Message franking is introduced by Facebook in end-to-end encrypted messaging services. It allows to produce verifiable reports of malicious messages by including cryptographic proofs, called reporting tags, generated by Facebook. Recently, Grubbs et al. (CRYPTO'17) proceeded with the formal study of message franking and introduced committing authenticated encryption with associated data (CAEAD) as a core primitive for obtaining message franking. In this work, we aim to enhance the security of message franking and introduce forward security and updates of reporting tags for message franking. Forward security guarantees the security associated with the past keys even if the current keys are exposed and updates of reporting tags allow for reporting malicious messages after keys are updated. To this end, we firstly propose the notion of key-evolving message franking with updatable reporting tags including additional key and reporting tag update algorithms. Then, we formalize five security requirements: confidentiality, ciphertext integrity, unforgeability, receiver binding, and sender binding. Finally, we show a construction of forward secure message franking with updatable reporting tags based on CAEAD, forward secure pseudorandom generator, and updatable message authentication code.

This paper proposes an algorithm for estimating the location of wireless access points (APs) in indoor environments to realize smartphone positioning based on Wi-Fi without pre-constructing a database. The proposed method is designed to overcome the main problem of existing positioning methods requiring the advance construction of a database with coordinates or precise AP location measurements. The proposed algorithm constructs a local coordinate system with the first four APs that are activated in turn, and estimates the AP installation location using Wi-Fi round-trip time (RTT) lateration and the ranging results between the APs. The effectiveness of the proposed algorithm is confirmed by conducting experiments in a real indoor environment consisting of two rooms of different sizes to evaluate the positioning performance of the algorithm. The experimental results showed the proposed algorithm using Wi-Fi RTT lateration delivers high smartphone positioning performance without a pre-constructed database or precise AP location measurements.

Resource limitations require that bugs be resolved efficiently. The bug modification process uses bug reports, which are generated from service user reports. Developers read these reports and fix bugs. Developers discuss bugs by posting comments directly in bug reports. Although several studies have investigated the initial report in bug reports, few have researched the comments. Our research focuses on bug reports. Currently, everyone is free to comment, but the bug fixing time may be affected by how to comment. Herein we investigate the topic of comments in bug reports. Mixed topics do not affect the bug fixing time. However, the bug fixing time tends to be shorter when the discussion length of the phenomenon is short.

In the statistic en-route filtering, each report generation node must collect a certain number of endorsements from its neighboring nodes. However, at some point, a node may fail to collect an insufficient number of endorsements since some of its neighboring nodes may have dead batteries. This letter presents a report generation method that can enhance the generation process of sensing reports under such a situation. Simulation results show the effectiveness of the proposed method.

A multi-band wireless local area network (WLAN) enables flexible use of multiple frequency bands. To efficiently monitor radio resources in multi-band WLANs, a distributed-sensing system that employs a number of stations (STAs) is considered to alleviate sensing constraints at access points (APs). This paper examines the distributed sensing that expands the sensing coverage area and monitors multiple object channels by employing STA-based sensing. To avoid issuing unnecessary reports, each STA autonomously judges whether it should make a report by comparing the importance of its own sensing result and that of the overheard report. We address how to efficiently collect the necessary sensing information from a large number of STAs. We propose a reactive reporting scheme that is highly scalable by the number of STAs to collect such sensing results as the channel occupancy ratio. Evaluation results show that the proposed scheme keeps the number of reports low even if the number of STAs increases. Our proposed sensing scheme provides large sensing coverage.

Cyber attacks targeting specific victims use multiple intrusion routes and various attack methods. In order to combat such diversified cyber attacks, Threat Intelligence is attracting attention. Attack activities, vulnerability information and other threat information are gathered, analyzed and organized in threat intelligence and it enables organizations to understand their risks. Integrated analysis of the threat information is needed to compose the threat intelligence. Threat information can be found in incident reports published by security vendors. However, it is difficult to analyze and compare their reports because they are described in various formats defined by each vendor. Therefore, in this paper, we apply a modeling framework for analyzing and deriving the relevance of the reports from the views of similarity and relation between the models. This paper presents the procedures of modeling incident information described in the reports. Moreover, as case studies, we apply the modeling method to some actual incident reports and compare their models.

Analyzing a malware sample requires much more time and cost than creating it. To understand the behavior of a given malware sample, security analysts often make use of API call logs collected by the dynamic malware analysis tools such as a sandbox. As the amount of the log generated for a malware sample could become tremendously large, inspecting the log requires a time-consuming effort. Meanwhile, antivirus vendors usually publish malware analysis reports (vendor reports) on their websites. These malware analysis reports are the results of careful analysis done by security experts. The problem is that even though there are such analyzed examples for malware samples, associating the vendor reports with the sandbox logs is difficult. This makes security analysts not able to retrieve useful information described in vendor reports. To address this issue, we developed a system called AMAR-Generator that aims to automate the generation of malware analysis reports based on sandbox logs by making use of existing vendor reports. Aiming at a convenient assistant tool for security analysts, our system employs techniques including template matching, API behavior mapping, and malicious behavior database to produce concise human-readable reports that describe the malicious behaviors of malware programs. Through the performance evaluation, we first demonstrate that AMAR-Generator can generate human-readable reports that can be used by a security analyst as the first step of the malware analysis. We also demonstrate that AMAR-Generator can identify the malicious behaviors that are conducted by malware from the sandbox logs; the detection rates are up to 96.74%, 100%, and 74.87% on the sandbox logs collected in 2013, 2014, and 2015, respectively. We also present that it can detect malicious behaviors from unknown types of sandbox logs.

Once a bug is reported, it is a major concern whether or not the bug is resolved (closed) soon. This paper examines seven metrics quantifying the amount of clues to the early close of reported bugs through a case study. The results show that one of the metrics, the similarity to already-closed bug reports, is strongly related to early-closed bugs.

Many software development teams usually tend to focus on maintenance activities in general. Recently, many studies on bug severity prediction have been proposed to help a bug reporter determine severity. But they do not consider the reporter's expression of emotion appearing in the bug report when they predict the bug severity level. In this paper, we propose a novel approach to severity prediction for reported bugs by using emotion similarity. First, we do not only compute an emotion-word probability vector by using smoothed unigram model (UM), but we also use the new bug report to find similar-emotion bug reports with Kullback-Leibler divergence (KL-divergence). Then, we introduce a new algorithm, Emotion Similarity (ES)-Multinomial, which modifies the original Naïve Bayes Multinomial algorithm. We train the model with emotion bug reports by using ES-Multinomial. Finally, we can predict the bug severity level in the new bug report. To compare the performance in bug severity prediction, we select related studies including Emotion Words-based Dictionary (EWD)-Multinomial, Naïve Bayes Multinomial, and another study as baseline approaches in open source projects (e.g., Eclipse, GNU, JBoss, Mozilla, and WireShark). The results show that our approach outperforms the baselines, and can reflect reporters' emotional expressions during the bug reporting.

Bug report summarization has been explored in past research to help developers comprehend important information for bug resolution process. As text mining technology advances, many summarization approaches have been proposed to provide substantial summaries on bug reports. In this paper, we propose an enhanced summarization approach called TSM by first extending a semantic model used in AUSUM with the anthropogenic and procedural information in bug reports and then integrating the extended semantic model with the shallow textual information used in BRC. We have conducted experiments with a dataset of realistic software projects. Compared with the baseline approaches BRC and AUSUM, TSM demonstrates the enhanced performance in achieving relative improvements of 34.3% and 7.4% in the F1 measure, respectively. The experimental results show that TSM can effectively improve the performance.

Investigative reports plagiarized from the web should be eliminated because such reports result in ineffective knowledge construction. In this study, we developed an investigative report writing support system for effective knowledge construction from the web. The proposed system attempts to prevent plagiarism by restricting copying and pasting information from web pages. With this system, students can verify information through web browsing, externalize their constructed knowledge as notes for report materials, write reports using these notes, and remove inadequacies in the report by reflection. A comparative experiment showed that the proposed system can potentially prevent web page plagiarism and make knowledge construction from the web more effective compared to a conventional report writing environment.

Wireless Sensor Networks (WSNs) are randomly deployed in a hostile environment and left unattended. These networks are composed of small auto mouse sensor devices which can monitor target information and send it to the Base Station (BS) for action. The sensor nodes can easily be compromised by an adversary and the compromised nodes can be used to inject false vote or false report attacks. To counter these two kinds of attacks, the Probabilistic Voting-based Filtering Scheme (PVFS) was proposed by Li and Wu, which consists of three phases; 1) Key Initialization and assignment, 2) Report generation, and 3) En-route filtering. This scheme can be a successful countermeasure against these attacks, however, when one or more nodes are compromised, the re-distribution of keys is not handled. Therefore, after a sensor node or Cluster Head (CH) is compromised, the detection power and effectiveness of PVFS is reduced. This also results in adverse effects on the sensor network's lifetime. In this paper, we propose a Fuzzy Rule-based Key Redistribution Method (FRKM) to address the limitations of the PVFS. The experimental results confirm the effectiveness of the proposed method by improving the detection power by up to 13.75% when the key-redistribution period is not fixed. Moreover, the proposed method achieves an energy improvement of up to 9.2% over PVFS.

The bug reports expressed in natural language text usually suffer from vast, ambiguous and poorly written, which causes the challenge to the duplicate bug reports detection. Current automatic duplicate bug reports detection techniques have mainly focused on textual information and ignored some useful factors. To improve the detection accuracy, in this paper, we propose a new approach calls LNG (LDA and N-gram) model which takes advantages of the topic model LDA and word-based model N-gram. The LNG considers multiple factors, including textual information, semantic correlation, word order, contextual connections, and categorial information, that potentially affect the detection accuracy. Besides, the N-gram adopted in our LNG model is improved by modifying the similarity algorithm. The experiment is conducted under more than 230,000 real bug reports of the Eclipse project. In the evaluation, we propose a new evaluation metric, namely exact-accuracy (EA) rate, which can be used to enhance the understanding of the performance of duplicates detection. The evaluation results show that all the recall rate, precision rate, and EA rate of the proposed method are higher than treating them separately. Also, the recall rate is improved by 2.96%-10.53% compared to the state-of-art approach DBTM.

In cognitive radio (CR), superposition cooperative spectrum sensing (SPCSS) is able to offer a much improved sensing reliability compared to individual sensing. Because of the differences in sensing channel condition, the reporting order for each cognitive radio user (CU) will highly affect the sensing performance of the network. In this paper, we propose an algorithm to assign the best reporting order to each CU in order to maximize sensing performance under SPCSS. The numerical results show that the proposed scheme can obtain the same performance as the optimal scheme.

Software products are increasingly complex, so it is becoming more difficult to find and correct bugs in large programs. Software developers rely on bug reports to fix bugs; thus, bug-tracking tools have been introduced to allow developers to upload, manage, and comment on bug reports to guide corrective software maintenance. However, the very high frequency of duplicate bug reports means that the triagers who help software developers in eliminating bugs must allocate large amounts of time and effort to the identification and analysis of these bug reports. In addition, classifying bug reports can help triagers arrange bugs in categories for the fixers who have more experience for resolving historical bugs in the same category. Unfortunately, due to a large number of submitted bug reports every day, the manual classification for these bug reports increases the triagers' workload. To resolve these problems, in this study, we develop a novel technique for automatic duplicate detection and classification of bug reports, which reduces the time and effort consumed by triagers for bug fixing. Our novel technique uses a support vector machine to check whether a new bug report is a duplicate. The concept profile is also used to classify the bug reports into related categories in a taxonomic tree. Finally, we conduct experiments that demonstrate the feasibility of our proposed approach using bug reports extracted from the large-scale open source project Mozilla.

This paper presents an efficient algorithm for reporting all intersections among n given segments in the plane using work space of arbitrarily given size. More exactly, given a parameter s which is between Ω(1) and O(n) specifying the size of work space, the algorithm reports all the segment intersections in roughly O(n2/+ K) time using O(s) words of O(log n) bits, where K is the total number of intersecting pairs. The time complexity can be improved to O((n2/s) log s + K) when input segments have only some number of different slopes.

The performance of cooperative spectrum sensing (CSS) is limited not only by the imperfect sensing channels but also by the imperfect reporting channels. In order to improve the transmission reliability of the reporting channels, an object based cooperative spectrum sensing scheme with best relay (Pe-BRCS) is proposed, in which the best relay is selected by minimizing the total reporting error probability to improve the sensing performance. Numerical results show that, the reduced total reporting error probability and the improved sensing performance can be achieved by the Pe-BRCS scheme.

A novel cooperative spectrum sensing scheme suitable for wireless cognitive radio system with imperfect reporting channels is proposed. In the proposed scheme, binary local decision bits are transmitted to the fusion center and combined to form a soft-valued decision statistics in the fusion center. To form a decision statistics, a majority-decision-aided weighting rule is proposed. The proposed scheme provides a reliable sensing capability even with poor reporting channels.

The wireless sensor network (WSN) is a technology that senses environmental information and provides appropriate services to users. There are diverse application areas for WSNs such as disaster prevention, military, and facility management. Despite the many prospective applications, WSN s are vulnerable to various malicious attacks. In false report attacks, a malicious attacker steals a few sensor nodes and obtains security materials such as authentication keys from the nodes. The attacker then injects false event reports to the network through the captured nodes. The injected false reports confuse users or deplete the limited energy of the nodes in the network. Many filtering schemes have been proposed to detect and remove false reports. In the statistical en route filtering (SEF) scheme, each node shares authentication keys selected from a global key pool. Due to the limited memory, each node is able to store only a small portion of the global key pool. Therefore, the routing paths of the event reports significantly affect the filtering (i.e., detecting) probability of false reports. In this paper, we propose a method to determine the routing paths of event reports both hop by hop and on demand at each node. In this method, each node chooses the next node on the path from the event source to the sink node based on the key indexes of its neighbor nodes. Experiments show that the proposed method is far more energy efficient than the SEF when the false traffic ratio (FTR) is ≥ 50% in the network.

Report generation is one of the most important tasks for database and e-commerce applications. Current report tools typically provide a set of predefined components that are used to specify report layout and format. However, available layout options are limited, and WYSIWYG formatting is not allowed. This paper proposes a four-phase report generation process to overcome these problems. The first phase retrieves source tables from the database. The second phase reorganizes the layout of the source tables by transferring the source tables into a set of new flat tables (in the first normal form). The third phase restructures the flat tables into a nested table (report) by specifying the report structure. The last phase formats the report with a WYSIWYG format editor supporting a number of formatting rules designed specifically for nested reports. Each phase of the proposed process supports visual programming, giving an easy-to-use user interface and allowing very flexible report layouts and formats. A visual end-user-programming tool, called TPS, is developed to demonstrate the proposed process and show that reports with sophisticated layouts can be created without writing low-level report generation programs.