SELinux (Security-Enhanced Linux) enforces mandatory access control (MAC) according to policies. However, due to the inherent complexity of systems, real-world SELinux policies often become intricate, comprising thousands of statements, making manual verification of their correctness and security challenging. In addition, certain environments with stringent security requirements demand the formal verification of policies. While existing policy tools primarily focus on specific aspects of policy analysis, such as integrity and consistency, they lack a unified approach to satisfy diverse requirements. Essentially, their capabilities are limited, and formal guarantees are often absent.
To address these issues, we have comprehensively formalized the semantics of the SELinux policy language in the framework. This approach provides a universal foundation for specifying various requirements, benefiting policy managers and policy tool developers. Furthermore, employing this approach, we have introduced a powerful tool named K-SELinux. This tool enables comprehensive analysis of SELinux policies, encompassing integrity, consistency, completeness, policy queries, policy optimization, and more. Notably, it provides excellent extensibility, enabling the seamless development of additional functions to address evolving needs.
To demonstrate the practicality and effectiveness of our tool, we conducted testing on real-world policies. The tests revealed several crucial issues, including contradictions arising from indirect information flow and incomplete entity restrictions.
As software systems grow in complexity, the importance of efficient defect detection escalates, becoming vital to maintain software quality. In recent years, artificial intelligence technology has boomed. In particular, with the proposal of Large Language Models (LLMs), researchers have found the huge potential of LLMs to enhance the performance of software defect detection. This review aims to elucidate the relationship between LLMs and software defect detection. We categorize and summarize existing research based on the distinct applications of LLMs in dynamic and static detection scenarios. Dynamic detection methods are categorized based on the different phases in which they employ LLMs, such as using them for test case generation, providing feedback guidance, and conducting output assessment. Static detection methods are classified according to whether they analyze the source code or the binary of the software under test. Furthermore, we investigate the prompt engineering and model fine-tuning strategies adopted within these studies. Finally, we summarize the emerging trend of integrating LLMs into software defect detection, identify challenges to be addressed and prospect for some potential research directions.
Crowdsourcing provides a flexible approach for leveraging human intelligence to solve large-scale problems, gaining widespread acceptance in domains like intelligent information processing, social decision-making, and crowd ideation. However, the uncertainty of participants significantly compromises the answer quality, sparking substantial research interest. Existing surveys predominantly concentrate on quality control in Boolean tasks, which are generally formulated as simple label classification, ranking, or numerical prediction. Ubiquitous open-ended tasks like question-answering, translation, and semantic segmentation have not been sufficiently discussed. These tasks usually have large to infinite answer spaces and non-unique acceptable answers, posing significant challenges for quality assurance. This survey focuses on quality control methods applicable to open-ended tasks in crowdsourcing. We propose a two-tiered framework to categorize related works. The first tier presents a comprehensive overview of the quality model, covering essential aspects including tasks, workers, answers, and the system. The second tier further refines this classification by breaking it down into more detailed categories: ‘quality dimensions’, ‘evaluation metrics’, and ‘design decisions’. This breakdown provides deeper insights into the internal structure of the quality control model for each aspect. We thoroughly investigate how these quality control methods are implemented in state-of-the-art works and discuss key challenges and potential future research directions.
Domain Generalization (DG) aims to learn a well-generalized model for unseen target domains from multiple observed source domains. Most current approaches, e.g., domain-invariant representation, typically focus on learning a universal sample-to-label mapping (function) across domains and have achieved impressive performance. Nonetheless, they usually overlook semantically intrinsic domain-specific information, resulting in limited generalizability. For compensation, in this paper, we adopt a novel standpoint, that is, a domain can be regarded as a meta-sample sampling from a certain meta-distribution, namely an environment distribution. With this perspective, in DG, functions learned from individual domains can be seen as a collective set of functional samples. Consequently, we can establish a meta-function, mapping from the environment to functions, to induce specific functions for unseen domains from the above function set effectively. To achieve this meta-function, we propose a learning paradigm based on Gaussian process with theoretical guarantee, namely Generalization Process for Domain Generalization (GPDG). Specifically, analogous to traditional Gaussian process, we describe the inference process in DG as Gaussian process fed with samples and their corresponding domain distributions. Furthermore, we employ a domain augmentation strategy to refine its smoothness. Extensive experiments are constructed to demonstrate the effectiveness of GPDG.
Sequential recommendation is an important research task in the field of recommendation systems, where precise modeling of the dynamic evolution of user interests from historical interactions is essential for enhancing performance. To address the limitations of existing methods in capturing the diversity of long-term interests, the dynamics of short-term user interest, and the hierarchical relationship between them, this paper proposes an end-to-end hierarchical long and short-term sequential recommendation model. First, the proposed model leverages a dynamic routing mechanism to adaptively aggregate users’ long-term historical interactions, generating a multi-vector representation of long-term user preference. Simultaneously, a self-attention mechanism is employed to aggregate short-term interaction sequences, effectively capturing short-term user interest. In addition, a hierarchical matching mechanism is designed to align long and short-term user interest, mining the long-term user preference most relevant to the current short-term user interest through similarity-based extraction, and fusing them using time encoding to produce the final user preference representation. Finally, a prediction framework based on attention mechanisms integrates both long-term user preference and short-term interaction information to achieve efficient sequential recommendation. The experimental results indicate that the proposed method achieves significantly better performance than existing state-of-the-art sequential recommendation models across multiple evaluation metrics, validating its effectiveness and superiority.
Knowledge Distillation (KD) could transfer the “dark knowledge” of a well-performed yet large neural network to a weaker but lightweight one. From the view of output logits and softened probabilities, this paper goes deeper into the dark knowledge provided by teachers with different capacities. Two fundamental observations are: (1) a larger teacher tends to produce probability vectors with lower distinction among non-ground-truth classes; (2) teachers with different capacities are basically consistent in their cognition of relative class affinity. Through abundant experimental studies we verify these observations and provide in-depth empirical explanations to them. We argue that the distinctness among incorrect classes embodies the essence of dark knowledge. A larger and more accurate teacher lacks this distinctness, which hampers its teaching ability compared to a smaller teacher, ultimately leading to the peculiar phenomenon named “capacity mismatch”. Building on this insight, this paper explores multiple simple yet effective ways to address capacity mismatch, achieving superior experimental results compared to previous approaches.
Social network alignment (SNA) aims to match corresponding users across different platforms, playing a critical role in cross-platform behavior analysis, personalized recommendations, security, and privacy protection. Traditional methods based on attribute and structural features face significant challenges due to the sparsity, heterogeneity, and dynamic nature of social networks, resulting in limited accuracy and efficiency. Recent advances in graph representation learning (GRL) provide promising solutions to these issues by leveraging deep learning to extract network features, effectively addressing sparsity, integrating heterogeneous data, and adapting to network dynamics. This paper presents a comprehensive survey of SNA methods based on GRL. We first introduce key definitions and outline a framework for SNA using GRL. Next, we systematically review state-of-the-art advancements in both static and dynamic networks, considering homogeneous and heterogeneous settings, including emerging approaches integrating large language models (LLMs). We further conduct an in-depth comparative analysis, highlighting the effectiveness of different GRL-based methods, with a particular emphasis on LLM-enhanced techniques. Finally, we discuss open challenges and outline potential future research directions in this rapidly evolving field.
The maximum edge weighted clique (MEWC) problem is a generalization of the maximum clique problem and has widely been applied to model lots of problems arising in real-world applications. Due to its NP-hardness, previous work can hardly solve instances with large sizes. To further improve the performance of MEWC algorithms on massive instances, we develop a novel exact algorithm by combining the branch-and-bound framework and two main ideas, which is called BnBM. First, applying the two-level independent set partition a tighter upper bound is proposed to prune branches and improve the efficiency. Second, to remove as many redundant vertices as possible, a fast reduction mechanism is applied during the search. Extensive experiments are conducted to evaluate the performance of our algorithm. On the 139 real-world large instances, within the same cutoff time (7200 seconds), our proposed BnBM solves 24 instances more than the state-of-the-art exact solvers. Meanwhile, considering the efficiency BnBM achieves a speedup on 75 out of 139 instances. However, for 8 instances BnBM is slower than state-of-the-art solvers, and we conduct a deep analysis of the branching process and find the main reasons are the data structure and the structure of the original graph.
The cyber-attack diagnosability (CA-diagnosability) of discrete event systems (DESs) assess the ability to diagnose issues when an attacker interferes with sensor-to-diagnostic communication. This paper introduces a novel cyclic model (CM), which increases the efficiency of checking the system’s CA-diagnosability without constructing the diagnoser. We first initiate an innovative algorithm, the detection of cycles (DC), to get cyclic information for constructing the CM. Subsequently, we expand upon the concept of critical observations to diagnosability checking and propose the getting critical observations (GCO) algorithm. Finally, in the proposal of the CM-based CA-diagnos-ability checking (CMDIC) algorithm, we delineate the sufficient and necessary conditions for CA-diagnosability within the CM framework and offer an analysis of its algorithmic complexity. We demonstrates findings with an example of faults in a power system’s protection relay and circuit breaker. Experimental results on different benchmarks demonstrate that our approach significantly outperforms the state-of-the-art methods in multi-fault systems, with an average improvement of over 95%. In the best-case scenarios, the improvement can reach up to two orders of magnitude.