寸的特征数组。其中,API编号能清晰地标识API类别,API贡献度可以表征该API的调用频繁程度,API顺序索引可区分各API被调用的顺序。然后,分别用3类特征数组填充RGB图像的3个通道,生成3通道的API编号贡献度及顺序索引特征图像(Feature image of API code devotion and sequential index,FimgCDS)。最后,将Fimg CDS特征图像输入自主构建的轻量型恶意软件特征图像卷积神经网络(malware feature image convolutional neural network,MficNN)分类器,实现对恶意软件的检测与分类。实验结果表明,本文方法在两类数据集上的检测分类准确率分别为98.66%和98.35%,具有较高的恶意软件检测分类性能指标和检测分类速度。展开更多
logical testing model and resource lifecycle information,generate test cases and complete parameters,and alleviate inconsistency issues through parameter inference.Once again,we propose a method of analyzing test resu...logical testing model and resource lifecycle information,generate test cases and complete parameters,and alleviate inconsistency issues through parameter inference.Once again,we propose a method of analyzing test results using joint state codes and call stack information,which compensates for the shortcomings of traditional analysis methods.We will apply our method to testing REST services,including OpenStack,an open source cloud operating platform for experimental evaluation.We have found a series of inconsistencies,known vulnerabilities,and new unknown logical defects.展开更多
The Qinling Mountains, known for their rich vegetation and diverse pollinating insects, have seen a significant decline in bee species richness and abundance over recent decades, largely due to the introduction and sp...The Qinling Mountains, known for their rich vegetation and diverse pollinating insects, have seen a significant decline in bee species richness and abundance over recent decades, largely due to the introduction and spread of Apis mellifera. This decline has caused cascading effects on the region's community structure and ecosystem stability. To improve the protection of native bees in the natural and agricultural landscape of the Qinling Mountains and its surrounding areas, we investigated 33 sampling sites within three habitats: forest, forest-agriculture ecotones, and farmland. Using a generalized linear mixing model, t-test, and other data analysis methods, we explored the impact of Apis mellifera on local pollinator bee richness, abundance, and the pollination network in different habitats in these regional areas. The results show that(1)Apis mellifera significantly negatively affects the abundance and richness of wild pollinator bees,while Apis cerana abundance is also affected by beekeeping conditions.(2)There are significant negative effects of Apis mellifera on the community structure of pollinator bees in the Qinling Mountains and its surrounding areas: the Shannon-Wiener diversity index, Pielou evenness index, and Margalef richness index of bee communities at sites with Apis mellifera influence were significantly lower than those at sites without Apis mellifera influence.(3)The underlying driver of this effect is the monopolization of flowering resources by Apis mellifera. This species tends to visit flowering plants with large nectar sources, which constitute a significant portion of the local plant community. By maintaining a dominant role in the bee-plant pollination network, Apis mellifera competitively displaces native pollinator bees, reducing their access to floral resources. This ultimately leads to a reduction in local bee-plant interactions, decreasing the complexity and stability of the pollination network. These findings highlight the need for targeted conservation efforts to protect native pollinator species and maintain the ecological balance in the Qinling Mountains.展开更多
The Cap Pushing Response (CPR) is a free-flying technique used to study learning and memory in honey bees (Apis mellifera). The series of experiments outlined in this paper aimed to test whether honey bees exhibit the...The Cap Pushing Response (CPR) is a free-flying technique used to study learning and memory in honey bees (Apis mellifera). The series of experiments outlined in this paper aimed to test whether honey bees exhibit the cognitive concept of “expectancy” utilizing the CPR in a weight differentiation paradigm. Five previous experiments in our laboratory have explored whether the concept of expectancy can account for honey bee performance and have all failed to support the cognitive interpretation. The first experiment examined if bees could differentiate between the two caps in the amount of force they used to push the cap and the distance the cap was pushed when the caps were presented one at a time. The second experiment explored cap weight preference by presenting bees with a choice between the two caps. The third and fourth experiments tested the bee’s ability to expect reward or punishment based on cap weight. Results revealed that bees were found to have a strong preference for the light cap and therefore were not able to expect reward or punishment based on cap weight. These experiments contribute to the debate on whether bees have “cognitive” representations and continue to support the behaviorist interpretation.展开更多
文摘云时代,云API作为服务交付、数据交换和能力复制的最佳载体,已成长为当今面向服务软件开发和企业数字化转型不可或缺的核心要素.然而动态开放网络中持续增长的云API在给开发者提供了更多选择的同时,也将其淹没在海量的云API选择之中,设计有效的云API推荐方法就此成为API经济健康发展中迫切要解决的现实问题.但是,现有研究主要利用搜索关键词、服务质量和调用偏好进行建模,生成质量高功能单一的云API推荐列表,没有考虑服务化软件实际开发中开发者对多元化高阶互补云API的客观需要.高阶互补云API推荐旨在为多个查询云API生成多元互补云API列表,要求推荐结果与查询云API均互补,以满足开发者的联合需求.针对此问题,本文提出基于概率逻辑推理的高阶互补云API推荐方法(Probabilistic Logic Reasoning for High-order Complementary Cloud API Recom⁃mendation,PLR4HCCR).首先,通过云API生态真实数据分析论证云API互补推荐需求的必要性和互补关系建模中替补噪声的客观存在,为云API互补推荐问题研究提供动机和数据支持.其次,采用Beta概率嵌入对云API及其之间的关系约束进行编码,以刻画云API间互补关系的不确定性和支持互补逻辑推理.接着,设计由投影、取反和交并三个基本逻辑算子构建的互补关系逻辑推理网络,使查询集中的每个云API获得非对称互补关系感知和替补噪声消解约束下的互补云API表示.然后,引入注意力机制为查询云API的互补云API分配不同权重,增强高阶互补云API基向量的表征能力.在此基础上,采用KL散度度量高阶互补云API基向量与候选云API之间的距离,并根据KL散度排序生成高阶互补性可感知下的云API推荐结果.最后,我们利用两个真实云API数据集在不同阶互补推荐场景下进行实验,实验表明,与传统启发式推荐方法和深度学习推荐方法相比,PLR4HCCR在互补关系感知推理和替补噪声消解方面均具有较大的优势,继而使其在低阶、高阶和混合阶互补云API推荐中均展示出更优的推荐效果和更强的泛化能力.进一步,超参数敏感性实验、实例分析和用户调查验证了方法的有效性、实用性和可行性,这使结合高阶互补关系的云API推荐方法PLR4HCCR不仅更有可能生成开发者满意的结果,而且可有效提升云API服务提供者的收益.
基金supported by the National Natural Science Foundation of China(No.62202320)the Fundamental Research Funds for the Central Universities(Nos.SCU2023D008,2023SCU12129)+2 种基金the Natural Science Foundation of Sichuan Province(No.2024NSFSC1449)the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129)the Key Laboratory of Data Protection and Intelligent Management(Sichuan University),Ministry of Education.
文摘RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms.Existing tools struggle with generating lengthy,high-semantic request sequences that can pass Kubernetes API gateway checks.To address this,we propose KubeFuzzer,a black-box fuzzing tool designed for Kubernetes RESTful APIs.KubeFuzzer utilizes Natural Language Processing(NLP)to extract and integrate semantic information from API specifications and response messages,guiding the generation of more effective request sequences.Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86%to 36.34%,increases the successful response rate by 6.7%to 83.33%,and detects 16.7%to 133.3%more bugs compared to three leading techniques.KubeFuzzer identified over 1000 service crashes,which were narrowed down to 7 unique bugs.We tested these bugs on 10 real-world Kubernetes projects,including major providers like AWS(EKS),Microsoft Azure(AKS),and Alibaba Cloud(ACK),and confirmed that these issues could trigger service crashes.We have reported and confirmed these bugs with the Kubernetes community,and they have been addressed.
文摘加密型勒索软件通过加密用户文件来勒索赎金.现有的基于第一条加密应用编程接口(Application Programming Interface,API)的早期检测方法无法在勒索软件执行加密行为前将其检出.由于不同家族的勒索软件开始执行其加密行为的时刻各不相同,现有的基于固定时间阈值的早期检测方法仅能将少量勒索软件在其执行加密行为前准确检出.为进一步提升勒索软件检测的及时性,本文在分析多款勒索软件运行初期调用动态链接库(Dynamic Link Library,DLL)和API行为的基础上,提出了一个表征软件从开始运行到首次调用加密相关DLL之间的时间段的概念——运行初始阶段(Initial Phase of Operation,IPO),并提出了一个以软件在IPO内产生的API序列为检测对象的勒索软件早期检测方法,即基于API潜在语义的勒索软件早期检测方法(Ransomware Early Detection Method based on API Latent Semantics,REDMALS).REDMALS采集IPO内的API序列后,采用TF-IDF(Term Frequency-Inverse Document Frequency)算法以及潜在语义分析(Latent Semantic Analysis,LSA)算法对采集的API序列生成特征向量及提取潜在的语义结构,再运用机器学习算法构建检测模型用于勒索软件检测.实验结果显示运用随机森林算法的REDMALS在构建的变种测试集和未知测试集上可分别获得97.7%、96.0%的准确率,且两个测试集中83%和76%的勒索软件样本可在其执行加密行为前被检出.
文摘针对目前恶意软件检测分类方法在特征提取、检测准确率等方面面临的挑战,提出一种基于API分组重构与图像表示的恶意软件检测分类方法。首先,对恶意软件调用的API类别统一编号,将API指令序列中相同编号的API聚合为同一API组,根据恶意软件运行时各类API的首次调用顺序对API组重排序,将各API组的条目数记录为该类API对软件样本的贡献度。经分组重构后,各API组按序组织,其顺序为软件样本调用各类API的顺序。各API组内部有序,其内部各API的排列顺序即为软件样本对单个API的调用顺序。有序化的API分组有助于API指令序列信息的图像化表达。基于重组的API指令序列提取API编号作为全局特征列表、API贡献度作为局部特征列表、API顺序索引作为时序特征列表,对特征列表进行标准化与零填充,转化为统一尺寸的特征数组。其中,API编号能清晰地标识API类别,API贡献度可以表征该API的调用频繁程度,API顺序索引可区分各API被调用的顺序。然后,分别用3类特征数组填充RGB图像的3个通道,生成3通道的API编号贡献度及顺序索引特征图像(Feature image of API code devotion and sequential index,FimgCDS)。最后,将Fimg CDS特征图像输入自主构建的轻量型恶意软件特征图像卷积神经网络(malware feature image convolutional neural network,MficNN)分类器,实现对恶意软件的检测与分类。实验结果表明,本文方法在两类数据集上的检测分类准确率分别为98.66%和98.35%,具有较高的恶意软件检测分类性能指标和检测分类速度。
文摘logical testing model and resource lifecycle information,generate test cases and complete parameters,and alleviate inconsistency issues through parameter inference.Once again,we propose a method of analyzing test results using joint state codes and call stack information,which compensates for the shortcomings of traditional analysis methods.We will apply our method to testing REST services,including OpenStack,an open source cloud operating platform for experimental evaluation.We have found a series of inconsistencies,known vulnerabilities,and new unknown logical defects.
基金funded by the National Key R&D Program of China (2022YFE0115200)the Biodiversity Survey and the Assessment Project of the Ministry of Ecology and Environment, China (2019HJ2096001006)the National Animal Collection Resource Center, China。
文摘The Qinling Mountains, known for their rich vegetation and diverse pollinating insects, have seen a significant decline in bee species richness and abundance over recent decades, largely due to the introduction and spread of Apis mellifera. This decline has caused cascading effects on the region's community structure and ecosystem stability. To improve the protection of native bees in the natural and agricultural landscape of the Qinling Mountains and its surrounding areas, we investigated 33 sampling sites within three habitats: forest, forest-agriculture ecotones, and farmland. Using a generalized linear mixing model, t-test, and other data analysis methods, we explored the impact of Apis mellifera on local pollinator bee richness, abundance, and the pollination network in different habitats in these regional areas. The results show that(1)Apis mellifera significantly negatively affects the abundance and richness of wild pollinator bees,while Apis cerana abundance is also affected by beekeeping conditions.(2)There are significant negative effects of Apis mellifera on the community structure of pollinator bees in the Qinling Mountains and its surrounding areas: the Shannon-Wiener diversity index, Pielou evenness index, and Margalef richness index of bee communities at sites with Apis mellifera influence were significantly lower than those at sites without Apis mellifera influence.(3)The underlying driver of this effect is the monopolization of flowering resources by Apis mellifera. This species tends to visit flowering plants with large nectar sources, which constitute a significant portion of the local plant community. By maintaining a dominant role in the bee-plant pollination network, Apis mellifera competitively displaces native pollinator bees, reducing their access to floral resources. This ultimately leads to a reduction in local bee-plant interactions, decreasing the complexity and stability of the pollination network. These findings highlight the need for targeted conservation efforts to protect native pollinator species and maintain the ecological balance in the Qinling Mountains.
文摘The Cap Pushing Response (CPR) is a free-flying technique used to study learning and memory in honey bees (Apis mellifera). The series of experiments outlined in this paper aimed to test whether honey bees exhibit the cognitive concept of “expectancy” utilizing the CPR in a weight differentiation paradigm. Five previous experiments in our laboratory have explored whether the concept of expectancy can account for honey bee performance and have all failed to support the cognitive interpretation. The first experiment examined if bees could differentiate between the two caps in the amount of force they used to push the cap and the distance the cap was pushed when the caps were presented one at a time. The second experiment explored cap weight preference by presenting bees with a choice between the two caps. The third and fourth experiments tested the bee’s ability to expect reward or punishment based on cap weight. Results revealed that bees were found to have a strong preference for the light cap and therefore were not able to expect reward or punishment based on cap weight. These experiments contribute to the debate on whether bees have “cognitive” representations and continue to support the behaviorist interpretation.