Write a Blog >>
ICSE 2022
Sun 8 - Fri 27 May 2022
Mon 9 May 2022 21:00 - 21:05 at ICSE room 3-odd hours - Software Security 3 Chair(s): Nancy Mead
Wed 11 May 2022 12:00 - 12:05 at ICSE room 2-even hours - Software Security 8 Chair(s): Barbara Russo

Context: Machine learning-based security detection models have become prevalent in modern malware and intrusion detection systems. However, previous studies show that such models are susceptible to adversarial evasion attacks. In this type of attack, inputs (i.e., adversarial examples) are specially crafted by intelligent malicious adversaries, with the aim of being misclassified by existing state-of-the-art models (e.g., deep neural networks). Once the attackers can fool a classifier to think that a malicious input is actually benign, they can render a machine learning-based malware or intrusion detection system ineffective.

Objective: To help security practitioners and researchers build a more robust model against non-adaptive, white-box and non-targeted adversarial evasion attacks through the idea of ensemble model.

Method: We propose an approach called Omni, the main idea of which is to explore methods that create an ensemble of “unexpected models”; i.e., models whose control hyperparameters have a large distance to the hyperparameters of an adversary’s target model, with which we then make an optimized weighted ensemble prediction.

Results: In studies with five types of adversarial evasion attacks (FGSM, BIM, JSMA, DeepFool and Carlini-Wagner) on five security datasets (NSL-KDD, CIC-IDS-2017, CSE-CIC-IDS2018, CICAndMal2017 and the Contagio PDF dataset), we show Omni is a promising approach as a defense strategy against adversarial attacks when compared with other baseline treatments.

Conclusions: When employing ensemble defense against adversarial evasion attacks, we suggest to create ensemble with unexpected models that are distant from the attacker’s expected model (i.e., target model) through methods such as hyperparameter optimization.

Mon 9 May

Displayed time zone: Eastern Time (US & Canada) change

21:00 - 22:00
21:00
5m
Talk
Omni: automated ensemble with unexpected models against adversarial evasion attack
Journal-First Papers
Rui Shu North Carolina State University, Tianpei Xia North Carolina State University, Laurie Williams North Carolina State University, Tim Menzies North Carolina State University
Link to publication DOI Media Attached
21:05
5m
Talk
What are Weak Links in the npm Supply Chain?
SEIP - Software Engineering in Practice
Nusrat Zahan North Carolina State University, Laurie Williams North Carolina State University, Thomas Zimmermann Microsoft Research, Patrice Godefroid Microsoft Research, USA, Brendan Murphy Microsoft Research, Chandra Sekhar Maddila Microsoft Research
Pre-print Media Attached
21:10
5m
Talk
Automated Detection of Password Leakage from Public GitHub RepositoriesNominated for Distinguished Paper
Technical Track
Runhan Feng Shanghai Jiao Tong University, Ziyang Yan Shanghai Jiao Tong University, Shiyan Peng Shanghai Jiao Tong University, Yuanyuan Zhang Shanghai Jiao Tong University
Pre-print Media Attached
21:15
5m
Talk
Log-based Anomaly Detection with Deep Learning: How Far Are We
Technical Track
Van-Hoang Le The University of Newcastle, Hongyu Zhang University of Newcastle
DOI Pre-print
21:20
5m
Talk
Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware
Technical Track
Michael Cao University of British Columbia, Khaled Ahmed University of British Columbia (UBC), Julia Rubin University of British Columbia
Pre-print Media Attached
21:25
5m
Talk
What the Fork? Finding Hidden Code Clones in npm
Technical Track
Elizabeth Wyss University of Kansas, Lorenzo De Carli Worcester Polytechnic Institute, Drew Davidson University of Kansas
DOI Pre-print Media Attached

Wed 11 May

Displayed time zone: Eastern Time (US & Canada) change

12:00 - 13:00
12:00
5m
Talk
Omni: automated ensemble with unexpected models against adversarial evasion attack
Journal-First Papers
Rui Shu North Carolina State University, Tianpei Xia North Carolina State University, Laurie Williams North Carolina State University, Tim Menzies North Carolina State University
Link to publication DOI Media Attached
12:05
5m
Talk
What are Weak Links in the npm Supply Chain?
SEIP - Software Engineering in Practice
Nusrat Zahan North Carolina State University, Laurie Williams North Carolina State University, Thomas Zimmermann Microsoft Research, Patrice Godefroid Microsoft Research, USA, Brendan Murphy Microsoft Research, Chandra Sekhar Maddila Microsoft Research
Pre-print Media Attached
12:10
5m
Talk
Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware
Technical Track
Michael Cao University of British Columbia, Khaled Ahmed University of British Columbia (UBC), Julia Rubin University of British Columbia
Pre-print Media Attached
12:15
5m
Talk
What the Fork? Finding Hidden Code Clones in npm
Technical Track
Elizabeth Wyss University of Kansas, Lorenzo De Carli Worcester Polytechnic Institute, Drew Davidson University of Kansas
DOI Pre-print Media Attached
12:20
5m
Talk
Less is More: Supporting Developers in Vulnerability Detection during Code Review
Technical Track
Larissa Braz University of Zurich, Christian Aeberhard University of Zurich, Gül Calikli University of Glasgow, Alberto Bacchelli University of Zurich
Link to publication DOI Pre-print Media Attached File Attached
12:25
5m
Talk
A Grounded Theory Based Approach to Characterize Software Attack Surfaces
Technical Track
sara moshtari Rochester Institute of Technology, Ahmet Okutan Rochester Institute of Technology, Mehdi Mirakhorli Rochester Institute of Technology
Pre-print Media Attached

Information for Participants
Mon 9 May 2022 21:00 - 22:00 at ICSE room 3-odd hours - Software Security 3 Chair(s): Nancy Mead
Info for room ICSE room 3-odd hours:

Click here to go to the room on Midspace

Wed 11 May 2022 12:00 - 13:00 at ICSE room 2-even hours - Software Security 8 Chair(s): Barbara Russo
Info for room ICSE room 2-even hours:

Click here to go to the room on Midspace