Related papers: SkillScanner: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development Phase

SkillScanner: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development Phase

URL: http://arxiv.org/abs/2309.05867v1
Date: Mon, 11 Sep 2023 23:22:34 GMT
Title: SkillScanner: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development Phase
Authors: Song Liao, Long Cheng, Haipeng Cai, Linke Guo, Hongxin Hu,
Abstract summary: Amazon Alexa has implemented a set of policy requirements to be adhered to by third-party skill developers. Recent works reveal the prevalence of policy-violating skills in the current skills store.
Score: 24.084878589421113
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The Amazon Alexa marketplace is the largest Voice Personal Assistant (VPA) platform with over 100,000 voice applications (i.e., skills) published to the skills store. In an effort to maintain the quality and trustworthiness of voice-apps, Amazon Alexa has implemented a set of policy requirements to be adhered to by third-party skill developers. However, recent works reveal the prevalence of policy-violating skills in the current skills store. To understand the causes of policy violations in skills, we first conduct a user study with 34 third-party skill developers focusing on whether they are aware of the various policy requirements defined by the Amazon Alexa platform. Our user study results show that there is a notable gap between VPA's policy requirements and skill developers' practices. As a result, it is inevitable that policy-violating skills will be published. To prevent the inflow of new policy-breaking skills to the skills store from the source, it is critical to identify potential policy violations at the development phase. In this work, we design and develop SkillScanner, an efficient static code analysis tool to facilitate third-party developers to detect policy violations early in the skill development lifecycle. To evaluate the performance of SkillScanner, we conducted an empirical study on 2,451 open source skills collected from GitHub. SkillScanner effectively identified 1,328 different policy violations from 786 skills. Our results suggest that 32% of these policy violations are introduced through code duplication (i.e., code copy and paste). In particular, we found that 42 skill code examples from potential Alexa's official accounts (e.g., "alexa" and "alexa-samples" on GitHub) contain policy violations, which lead to 81 policy violations in other skills due to the copy-pasted code snippets from these Alexa's code examples.

Related papers

Understanding Code Understandability Improvements in Code Reviews [79.16476505761582]
We analyzed 2,401 code review comments from Java open-source projects on GitHub. 83.9% of suggestions for improvement were accepted and integrated, with fewer than 1% later reverted.
arXiv Detail & Related papers (2024-10-29T12:21:23Z)
Residual Q-Learning: Offline and Online Policy Customization without Value [53.47311900133564]
Imitation Learning (IL) is a widely used framework for learning imitative behavior from demonstrations. We formulate a new problem setting called policy customization. We propose a novel framework, Residual Q-learning, which can solve the formulated MDP by leveraging the prior policy.
arXiv Detail & Related papers (2023-06-15T22:01:19Z)
Skill-Critic: Refining Learned Skills for Hierarchical Reinforcement Learning [48.75878234995544]
We propose the Skill-Critic algorithm to fine-tune the low-level policy in conjunction with high-level skill selection. We validate Skill-Critic in multiple sparse-reward environments, including a new sparse-reward autonomous racing task in Gran Turismo Sport.
arXiv Detail & Related papers (2023-06-14T09:24:32Z)
SkillFence: A Systems Approach to Practically Mitigating Voice-Based Confusion Attacks [9.203566746598439]
Recent work has shown that commercial systems like Amazon Alexa and Google Home are vulnerable to voice-based confusion attacks. We propose a systems-oriented defense against this class of attacks and demonstrate its functionality for Amazon Alexa. We build SkilIFence, a browser extension that existing voice assistant users can install to ensure that only legitimate skills run in response to their commands.
arXiv Detail & Related papers (2022-12-16T22:22:04Z)
Choreographer: Learning and Adapting Skills in Imagination [60.09911483010824]
We present Choreographer, a model-based agent that exploits its world model to learn and adapt skills in imagination. Our method decouples the exploration and skill learning processes, being able to discover skills in the latent state space of the model. Choreographer is able to learn skills both from offline data, and by collecting data simultaneously with an exploration policy.
arXiv Detail & Related papers (2022-11-23T23:31:14Z)
Goal-Conditioned Reinforcement Learning with Imagined Subgoals [89.67840168694259]
We propose to incorporate imagined subgoals into policy learning to facilitate learning of complex tasks. Imagined subgoals are predicted by a separate high-level policy, which is trained simultaneously with the policy and its critic. We evaluate our approach on complex robotic navigation and manipulation tasks and show that it outperforms existing methods by a large margin.
arXiv Detail & Related papers (2021-07-01T15:30:59Z)
Automated Mapping of Vulnerability Advisories onto their Fix Commits in Open Source Repositories [7.629717457706326]
We present an approach that combines practical experience and machine-learning (ML) An advisory record containing key information about a vulnerability is extracted from an advisory. A subset of candidate fix commits is obtained from the source code repository of the affected project.
arXiv Detail & Related papers (2021-03-24T17:50:35Z)
Preventing Imitation Learning with Adversarial Policy Ensembles [79.81807680370677]
Imitation learning can reproduce policies by observing experts, which poses a problem regarding policy privacy. How can we protect against external observers cloning our proprietary policies? We introduce a new reinforcement learning framework, where we train an ensemble of near-optimal policies.
arXiv Detail & Related papers (2020-01-31T01:57:16Z)
Deep Reinforcement Learning for Complex Manipulation Tasks with Sparse Feedback [0.0]
Hindsight Experience Replay (HER) is a multi-goal reinforcement learning algorithm. We present three algorithms based on the existing HER algorithm that improves its performances.
arXiv Detail & Related papers (2020-01-12T07:22:15Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.