Abstract:Stochastic optimization algorithms are recognized as essential for addressing large-scale data and complex models in machine learning. Among these, variance reduction methods, such as the STORM algorithm, have gained attention for their ability to achieve optimal convergence rates of $ {\mathrm{O}}\left({T}^{-1/3}\right) $. However, traditional variance reduction methods typically depend on specific problem parameters (e.g., the smoothness constant, noise variance, and gradient upper bound) for setting the learning rate and momentum, limiting their practical applicability. To overcome this limitation, this study proposes an adaptive variance reduction method based on a normalization technique, which eliminates the need for prior knowledge of problem parameters while maintaining optimal convergence rates. Compared to existing adaptive variance reduction methods, the proposed approach offers several advantages: (1) no reliance on additional assumptions, such as bounded gradients, bounded function values, or excessively large initial batch sizes; (2) the achievement of the optimal convergence rate of $ {\mathrm{O}}\left({T}^{-1/3}\right) $without extra term of $ {\mathrm{O}}\left(\mathrm{log}T\right)$; (3) a concise and straightforward proof, facilitating extensions to other stochastic optimization problems. The superiority of the proposed method is further validated through numerical experiments, demonstrating enhanced performance when compared to other approaches.

Abstract:Blockchain has shown strong vitality in the field of cryptocurrency investment, attracting the participation of a large number of investors. However, due to the anonymity of blockchain, it induces a lot of fraud, among which the Ponzi scheme smart contract is a typical fraudulent investment activity, causing huge economic losses for investors. Therefore, the detection of Ponzi scheme contracts on Ethereum becomes particularly important. Nevertheless, most existing studies have ignored control flow information in the source code of Ponzi scheme contracts. To extract more semantic and structural information from Ponzi scheme contracts, this study proposes a Ponzi scheme contract detection model based on code control flow graph. First, the model constructs the obtained contract source code in the form of a control flow diagram. Then, key features including data flow information and code structure information are extracted by the Word2Vec algorithm. Considering that the functions of each smart contract are different and the length of the code varies significantly, resulting in a large difference in the extracted feature vectors. In this study, feature vectors generated by different smart contracts are aligned so that all feature vectors have the same dimension, which is convenient for subsequent processing. Secondly, the feature learning module based on graph convolution and Transformer is utilized to introduce multi-head attention mechanism to learn the dependency of node features. Finally, the multilayer perceptron is used to identify the Ponzi scheme contract. By comparing the proposed model with the traditional graph feature learning model on the dataset provided by the Xblock website, the performance of the multi-head attention mechanism introduced by the model is verified. Experimental results demonstrate that this model effectively improves the ability to detect Ponzi scheme contracts.

Abstract:The application of artificial intelligence technology has extended from relatively static tasks such as classification, translation, and question answering to relatively dynamic tasks that require a series of “interaction-action” with the environment to be completed, like autonomous driving, robotic control, and games. The core of the model for executing such tasks is the sequential decision-making (SDM) algorithm. As it faces higher uncertainties of the environment and interaction and these tasks are often safety-critical systems, the testing techniques are confronted with great challenges. The existing testing technologies for intelligent algorithm models mainly focus on the reliability of a single model, the generation of diverse test scenarios for complex tasks, simulation testing, etc., while no attention is paid to the “interaction-action” decision sequence of the SDM model, leading to unadaptability or low cost-effectiveness. In this study, a fuzz testing method named IIFuzzing for intervening in the execution of inert “interaction-action” decision sequences is proposed. In the fuzz testing framework, by learning the “interaction-action” decision sequence pattern, the inert “interaction-action” decision sequences that will not trigger failure accidents are predicted and the testing execution of such sequences is terminated to improve the testing efficiency. The experimental evaluations are conducted in four common test configurations, and the results show that compared with the latest fuzz testing for SDM models, IIFuzzing can detect 16.7%–54.5% more failure accidents within the same time, and the diversity of accidents is also better than that of the baseline approach.

Abstract:The current mainstream mode of software development is the supply chain-level reuse of open-source software and components. It avoids repetitive development, reduces research and development costs, and enhances development efficiency. However, it inevitably brings about issues such as unknown component sources, unclear component compositions, unidentified component vulnerabilities, and license violations. To address these issues, researchers propose software bill of materials (SBOM). SBOM provides a detailed list of software components and their relationships, reveals potential and known threats, and makes software transparent. Since its proposal, research on SBOM by researchers both at home and abroad mainly focus on its current status, applications, and tools, lacking theoretical and systematic research. This study presents a comprehensive review of the background, basic concepts, generation techniques, tools and performance analysis, applications, challenges, and trends of SBOM. It also proposes the new concept of SBOM+, which integrates fine-grained security vulnerability perception and license conflict detection. The aim is to provide support for researchers engaged in SBOM, software development, and supply chain security from the perspectives of concepts, technologies, tools, applications, and development.

Abstract:Mobile applications, a new computing mode that has emerged in the past decade, significantly impact people’s lifestyles. Mobile applications primarily interact through graphical user interfaces (GUIs) and conducting manual testing for them requires significant manpower and material resources. In response to this, researchers propose automated GUI test generation techniques for mobile applications to enhance testing efficiency and detect potential defects. This study collects 145 relevant papers and systematically sorts out, analyzes, and summarizes existing work. This study proposes a research framework called “Test Generator-Test Environment” to categorize research in this domain based on the modules to which it belongs. Particularly, this study classifies existing methods roughly into five categories according to the methods on which the test generator is based: random-based, heuristic-search-based, model-based, machine-learning-based, and test-migration-based approaches. Furthermore, this study analyzes and discusses existing methods from other classification dimensions, such as defect categories and test action categories. Additionally, influential datasets and open-source tools in this field are compiled. Finally, this study summarizes the current challenges and provides an outlook on future research directions.

Abstract:Design pattern detection is an essential research topic in software engineering. Many scholars both domestically and internationally have dedicated their efforts to researching and resolving design pattern detection, thereby yielding fruitful results. This study reviews the current technologies in software design pattern detection and points out their prospects. Firstly, this study briefly introduces the development history of software design pattern detection, discusses the objects of design pattern detection, summarizes the feature types of design patterns, and provides the evaluation indexes of design pattern detection. Then, the existing classification methods for design pattern detection techniques are summarized, and the classification method proposed in this study is introduced. Next, according to the development timeline of design pattern detection technologies, the research status and latest advancements of current software design pattern detection technologies are discussed from three approaches, including non-machine learning design pattern detection, machine learning design pattern detection, and design pattern detection based on pre-trained language models, with the current achievements summarized and compared. Finally, the main problems and challenges in this field are analyzed, and further research directions and potential solutions are pointed out. Covering contents from early non-machine learning methods and utilization of machine learning technologies to the application of modern pre-trained language models, this study comprehensively and systematically presents the development history, latest advancements, and prospects of this field. It provides valuable guidance for future research directions and ideas within this area.

Abstract:With the continuous deepening of research on the security and privacy of deep learning models, researchers find that model stealing attacks pose a tremendous threat to neural networks. A typical data-dependent model stealing attack can use a certain percentage of real data to query the target model and train an alternative model locally to steal the target model. Since 2020, a novel data-free model stealing attack method has been proposed, which can steal and attack deep neural networks simply by using fake query examples generated by generative models. Since it does not rely on real data, the data-free model stealing attack can cause more serious damage. However, the diversity and effectiveness of the query examples constructed by the current data-free model stealing attack methods are insufficient, and there are problems of a large number of queries and a relatively low success rate of the attack during the model stealing process. Therefore, this study proposes a vision feature decoupling-based model stealing attack (VFDA), which decouples and generates the visual features of the query examples generated during the data-free model stealing process by using a multi-decoder structure, thus improving the diversity of query examples and the effectiveness of model stealing. Specifically, VFDA uses three decoders to respectively generate the texture information, region encoding, and smoothing information of query examples to complete the decoupling of visual features of query examples. Secondly, to make the generated query examples more consistent with the visual features of real examples, the sparsity of the texture information is limited and the generated smoothing information is filtered. VFDA exploits the property that the representational tendency of neural networks depends on the image texture features, and can generate query examples with inter-class diversity, thus effectively improving the similarity of model stealing and the success rate of the attack. In addition, VFDA adds intra-class diversity loss to the smoothed information of query samples generated through decoupling to make the query samples more consistent with real sample distribution. By comparing with multiple model stealing attack methods, the VFDA method proposed in this study has better performance in the similarity of model stealing and the success rate of the attack. In particular, on the GTSRB and Tiny-ImageNet datasets with high resolution, the attack success rate is respectively improved by 3.86% and 4.15% on average compared with the currently better EBFA method.

Abstract:In the face of the severe security risks posed by Android malware, effective Android malware detection has become the focus of common concern in both the industry and academia. However, with the emergence of Android adversarial example techniques, existing malware detection systems are facing unprecedented challenges. Android malware adversarial example attacks can bypass existing malware detection models by perturbing the source code or characteristics of malware while keeping its original functionality inact. Despite substantial research on adversarial example attacks against malware, there is still a lack of a comprehensive review specifically focusing on adversarial example attacks in the Android system at present, and the unique requirements for adversarial example design within the Android system are not studied. Therefore, this study begins by introducing the fundamental concepts of Android malware detection. It then classifies existing Android adversarial example techniques from various perspectives and provides an overview of the development sequence of Android adversarial example techniques. Subsequently, it reviews Android adversarial example techniques in recent years, introduces representative work in different categories and analyzes their pros and cons. Furthermore, it categorizes and introduces common means of code perturbation in Android adversarial example attacks, and analyzes their application scenarios. Finally, it discusses the challenges faced by Android malware adversarial example techniques, and envisions future research directions in this emerging field.

Abstract:Advances of IoT (Internet of Thing) generate a sheer volume of floating-point time series data, which poses great challenges in storing and transmitting these data. To this end, floating-point time series data compression is extremely crucial. It can be classified into lossy and lossless compression based on data reversibility. Lossy compression methods achieve a better compression ratio by discarding some data information and are suitable for applications with lower precision requirements. Lossless compression methods, while reducing data size, retain all data information, which is essential for applications that require maintaining data integrity and accuracy. In addition, to meet the requirements of real-time monitoring on edge devices, streaming compression algorithms emerge. Current review studies on time series compression encounter issues such as incomplete sorting, unclear line of thought, single classification standards, and lack of inclusion of relatively new and representative algorithms. Time series compression algorithms over the years are divided into lossy compression and lossless compression. Then, different algorithm frameworks are further distinguished, including those based on data representation, prediction, machine learning, and transformation. Meanwhile, the compression characteristics of streaming and batch processing are summarized. Then, the design ideas of various compression algorithms are deeply analyzed, and the development context diagrams of these algorithms are presented. Next, the advantages and disadvantages of various algorithms are compared with experiments. Finally, common application scenarios are summarized. Future research is envisioned.

Abstract:Heterogeneous graphs, which can effectively capture the complex and diverse relationships between entities in the real world, play a crucial role in many domains. Heterogeneous graph representation learning aims to map the information in graphs into a low-dimensional space, so as to capture the deep semantic associations between nodes and support downstream tasks such as node classification and clustering. This study presents a comprehensive review of the latest research progress in heterogeneous graph representation learning, covering both methodological advancements and real-world applications. It first formally defines the concept of heterogeneous graphs and discusses the key challenges in heterogeneous graph representation learning. From the perspectives of shallow models and deep models. It then systematically reviews the mainstream methods for heterogeneous graph representation learning, with a particular focus on deep models. Especially for deep models, they are categorized and analyzed from the perspective of heterogeneous graph transformation. The strengths, limitations, and application scenarios of various methods are thoroughly analyzed, aiming to provide readers with a holistic research perspective. Furthermore, the commonly used datasets and tools in the field of heterogeneous graph representation learning are introduced, and their applications in the real world are discussed. Finally, the main contributions of this study are summarized and the outlook on the future research directions in this area is presented. This study intends to offer researchers a comprehensive understanding of the field of heterogeneous graph representation learning, laying a solid foundation for future research and application.