Your search keyword '"JIANWEI QIAN"' showing total 14 results

1. AppDNA: Profiling App Behavior via Deep-Learning Function Call Graphs

Author

Shuangshuang Xue, Xiang-Yang Li, Lan Zhang, Anran Li, and Jianwei Qian

Subjects

Profiling (computer programming), Scheme (programming language), GeneralLiterature_INTRODUCTORYANDSURVEY, Computer science, business.industry, Deep learning, Subroutine, ENCODE, computer.software_genre, Machine learning, Computer Science Applications, Human-Computer Interaction, Categorization, mental disorders, Computer Science (miscellaneous), Malware, Artificial intelligence, business, Representation (mathematics), computer, Information Systems, computer.programming_language

Abstract

The growing number and diversity of applications make malware detection and app recommendation for users more challenging. In this work, we design a framework APPDNA to automatically generate a compact representation for each app to comprehensively profile its behaviors. The versatile representation can be generated once for each app, and then be used for a wide variety of objectives, including malware detection, app categorization and app version detection, etc. We propose to conduct a function-call-graph-based app profiling scheme based on a comprehensive and deep understanding of an app's behaviors. We design a graph-encoding method to convert a large function call graph to a 64-dimensional fixed length vector to achieve robust app profiling. Our extensive evaluations on 86,332 apps demonstrate that our approach performs app profiling with high accuracy and low computation cost: it takes about 46.5 seconds for one app to extract its function call graph; 0.68 seconds to encode a function call graph; it classifies all 4,024 (benign/malware) apps in around 5.06 seconds with accuracy about 93.07%; it classifies all 570 malicious apps' family (21 families in total) in around 0.83 seconds with accuracy 82.3%; it classifies 9,730 apps' functionality into 2 categories with accuracy 88.1%.

Published

2022

2. PatronuS: A System for Privacy-Preserving Cloud Video Surveillance

Author

Jianwei Qian, Haohua Du, Jiahui Hou, Linlin Chen, Xiang-Yang Li, and Taeho Jung

Subjects

Computer Networks and Communications, Computer science, business.industry, Event (computing), Data_MISCELLANEOUS, Inference, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Visualization, Privacy preserving, 0202 electrical engineering, electronic engineering, information engineering, State (computer science), Electrical and Electronic Engineering, business, computer

Abstract

Privacy has become one of the major concerns in cloud video surveillance. Privacy protection of the surveillance videos strive to protect users’ privacy information without hampering regular security tasks of the surveillance, meanwhile retains the system’s high accuracy and efficiency. The current state of the art in protecting the video privacy is mainly realized through Privacy Region Protection, which only protects the privacy regions while keeps the non-privacy regions visually intact so that processing in the cloud is still feasible. However, the problem of determining the privacy regions has been ignored and not properly addressed. In this paper, we propose a novel notion - concept graph , and with the aid of that, we develop our system – PatronuS to determine the privacy regions subject to satisfying both privacy and security requirements. We further propose an event distilling model and a privacy inference model to assist in determining specific privacy regions. And we evaluate PatronuS in real-world settings and demonstrate its efficiency in privacy protection without degrading system’s surveillance functionality.

Published

2020

3. Social Network De-Anonymization and Privacy Inference with Knowledge Graph Model

Author

Xiang-Yang Li, Chunhong Zhang, Taeho Jung, Linlin Chen, Junze Han, and Jianwei Qian

Subjects

021110 strategic, defence & security studies, Information privacy, Social network, Privacy by Design, De-anonymization, business.industry, Computer science, Privacy software, Data_MISCELLANEOUS, Knowledge engineering, Internet privacy, 0211 other engineering and technologies, Inference, 02 engineering and technology, Computer security, computer.software_genre, Inference attack, Electrical and Electronic Engineering, business, computer

Abstract

Social network data is widely shared, transferred and published for research purposes and business interests, but it has raised much concern on users’ privacy. Even though users’ identity information is always removed, attackers can still de-anonymize users with the help of auxiliary information. To protect against de-anonymization attack, various privacy protection techniques for social networks have been proposed. However, most existing approaches assume specific and restrict network structure as background knowledge and ignore semantic level prior belief of attackers, which are not always realistic in practice and do not apply to arbitrary privacy scenarios. Moreover, the privacy inference attack in the presence of semantic background knowledge is barely investigated. To address these shortcomings, in this work, we introduce knowledge graphs to explicitly express arbitrary prior belief of the attacker for any individual user. The processes of de-anonymization and privacy inference are accordingly formulated based on knowledge graphs. Our experiment on data of real social networks shows that knowledge graphs can power de-anonymization and inference attacks, and thus increase the risk of privacy disclosure. This suggests the validity of knowledge graphs as a general effective model of attackers’ background knowledge for social network attack and privacy preservation.

Published

2019

4. AccountTrade: Accountability Against Dishonest Big Data Buyers and Sellers

Author

Taeho Jung, Jiahui Hou, Wenchao Huang, Linlin Chen, Zhongying Qiao, Jianwei Qian, Junze Han, and Xiang-Yang Li

Subjects

021110 strategic, defence & security studies, Index (economics), Computer Networks and Communications, Computer science, business.industry, media_common.quotation_subject, Big data, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Set (abstract data type), Blame, Upload, Accountability, Overhead (computing), Safety, Risk, Reliability and Quality, business, computer, media_common

Abstract

In this paper, a set of accountable protocols denoted as AccountTrade is proposed for big data trading among dishonest consumers. For achieving a secure big data trading environment, AccountTrade achieves book-keeping ability and accountability against dishonest consumers throughout the trading (i.e., buying and selling) of datasets. We investigate the consumers’ responsibilities in the dataset trading, then we design AccountTrade to achieve accountability against dishonest consumers that are likely to deviate from the responsibilities. Specifically, a uniqueness index is defined and proposed, which is a new rigorous measurement of the data uniqueness for this purpose. Furthermore, several accountable trading protocols are presented to enable data brokers to blame the misbehaving entities when misbehavior is detected. The accountability of AccountTrade is formally defined, proved, and evaluated by an automatic verification tool as well as extensive simulation with real-world datasets. Our evaluation shows that AccountTrade incurs at most 10-kB storage overhead per file, and it is capable of 8–1000 concurrent data upload requests per server.

Published

2019

5. TODQA: Efficient Task-Oriented Data Quality Assessment

Author

Xie Yunting, Xiang Xiao, Anran Li, Xiang-Yang Li, Jianwei Qian, and Lan Zhang

Subjects

Computer science, media_common.quotation_subject, 02 engineering and technology, 010501 environmental sciences, computer.software_genre, 01 natural sciences, Data modeling, Data quality, Smart city, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, Information system, Task analysis, 020201 artificial intelligence & image processing, Quality (business), Data mining, Wireless sensor network, computer, 0105 earth and related environmental sciences, media_common

Abstract

Data quality assessment is vital for many information services ranging from sensor networks to smart city systems. The current data quality assessments, however, are often derived from intrinsic data characteristics, disconnected from specific application contexts, or are not applicable or efficient for large datasets. In this work, we propose a novel task-oriented data quality assessment framework, which balances between the intrinsic and contextual quality. We carefully craft the assessment metrics, quantify them, and fuse them to rank candidate datasets by quality given specific tasks. To improve the system efficiency, two fast calculation algorithms are designed to quantify the relationship between datasets and the task, and the distribution of data items. We conduct extensive evaluations on six public image datasets (with 460, 247 images in total) and four text document datasets (with 37, 372 documents in total) to evaluate the efficacy and efficiency of our design. Experimental results show that our algorithms can save about 90% computing time with little accuracy loss which validates the feasibility and effectiveness of our framework for large datasets.

Published

2019

6. Word-Fi: Accurate Handwrite System Empowered by Wireless Backscattering and Machine Learning

Author

Ning Xiao, Jianwei Qian, Xiang-Yang Li, Hao Zhou, Panlong Yang, Dong Ren, and Yizhuo Zhang

Subjects

Computer Networks and Communications, Computer science, business.industry, 010401 analytical chemistry, Physical layer, Weak signal, 020206 networking & telecommunications, Feature selection, 02 engineering and technology, Machine learning, computer.software_genre, 01 natural sciences, 0104 chemical sciences, Hardware and Architecture, Handwriting, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Artificial intelligence, business, Sensing system, Classifier (UML), computer, Software, Information Systems, Gesture

Abstract

Word-Fi is a handwriting input system, driven by wireless backscattering technology and machine learning methods. It could effectively mitigate the surrounding noise and extract the weak signals incurred by tiny writing gestures accurately. Leveraging our customized wireless backscattering system, Word-Fi could be noise tolerant across relatively complex environments, especially when multiple persons are presented around, which significantly differs from status quo wireless sensing systems that suffer from multi-user presentation. For weak signal extraction, Word- Fi incorporates an efficient feature selection scheme for classification and improves the classifier by fully exploiting the physical layer information. After using the word suggestion module, it could recognize writing words with fairly high accuracy (above 90 percent) across different volunteers (7-10).

Published

2018

7. ML defense

Author

Yu Wang, Jiahui Hou, Linlin Chen, Jianwei Qian, Haohua Du, and Xiang-Yang Li

Subjects

021110 strategic, defence & security studies, Service quality, Computer science, business.industry, 0211 other engineering and technologies, DeepFace, Cloud computing, 02 engineering and technology, Machine learning, computer.software_genre, 020202 computer hardware & architecture, Information sensitivity, Adversarial system, 0202 electrical engineering, electronic engineering, information engineering, Leverage (statistics), Confidentiality, Artificial intelligence, business, computer, Classifier (UML)

Abstract

Machine learning (ML) has shown its impressive performance in the modern world, and many corporations leverage the technique of machine learning to improve their service quality, e.g., Facebook's DeepFace. Machine learning models with a collection of private data being processed by a training algorithm are deemed to be increasingly confidential. Confidential models are typically trained in a centralized cloud server but publicly accessible. ML-as-a-service (MLaaS) system is one of running examples, where users are allowed to access trained models and are charged on a pay-per-query basis. Unfortunately, recent researchers have shown the tension between public access and confidential models, where adversarial access to a model is abused to duplicate the functionality of the model or even learn sensitive information about individuals (known to be in the training dataset). We conclude these attacks as prediction API threats for simplicity. In this work, we propose ML defense, a framework to defend against prediction API threats, which works as an add-on to existing MLaaS systems. To the best of our knowledge, this is the first work to propose a technical countermeasure to attacks trumped by excessive query accesses. Our methodology neither modifies any classifier nor degrades the model functionality (e.g., rounds results). The framework consists of one or more simulators and one auditor. The simulator learns the hidden knowledge of adversaries. The auditor then detects whether there exists a privacy breach. We discuss the intrinsic difficulties and empirically state the efficiency and feasibility of our mechanisms in different models and datasets.

Published

2019

8. Hidebehind

Author

Taeho Jung, Haohua Du, Xiang-Yang Li, Linlin Chen, Jianwei Qian, and Jiahui Hou

Subjects

Direct voice input, business.industry, Computer science, Data_MISCELLANEOUS, Usability, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, 030507 speech-language pathology & audiology, 03 medical and health sciences, User privacy, 0202 electrical engineering, electronic engineering, information engineering, Differential privacy, 020201 artificial intelligence & image processing, Android (operating system), 0305 other medical science, business, computer, Mobile device, Anonymity

Abstract

We are speeding toward a not-too-distant future when we can perform human-computer interaction using solely our voice. Speech recognition is the key technology that powers voice input, and it is usually outsourced to the cloud for the best performance. However, user privacy is at risk because voiceprints are directly exposed to the cloud, which gives rise to security issues such as spoof attacks on speaker authentication systems. Additionally, it may cause privacy issues as well, for instance, the speech content could be abused for user profiling. To address this unexplored problem, we propose to add an intermediary between users and the cloud, named VoiceMask, to anonymize speech data before sending it to the cloud for speech recognition. It aims to mitigate the security and privacy risks by concealing voiceprints from the cloud. VoiceMask is built upon voice conversion but is much more than that; it is resistant to two de-anonymization attacks and satisfies differential privacy. It performs anonymization in resource-limited mobile devices while still maintaining the usability of the cloud-based voice input service. We implement VoiceMask on Android and present extensive experimental results. The evaluation substantiates the efficacy of VoiceMask, e.g., it is able to reduce the chance of a user's voice being identified from 50 people by a mean of 84%, while reducing voice input accuracy no more than 14.2%.

Published

2018

9. Crowdlearning: Crowded Deep Learning with Data Privacy

Author

Jiahui Hou, Taeho Jung, Xiang-Yang Li, Jianwei Qian, Linlin Chen, and Haohua Du

Subjects

Information privacy, Contextual image classification, Artificial neural network, business.industry, Computer science, Deep learning, 020206 networking & telecommunications, 02 engineering and technology, 010501 environmental sciences, Machine learning, computer.software_genre, 01 natural sciences, Server, Pattern recognition (psychology), 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Artificial intelligence, business, computer, Mobile device, 0105 earth and related environmental sciences

Abstract

Deep Learning has shown promising performance in a variety of pattern recognition tasks owning to large quantities of training data and complex structures of neural networks. However conventional deep neural network (DNN) training involves centrally collecting and storing the training data, and then centrally training the neural network, which raises much privacy concerns for the data producers. In this paper, we study how to enable deep learning without disclosing individual data to the DNN trainer. We analyze the risks in conventional deep learning training, then propose a novel idea - Crowdlearning, which decentralizes the heavy- load training procedure and deploys the training into a crowd of computation-restricted mobile devices who generate the training data. Finally, we propose SliceNet, which ensures mobile devices can afford the computation cost and simultaneously minimize the total communication cost. The combination of Crowdlearning and SliceNet ensures the sensitive data generated by mobile devices never leave the devices, and the training procedure will hardly disclose any inferable contents. We numerically simulate our prototype of SliceNet which crowdlearns an accurate DNN for image classification, and demonstrate the high performance, acceptable calculation and communication cost, satisfiable privacy protection, and preferable convergence rate, on the benchmark DNN structure and dataset.

Published

2018

10. AccountTrade: Accountable protocols for big data trading against dishonest consumers

Author

Taeho Jung, Jianwei Qian, Jiahui Hou, Junze Han, Wenchao Huang, Linlin Chen, Xiang-Yang Li, and Cheng Su

Subjects

021110 strategic, defence & security studies, Index (economics), Computer science, business.industry, Internet privacy, Big data, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Upload, Accountability, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), 020201 artificial intelligence & image processing, business, computer

Abstract

We propose AccountTrade, a set of accountable protocols, for big data trading among dishonest consumers. To secure the big data trading environment, our protocols achieve book-keeping ability and accountability against dishonest consumers who may misbehave throughout the dataset transactions. Specifically, we study the responsibilities of the consumers in the dataset trading and design AccountTrade to achieve accountability against the dishonest consumers who may try to deviate from their responsibilities. Specifically, we propose uniqueness index, a new rigorous measurement of the data uniqueness, as well as several accountable trading protocols to enable data brokers to blame the dishonest consumer when misbehavior is detected. We formally define, prove, and evaluate the accountability of our protocols by an automatic verification tool as well as extensive evaluation in real-world datasets. Our evaluation shows that AccountTrade incurs negligible constant storage overhead per file (

Published

2017

11. Privacy Inference on Knowledge Graphs: Hardness and Approximation

Author

Shaojie Tang, Xiang-Yang Li, Jianwei Qian, Taeho Jung, and Huiqi Liu

Subjects

Information privacy, Computer science, Privacy software, Reliability (computer networking), Approximation algorithm, Inference, 02 engineering and technology, Computer security, computer.software_genre, Data modeling, Information sensitivity, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer, Personally identifiable information

Abstract

The rapid information propagation facilitates our work and life without precedent in history, but it has tremendously exaggerated the risk and consequences of privacy invasion. Today's attackers are becoming more and more powerful in gathering personal information from many sources and mining these data to further uncover users' privacy. A great number of previous works have shown that, with adequate background knowledge, attackers are even able to infer sensitive information that is not revealed to anyone malicious before. In this paper, we model the attacker's knowledge using a knowledge graph and formally define the privacy inference problem. We show its #P-hardness and design an approximation algorithm to perform privacy inference in an iterative fashion, which also reflects real-life network evolution. The simulations on two data sets demonstrate the feasibility and efficacy of privacy inference using knowledge graphs.

Published

2016

12. Graph-based privacy-preserving data publication

Author

Jianwei Qian, Taeho Jung, Linlin Chen, Xiang-Yang Li, and Chunhong Zhang

Subjects

Computer science, Privacy software, Data_MISCELLANEOUS, Graph based, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Data modeling, Privacy preserving, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Graph (abstract data type), Data mining, computer, Anonymity

Abstract

We propose a graph-based framework for privacy preserving data publication, which is a systematic abstraction of existing anonymity approaches and privacy criteria. Graph is explored for dataset representation, background knowledge specification, anonymity operation design, as well as attack inferring analysis. The framework is designed to accommodate various datasets including social networks, relational tables, temporal and spatial sequences, and even possible unknown data models. The privacy and utility measurements of the anonymity datasets are also quantified in terms of graph features. Our experiments show that the framework is capable of facilitating privacy protection by different anonymity approaches for various datasets with desirable performance.

Published

2016

13. A Differentially Private Selective Aggregation Scheme for Online User Behavior Analysis

Author

Shaojie Tang, Fudong Qiu, Jianwei Qian, Na Ruan, Guihai Chen, and Fan Wu

Subjects

Scheme (programming language), Information privacy, Computer science, business.industry, Privacy software, Aggregate (data warehouse), Cryptography, Service provider, Computer security, computer.software_genre, Data aggregator, business, computer, computer.programming_language

Abstract

Online user behavior analysis is becoming increasingly important, and offers valuable information to analysts for developing better e-commerce strategies. However, it also raises significant privacy concerns. Recently, growing efforts have been devoted to protecting the privacy of individuals while data aggregation is performed, which is a critical operation in behavior analysis. Unfortunately, existing methods allow very limited aggregation over user data, such as allowing only summation, which hardly satisfies the need of behavior analysis. In this paper, we propose a scheme PPSA, which encrypts users' sensitive data to prevent privacy leakage from both analysts and the aggregation service provider, and fully supports selective aggregate functions for differentially private data analysis. We have implemented our design and evaluated its performance using a trace-driven evaluation based on an online behavior dataset. Evaluation results show that our scheme effectively supports various selective aggregate queries with acceptable computation and communication overheads.

Published

2015

14. Privacy-Preserving Selective Aggregation of Online User Behavior Data

Author

Fudong Qiu, Guihai Chen, Na Ruan, Shaojie Tang, Fan Wu, and Jianwei Qian

Subjects

Information privacy, business.industry, Computer science, Privacy software, Homomorphic encryption, 020206 networking & telecommunications, 02 engineering and technology, Service provider, Encryption, Computer security, computer.software_genre, Theoretical Computer Science, Data aggregator, Computational Theory and Mathematics, Hardware and Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Differential privacy, The Internet, business, computer, Software

Abstract

Tons of online user behavior data are being generated every day on the booming and ubiquitous Internet. Growing efforts have been devoted to mining the abundant behavior data to extract valuable information for research purposes or business interests. However, online users’ privacy is thus under the risk of being exposed to third-parties. The last decade has witnessed a body of research works trying to perform data aggregation in a privacy-preserving way. Most of existing methods guarantee strong privacy protection yet at the cost of very limited aggregation operations, such as allowing only summation, which hardly satisfies the need of behavior analysis. In this paper, we propose a scheme PPSA, which encrypts users’ sensitive data to prevent privacy disclosure from both outside analysts and the aggregation service provider, and fully supports selective aggregate functions for online user behavior analysis while guaranteeing differential privacy. We have implemented our method and evaluated its performance using a trace-driven evaluation based on a real online behavior dataset. Experiment results show that our scheme effectively supports both overall aggregate queries and various selective aggregate queries with acceptable computation and communication overheads.

Published

2016