Towards Practical Program Analysis: Introspection and Adaptation

Friday, February 24, 2017 - 10:30 am
300 Main B101
COLLOQUIUM Department of Computer Science and Engineering University of South Carolina Shiyi Wei Abstract Software is ubiquitous. As its importance grows, the mistakes made by programmers have an increasingly negative effect, leading to critical failures and security exploits. As software complexity and diversity grows, such negative effects become even more likely. Automated program analysis has the potential to help. A program analysis tool approximates possible executions of a program, and thereby can discover otherwise hard-to-find errors. However, significant challenges must still be overcome to make program analysis tools practical for real-world software. I have gained substantial experience in building novel program analysis tools whose aim is to produce more secure and reliable software. Recently, I have focused on the challenge of building analysis tools that perform well (i.e., can analyze realistic code in a reasonable amount of time) and are precise (i.e., do not produce too many "false alarms"). To this end, I have developed an approach that systematically uncovers sources of imprecision and performance bottlenecks in program analysis. The goal is to significantly reduce the time-consuming manual effort otherwise required during analysis design process. In addition, I have designed an adaptive analysis, in which appropriate techniques are selected based on the coding styles of the target programs. Selection is based on heuristics derived from a machine learning algorithm. The idea is that precise techniques can be deployed only as where and when they are needed, leading to a better balance overall. Shiyi Wei is a post-doctoral associate at University of Maryland, College Park. He obtained his Ph.D. in Computer Science from Virginia Tech in 2015, and B.E. in Software Engineering from Shanghai Jiao Tong University in 2009. His research interests span the areas of Programming Languages, Software Engineering and Security. The goal of his research is to make program analysis practical for improving the security and reliability of real-world software. He has published articles at top venues in his areas of interest, such as PLDI, FSE, ECOOP, and ISSTA. He has interned at IBM T. J. Watson Research Center.

Data-Driven Applications in Smart Cities - Data and Energy Management in Microgrids

Monday, February 20, 2017 - 10:45 am
Swearingen 1A03 (Faculty Lounge)
COLLOQUIUM Department of Computer Science and Engineering University of South Carolina Zhichuan Huang Abstract The White House announced Smart Cities Initiative with $160 million investment to address emerging challenges in this inevitable urbanization. Under the scope of this initiative, my work addresses emerging problems in the smart energy systems in connected communities with a data-driven approach, including sensing hardware design, streaming data collection to data analytics and privacy, system modeling and control, application design and deployments. In this talk, I will focus on an example of data driven solutions for data and energy management in smart grids. I will first show how to collect the energy data from large-scale deployed low cost smart meters and minimize the communication and storage overhead. Then I will show how we can conduct energy data analytics with the collected energy data and utilize data analytics results for real-time energy management in a microgrid to minimize the operational cost. Finally, I will present real-world impact of my research and some future work about CPS in smart cities. Zhichuan Huang is a Ph.D. candidate in Department of Computer Science and Electrical Engineering at University of Maryland, Baltimore County. He is interested in incorporating big data analytics in Cyber-Physical Systems (also known as Internet of Things under some contexts) for data driven applications in Smart Connected Communities. His current focus is on data driven solutions for smart energy systems including from sensing hardware design, streaming data collection to data analytics and privacy, system modeling and control, application design and deployments. His technical contributions have led to more than 20 papers, featuring 14 first-author papers in premier venues, e.g., IEEE BigData, ICCPS, IPSN, RTSS and best paper runner-up in BuildSys 2014.

Security Analytics for Defeating Automated Internet-scale Threats

Friday, February 17, 2017 - 10:30 am
300 Main B101
Computer Science and Engineering Colloquium Abstract: Billions of devices are connected to the Internet today, significantly changing the threat landscape by lending adversaries unprecedented resources to launch automated attacks, and requiring new threat analysis and defenses. In this talk, I will argue that big data analytics can play an important role in securing the Internet, and exemplify my argument with applications to distributed denial of service (DDoS), malware analysis, and massively multiplayer online role-playing game (MMORPG) bot detection. First, I will present an analytical view of 50,000 unique and verified DDoS attacks on services on the Internet. I will show how adversaries’ spatiotemporal traits follow predictable patterns, consecutive attacks follow certain patterns allowing prediction of future threat, and attackers are highly collaborative. Second, I will show how big data analytics are applied to malware analysis and software behavior profiling, and demonstrate optimizations to scale such analytics. Third, I will discuss an analytics framework for game bot detection in MMORPG using self-similarity of user behavior. By applying this framework to three large online games, I demonstrate how this analytics approach can be used to extract general features of behavior and effectively detect game bots in practice. I will conclude by highlighting my vision of how this analytics approach can be applied to realize effective and proactive defenses, and extended for other applications. Bio: Aziz Mohaisen is an Assistant Professor of Computer Science at the University at Buffalo. The current focus of his research is building security analytics for understanding and defending threat in software and networks, with applications to Malware, DDoS, DNS, MMORPG, IoT, Blockchain, etc. His work has been supported by various awards from NSF, NRF, AFRL and AFOSR. He was the recipient of the US Air Force Summer Faculty Fellowship (2016). Before joining UB in 2015, he was a senior research scientist at Verisign Labs in the Washington D.C. area (2012-2015) and a Research Engineer at ETRI in South Korea (2007-2009). He earned his M.Sc. and Ph.D. in Computer Science from the University of Minnesota in 2012, and was a recipient of the Doctoral Dissertation Fellowship (2011). Aziz is an avid (ultra)marathoner, and when not doing research or running, he likes to explore the world with his three growing kids.

Protecting Services from Security Mis-configuration

Friday, February 3, 2017 - 02:20 pm
Swearingen 2A31
Speaker: Dr. Ron Addie Abstract: It is understood that ICT security can be defined and enforced through rules. In this work, the concept of rules which define and ensure users' access to services is introduced. Examples of how service is hindered by otherwise sensible security rules are presented. The concept of service protection policies is introduced. We use ns3 and Click in simulations to check the consistency of aggregate security policy by checking that service protection rules are valid. We show that these can improve the performance of the network experienced by users and increase network security. Short Bio: Ron Addie received his BSc degree from Monash University in 1972 and completed his PhD at Monash University in the area of semi-Markov queues in 1986. From 1972 to 1992, he worked in Telstra Research Laboratories where he was involved in the development of ATM, teletraffic, and network analysis and design. In 1992 he moved to the University of Southern Queensland, where he holds the position of Associate Professor. His current research interests include queueing theory for long-range dependent traffic, rare event simulation, layered network design, network analysis, design and simulation software and security of web information systems. He is the author or co-author of many journal and conference papers, primarily in the area of communications, with more 1000 citations (according to Google Scholar).

Mobile Application for Shipping Goods for Individuals and Truckers in India

Friday, January 6, 2017 - 09:30 am
Dean’s Conference room, Swearingen.
THESIS DEFENSE Department of Computer Science and Engineering University of South Carolina Author : Sendurr Selvaraj Advisor : Dr. Jianjun Hu Date : Jan 6th 2017 Time : 09:30 am – 10:30 am Place : Dean’s Conference room, Swearingen. Abstract India is a vast country with majority of its cities and towns connected through roads. Road transportation contributes to 86% share of the freight transport of the country with trucking companies dominating the entire space. With growing economy and demands raising, the quality of service of the trucking company remains poor. The major reasons are unorganized practice and lack of transparency. Moreover, limited access for customers to reach out to truckers to transport their goods. This thesis aims to create a platform for customers and truckers to realize their needs with a help of a mobile application. Customers can search for truckers nearest to their location based on their needs. In addition, customers can also post their transport requirements which can be viewed by truckers. Truckers have options to update their travel plan well in advance making sure they run on full capacity. The application captures customers’ ratings for truckers thus building truckers’ creditability and in-turn improving quality of service. The platform provides a transparent mode of communication between customers and truckers on finalizing prices and eliminating middlemen, who in reality would draw commissions. The scope of the application can be extended to advertisement feeds, deals and truck sales as a revenue generation model to bare its operational cost.

ACM Code-A-Thon

Friday, November 18, 2016 - 07:00 pm
Swearingen 1D11
The ACM Code-A-Thon starts Tonight, Friday November 18 at 7:00PM and will end Tomorrow night, Saturday November 19 at 7:00PM. You are not required to show up at the physical event in order to compete and you can leave whenever you'd like, but there will be pizza and drinks for those who do come by Swearingen 1D11 for a portion of the competition. CSCE145: https://www.hackerrank.com/usc-acm-145-code-a-thon-2016 CSCE146: https://www.hackerrank.com/usc-acm-146-code-a-thon-2016 CSCE240: https://www.hackerrank.com/usc-acm-240-code-a-thon-2016 CSCE350+: https://www.hackerrank.com/usc-acm-350-code-a-thon-2016 A Raspberry Pi will be given to the first place winners for each division. To be eligible to win a prize you MUST compete in the division in which class you are enrolled or the highest corresponding course. For example, if you are enrolled in CSCE240 and CSCE350 this semester you must compete in CSCE350+. However, if you are enrolled in CSCE145 and wish to compete in the CSCE350+ division that is fine, but you should be aware the the questions are much harder and the competition will be more fierce. The contest link for each division will let you sign up at anytime but you will not be able to access the problems until 7PM tonight. Each contest will close at 7PM tomorrow night. Please RSVP to this Facebook event so we can have an accurate number of those who wish to attend/participate: https://www.facebook.com/events/206021163169583/ Email me at vmcquinn@email.sc.edu if you have any questions about the contest in general. If you have questions about the problems during the contest please contest William Hoskins (hoskins.w.h@gmail.com) or Daniel Pade (djpade@gmail.com). Good luck everyone! Tori McQuinn

5th Gamecock Computing Research Symposium

Friday, November 18, 2016 - 01:30 pm
Amoco Hall
In this symposium, CSE Ph.D., master and undergraduate students will give poster presentations to report their research progress. You are welcome to attend this event, hear their presentations and discuss with them on their research topics. Food/drinks will be provided. This year, we will have our poster presentations in Faculty Lounge (1A03 Swearingen). Here is the agenda: 1:30 - 2:20 Poster set-up in Faculty Lounge (Swearingen 1A03) 2:20 - 3:20 Poster presentations in Faculty Lounge by CSE Students 3:20 - 4:15 Awards and faculty presentations in Amoco Hall

Positioning commuters and Shoppers Through Sensing and Correlation

Thursday, November 10, 2016 - 04:15 pm
Swearingen 3A75
DISSERTATION DEFENSE Department of Computer Science and Engineering University of South Carolina Author : Rufeng Meng Advisor : Dr. Srihari Nelakuditi Abstract Positioning is a basic and important need in many scenarios of human daily activities. With position information, multifarious services could be vitalized to benefit all kinds of users, from individuals to organizations. This dissertation proposes solutions to address the need of positioning in people’s daily life from two aspects: transportation and shopping. All the solutions are smart-device-based (e.g. smartphone, smartwatch), which could potentially benefit most users considering the prevalence of smart devices. In positioning relevant activities, the components and their movement information could be sensed by different entities from diverse perspectives. The mechanisms presented in this dissertation treat the information collected from one perspective as reference and match it against the data collected from other perspectives to acquire absolute or relative position, in spatial as well as temporal dimension. To help drivers improve safety and ease the tension from driving, two correlated systems, Omni View and Driver talk, are provided. These systems infer the relative positions of the vehicles moving together by matching the appearance images of the vehicles seen by each other, which help drivers maintain safe distance from surrounding vehicles and also give them opportunities to precisely convey driving related messages to targeted peer drivers. To improve bus-riding experience for passengers of public transit systems, RideSense is developed. This system correlates the sensor traces collected by both passengers’ smart devices and reference devices in buses to position passengers’ bus-riding, spatially and temporally. With this system, passengers could be billed without any explicit interaction with conventional ticketing facilities in bus system, which makes the transportation system more efficient. For shopping activities, AutoLabel comes into play, which could position customers with regard to stores. AutoLabel constructs a mapping between WiFi vectors and semantic names of stores through correlating the text decorated inside stores with those on stores’ websites. Later, through WiFi scanning and a lookup in the mapping, customers’ smart devices could automatically recognize the semantic names of the stores they are in or nearby. Therefore, AutoLabel-enabled smart device serves as a bridge of information flow between business owners and customers, which could benefit both sides.

Hydro-Geological Flow Analysis using Hidden Markov Model

Tuesday, November 8, 2016 - 10:00 pm
3D05 Swearingen
THESIS DEFENSE Department of Computer Science and Engineering University of South Carolina Author : Chandrahas Raj G. Venkat Advisor : Dr. Rose ABSTRACT Hidden Markov Models are class of statistical models used in various disciplines for understanding speech, finding different types of genes responsible for cancer and many more. In this thesis, Hidden Markov Models are used to obtain hidden states that can correlate the flow changes in the Wakulla Spring Cave. Sensors installed in the tunnels of Wakulla Spring Cave recorded huge correlated changes in the water flows at numerous tunnels. Assuming the correlated flow changes are a consequence of system being in a set of discrete states, a Hidden Markov Model is calculated. This model comprising all the sensors installed in these conduits can help understand the correlations among the flows at each sensor and estimate the hidden states. In this thesis, using the Baum - Welch algorithm and observations from the sensors hidden states are calculated for the model. The generated model can help identify the set of discrete states for the quantized flow rates at each sensor. The hidden states can predict the correlated flow changes. This document further validates the assumption of the system being in a set of discrete states.

Blind Change Point Detection and Regime Segmentation Using Gaussian Process Regression

Monday, November 7, 2016 - 03:00 pm
300 Main, A228
THESIS DEFENSE Department Of Computer Science and Engineering University of South Carolina Sourav Das ABSTRACT Time-series analysis is used heavily in modelling and forecasting weather, economics, medical data as well as in various other fields. Change point detection (CPD) means finding abrupt changes in the time-series when the statistical property of a certain part of it starts to differ. CPD has attracted a lot of attention in the artificial intelligence, machine learning and data mining communities. In this thesis, a novel CPD algorithm is introduced for segmenting multivariate time-series data. The proposed algorithm is a general pipeline to process any high dimensional multivariate time-series data using non-linear non-parametric dynamic system. It consists of manifold learning technique for dimensionality reduction, Gaussian process regression to model the non-linear dynamics of the data and predict the next possible time-step, as well as outlier detection based on Mahalanobis distance to determine the change points. The performance of the new CPD algorithm is assessed on synthetic as well as real-world data for validation. The pipeline is used on economic data to predict recession. Finally, functional magnetic resonance imaging (fMRI) data of larval zebrafish is used to segment regions of homogeneous brain activity.