Kevin Leach's research while affiliated with Vanderbilt University and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (54)
p>Binary code analysis and comprehension is critical to applications in reverse engineering and computer security tasks where source code is not available. Unfortunately, unlike source code, binary code lacks semantics and is more difficult for human engineers to understand and analyze. Limited work has explored incorporating multiple program repre...
p>Binary code analysis and comprehension is critical to applications in reverse engineering and computer security tasks where source code is not available. Unfortunately, unlike source code, binary code lacks semantics and is more difficult for human engineers to understand and analyze. Limited work has explored incorporating multiple program repre...
The RVL-CDIP benchmark is widely used for measuring performance on the task of document classification. Despite its widespread use, we reveal several undesirable characteristics of the RVL-CDIP benchmark. These include (1) substantial amounts of label noise, which we estimate to be 8.1% (ranging between 1.6% to 16.9% per document category); (2) pre...
A binary's behavior is greatly influenced by how the compiler builds its source code. Although most compiler configuration details are abstracted away during compilation, recovering them is useful for reverse engineering and program comprehension tasks on unknown binaries, such as code similarity detection. We observe that previous work has thoroug...
Compiled binary executables are often the only available artifact in reverse engineering, malware analysis, and software systems maintenance. Unfortunately, the lack of semantic information like variable types makes comprehending binaries difficult. In efforts to improve the comprehensibility of binaries, researchers have recently used machine lear...
Traditional kernel updates such as perfective maintenance and vulnerability patching requires shutting the system down, disrupting continuous execution of applications. Enterprises and researchers have proposed various live updating techniques to patch the kernel with lower downtime to reduce the loss of useful uptime. However, existing kernel live...
The standard task-oriented dialogue pipeline uses intent classification and slot-filling to interpret user utterances. While this approach can handle a wide range of queries, it does not extract the information needed to handle more complex queries that contain relationships between slots. We propose integration of relation extraction into this pip...
The ability of a document classifier to handle inputs that are drawn from a distribution different from the training distribution is crucial for robust deployment and generalizability. The RVL-CDIP corpus is the de facto standard benchmark for document classification, yet to our knowledge all studies that use this corpus do not include evaluation o...
Compiled software is delivered as executable binary code. Developers write source code to express the software semantics, but the compiler converts it to a binary format that the CPU can directly execute. Therefore, binary code analysis is critical to applications in reverse engineering and computer security tasks where source code is not available...
Neural clone detection has attracted the attention of software engineering researchers and practitioners. However, most neural clone detection methods do not generalize beyond the scope of clones that appear in the training dataset. This results in poor model performance, especially in terms of model recall. In this paper, we present an Abstract Sy...
Interest in dialog systems has grown substantially in the past decade. By extension, so too has interest in developing and improving intent classification and slot-filling models, which are two components that are commonly used in task-oriented dialog systems. Moreover, good evaluation benchmarks are important in helping to compare and analyze syst...
Dialog systems must be capable of incorporating new skills via updates over time in order to reflect new use cases or deployment scenarios. Similarly, developers of such ML-driven systems need to be able to add new training data to an already-existing dataset to support these new skills. In intent classification systems, problems can arise if train...
The increasing volume of commercially available conversational agents (CAs) on the market has resulted in users being burdened with learning and adopting multiple agents to accomplish their tasks. Though prior work has explored supporting a multitude of domains within the design of a single agent, the interaction experience suffers due to the large...
Mental health problems are highly prevalent and appear to be increasing in frequency and severity among the college student population. The upsurge in mobile and wearable wireless technologies capable of intense, longitudinal tracking of individuals, provide valuable opportunities to examine temporal patterns and dynamic interactions of key variabl...
During the past decade, virtualization-based (e.g., virtual machine introspection) and hardware-assisted approaches (e.g., x86 SMM and ARM TrustZone) have been used to defend against low-level malware such as rootkits. However, these approaches either require a large Trusted Computing Base (TCB) or they must share CPU time with the operating system...
Understanding how developers carry out different computer science activities with objective measures can help to improve productivity and guide the use and development of supporting tools in software engineering. In this article, we present two controlled experiments involving 112 students to explore multiple computing activities (code comprehensio...
There is a growing body of malware samples that evade automated analysis and detection tools. Malware may measure fingerprints ("artifacts") of the underlying analysis tool or environment and change their behavior when artifacts are detected. While analysis tools can mitigate artifacts to reduce exposure, such concealment is expensive. However, not...
We report the discussion session at the sixth international Genetic Improvement workshop, GI-2019 @ ICSE, which was held as part of the 41st ACM/IEEE International Confer- ence on Software Engineering on Tuesday 28th May 2019. Topics included GI representations, the maintainability of evolved code, automated software testing, future areas of GI res...
During the past decade, virtualization-based (e.g., virtual machine introspection) and hardware-assisted approaches (e.g., x86 SMM and ARM TrustZone) have been used to defend against low-level malware such as rootkits. However, these approaches either require a large Trusted Computing Base (TCB) or they must share CPU time with the operating system...
Task-oriented dialog systems need to know when a query falls outside their range of supported intents, but current text classification corpora only define label sets that cover every example. We introduce a new dataset that includes queries that are out-of-scope---i.e., queries that do not fall into any of the system's supported intents. This poses...
We report the discussion session at the sixth international Genetic Improvement workshop, GI-2019 @ ICSE, which was held as part of the 41st ACM/IEEE International Conference on Software Engineering on Tuesday 28th May 2019. Topics included GI representations, the maintainability of evolved code, automated software testing, future areas of GI resea...
The growing reliance on cloud-based services has led to increased focus on cloud security. Cloud providers must deal with concerns from customers about the overall security of their cloud infrastructures. In particular, an increasing number of cloud attacks target resource allocation in cloud environments. For example, vulnerabilities in a hypervis...
Mental health problems are highly prevalent and increasing in frequency and severity among the college student population. The upsurge in mobile and wearable wireless technologies capable of intense, longitudinal tracking of individuals, provide enormously valuable opportunities in mental health research to examine temporal patterns and dynamic int...
Mental health problems are highly prevalent and appear to be increasing in frequency and severity among the college student population. The upsurge in mobile and wearable wireless technologies capable of intense, longitudinal tracking of individuals, provide valuable opportunities to examine temporal patterns and dynamic interactions of key variabl...
Traditional malware analysis relies on virtualization or emulation technology to run samples in a confined environment, and to analyze malicious activities by instrumenting code execution. However, virtual machines and emulators inevitably create artifacts in the execution environment, making these approaches vulnerable to detection or subversion....
Normalized cross-correlation template matching is used as a detection method in many scientific domains. To be practical, template matching must scale to large datasets while handling ambiguity, uncertainty, and noisy data. We propose a novel approach based on Dempster-Shafer (DS) Theory and MapReduce parallelism. DS Theory addresses conflicts betw...
According to a 2014 Spring American College
Health Association Survey, almost 50% of college students
reported feeling things were hopeless and that it was difficult
to function within the last 12 months. More than 80% reported
feeling overwhelmed and exhausted by their responsibilities. This
critical subpopulation of Americans is facing significan...
With the rapid proliferation of malware attacks on the Internet, understanding these malicious behaviors plays a critical role in crafting effective defense. Advanced malware analysis relies on virtualization or emulation technology to run samples in a confined environment, and to analyze malicious activities by instrumenting code execution. Howeve...
With the increasing prevalence of Web 2.0 and cloud computing, password-based logins play an increasingly important role on user-end systems. We use passwords to authenticate ourselves to countless applications and services. However, login credentials can be easily stolen by attackers. In this paper, we present a framework, TrustLogin, to secure pa...
Secure hardware forms the foundation of a secure system. However, securing hardware devices remains an open research problem. In this paper, we present IOCheck, a framework to enhance the security of I/O devices at runtime. It leverages System Management Mode (SMM) to quickly check the integrity of I/O configurations and firmware. IOCheck is agnost...
Control flow graphs (CFG) have long been an effective and elegant way to represent program execution. In particular, many anomaly detection systems employ CFGs. Unfortunately, typical CFG-based systems rely on inaccurate or impractical heuristics. For example, the state space may be restricted by considering only a call graph, thus reducing accurac...
Virtual Machine Introspection (VMI) systems have been widely adopted for malware detection and analysis. VMI systems use hypervisor technology for system introspection and to expose malicious activity. However, recent malware can detect the presence of virtualization or corrupt the hypervisor state thus avoiding detection. We introduce SPECTRE, a h...
Citations
... In addition, the attacker is capable of spoofing system IDs. The work by Highnam et al. [117] described a realistic scenario of many drones operating under the MAVLink protocol being compromised. By capturing a flight mission's system ID and spoofing MAVLink packets, the considered specimen threat scenario exhibits an attacker's capacity to carry out a stealthy assault. ...
... Because Zipr's technology is agnostic to the source language, it was the only solution in the program that was able to handle the ADA Web Server application (obviously written in ADA.) in addition these projects, Zipr has been used to do antifragility work, and is the basis for effective binary-only fuzzing with tools like Zafl and the binary-only based version of Untracer, called HeXcite. (26)(27)(28)(29)(30) Hardened Registries in UVA ACCORD. As a practical example of how to use hardened registries in a real-world environment, we have partnered with the ACCORD team at the University of Virgnia (UVA). ...
... Heterogeneous TEEs. A line of research has been conducted to extend confidential computing to devices such as GPUs, including Graviton [45], HIX [27], HETEE [53], Strongbox [21], and Cronus [29]. In particular, GPU TEE is currently available on the commercial Nvidia H100 GPU [39]. ...
... Wider developments in TOD have been hampered by the two conflicting requirements: 1) largescale in-domain datasets are crucially required in order to unlock the potential of deep learning-based TOD components and systems to handle complex dialog patterns (Budzianowski et al., 2018;Lin et al., 2021b); at the same time 2) data collection for TOD is known to be notoriously difficult as it is extremely time-consuming, expensive, and requires expert and domain knowledge (Shah et al., 2018;Larson and Leach, 2022). Put simply, the creation of TOD datasets for new domains and languages incurs significantly higher time and budget costs than for most other NLP tasks (Casanueva et al., 2022). ...
... While there are some existing prompt-based approaches for DST with different designs of prompts such as using slot name [20,21,22,23], slot description [24], slot type [25], possible values [25], priming examples [26] and/or slot-specific question [4,27,28,29,8,30] in prompt sentences, they all fine-tune the entire LM along with the prompt tokens for a new domain, which requires a significant amount of training time, system resources, and annotated data [31,32]. The computing and data resource-hungry issues are more severe in the real-world deployment where LMs tuned for different domains and tasks need to be trained and hosted, and a typical dialogue system has to serve dozens of such LMs [33,34,35]. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/1139099557724162-1648593906741_Q64/Karthik-Krishnamurthy-5.jpg)
![[object Object]](https://i1.rgstatic.net/ii/profile.image/880277131911172-1586885831471_Q64/Walter-Talamonti-2.jpg)
... Thus, these results support the evidence that code and prose writing have different behaviour at mental level. Sharafi et al. (2021) performed two controlled experiments with 112 students during a series of development activities, i.e., code comprehension, code review, and data structure manipulations. During coding activities, students were monitored through neuroimaging activities, i.e., functional near-infrared spectroscopy (fNIRS), functional magnetic resonance imaging (fMRI) and eye tracking. ...
... Thus, we motivate to establish a new benchmark dataset that provides annotation of the fine-grained reasoning steps to automatically measure the reasoning consistency. However, collecting such a dataset is challenging due to high underlying human effort and may contain inconsistencies among annotators for the reasoning chains [11,22,51]. ...
... Advances in technology to accurately measure neural activity in the last three decades have revealed the existence of specialized regions for a variety of cognitive functions like language processing, face recognition, navigation etc. [39] The use of neuroimaging techniques to study the cognitive responses to programming has gained momentum recently. Prior works have investigated the neural processes involved in debugging [14], variable tracking when reading programs [36,46], semantic cues or program layout [18,51], program generation [41], manipulating data structures [34], biases in code review processes [33], and programming expertise [27,35,48]. ...
... determining the purpose behind a phrase or sentence). When crowdsourcing intent examples, workers typically create new phrases for some scenario (Wang et al., 2012;Larson et al., 2020). However, a data augmentation approach can also be used: by workers paraphrasing existing sentences with known intents. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/694635500421120-1542625417044_Q64/Rishi-Tekriwal.jpg)
... In last decade, neuroimaging techniques have been used to understand the cognitive processes of programming (Ebisch et al., 2013;Floyd et al., 2017;Huang et al., 2019;Peitek et al., 2018;Siegmund et al., 2014Siegmund et al., , 2017Krueger et al., 2020;Karas et al., 2021). Specifically, Peitek et al. (2018) and Siegmund et al. (2017) use these techniques in the program comprehension and Krueger et al. (2020) use these techniques in the code writing. ...
