Using existing source code as third-party code to build new software systems becomes very popular in these days. However, many existing code is keeping on updating during their life circle. Different versions of code, even out-dated, is reused by other software and spreading all over the world. This paper presents an empirical study on the reuse of out-dated third-party source code of several famous open source libraries. Given target source code, using repository mining techniques and file clone detection techniques, we identified the different versions of code in other user projects, and discovered the vulnerability information of the out-dated versions. We also investigated how user projects manage their code. The result shows that a large proportion of open source projects are reusing out-dated third-party code, and many of them are not well managed.
We present a method for detecting community structures based on centrality value and node closeness. Many real world networks possess a scale-free property. This property makes community detection difficult especially on the widely used algorithms that are based on modularity optimization. However, in our algorithm, communities are formed from hub nodes. Thus communities with scale-free property can be identified correctly. The method does not contain any random element, nor requires pre-determined number of communities. Our experiments showed that our algorithm is better than algorithms based on modularity optimization in both real world and computer generated scale-free datasets.
This paper presents a simple yet effective approach to sentence-level uncertainty detection which does not require cue word annotation. Unlike previous works, the proposed method focuses on cue selection, decoupling it from disambiguation and by optimizing it over sentence hedging error rate. High performance for the task is achieved in experiments, even for settings with poor disambiguation, without cue annotation and with otherwise unreliable corpora from a machine learning point-of-view.
This paper presents a new approach to estimate the kinematic structure underlying a sequence of 3D dynamic surfaces reconstructed from multi-view video. The key idea is a mesoscopic surface characterization with a tree-structure constraint. Combined with different levels of surface characterizations, namely macroscopic and microscopic characterizations, our mesoscopic surface characterization can cope with shape estimation errors and global topology changes of 3D surfaces from the real world to estimate kinematic structure. The macroscopic analysis focuses on global surface topology to perform temporal segmentation of 3D video sequence into topologically-coherent sub-sequences. The microscopic analysis operates at the mesh structure level to provide temporally consistent mesh structures using a surface alignment method on each of the topologically-coherent sub-sequences. Then, the mesoscopic analysis extracts rigid parts from the preprocessed 3D video segments to establish partial kinematic structures, and integrates them into a single unified kinematic model. Quantitative evaluations using synthesized and real data demonstrate the performance of the proposed algorithm for kinematic structure estimation.
Fake antivirus (AV) software, a kind of malware, pretends to be a legitimate AV product and frightens computer users by showing fake security alerts, as if their computers were infected with malware. In addition, fake AV urges users to purchase a “commercial” version of the fake AV. In this paper, we search for an indicator that captures behavioral differences in legitimate AV and fake AV. The key insight behind our approach is that legitimate AV behaves differently in clean and infected environments, whereas fake AV behaves similarly in both environments, because it does not analyze malware in the infected environments. We have investigated three potential indicators, file access pattern, CPU usage, and memory usage, and found that memory usage is an effective indicator to distinguish legitimate AV from fake AV. In an experiment, this indicator identifies all fake AV samples (39 out of 39) as fake and all legitimate AV products (8 out of 8) as legitimate. It is impractical for fake AV to evade this indicator because to do so would require it to detect malware infections, just as legitimate AV does.