Search for: All records

Abstract Creativity is a key 21st-century skill and a consistent predictor of academic learning outcomes. Despite decades of research on creativity and learning, little is known about the cognitive mechanisms underlying their relationship. In two studies, we examined whether creativity supports associative learning through associative thinking—the ability to generate novel word associations—an ability central to creativity which has not been previously tied to associative learning. In Study 1, we found that students who generated more novel word associations learned more words on a foreign language learning test 24 h later. In Study 2, we replicated and extended the effect to naturalistic creativity tasks (i.e., writing short stories and sketching line drawings), finding associative thinking mediated the relationship between creativity and associative learning. Importantly, both studies controlled for general intelligence. Our findings suggest that creativity’s contribution to learning operates partly through a shared cognitive capacity for making new connections. 

Plants exhibit extensive environment-dependent intraspecific metabolic variation, which likely plays a role in determining variation in whole plant phenotypes. However, much of the work seeking to use natural variation to link genes and transcript’s impacts on plant metabolism has employed data from controlled environments. Here, we generated and analyzed data on the variation in the abundance of 26 metabolites across 660 maize inbred lines under field conditions. We employ these data and previously published transcript and whole plant phenotype data reported for the same field experiment to identify both genomic intervals (through genome-wide association studies (GWAS)) and transcripts (using both transcriptome-wide association studies (TWAS) and an explainable artificial intelligence (AI) approach based on random forest (RF)) associated with variation in metabolite abundance. Both genome-wide association and random forest-based methods identified substantial numbers of significant associations including genes with plausible links to the metabolites they are associated with. In contrast, the transcriptome-wide association identified only six significant associations. In three cases, genetic markers associated with metabolic variation in our study colocalized with markers linked to variation in non-metabolic traits scored in the same experiment. We speculate that the poor performance of transcriptome-wide association studies in identifying transcript-metabolite associations may reflect a high prevalence of non-linear interactions between transcripts and metabolites and/or a bias towards rare transcripts playing a large role in determining intraspecific metabolic variation. 

Package confusion attacks such as typosquatting threaten soft- ware supply chains. Attackers make packages with names that syntactically or semantically resemble legitimate ones, trick- ing engineers into installing malware. While prior work has developed defenses against package confusions in some soft- ware package registries, notably NPM, PyPI, and RubyGems, gaps remain: high false-positive rates, generalization to more software package ecosystems, and insights from real-world deployment. In this work, we introduce ConfuGuard, a state-of-art de- tector for package confusion threats. We begin by presenting the first empirical analysis of benign signals derived from prior package confusion data, uncovering their threat patterns, engineering practices, and measurable attributes. Advancing existing detectors, we leverage package metadata to distin- guish benign packages, and extend support from three up to seven software package registries. Our approach significantly reduces false positive rates (from 80% to 28%), at the cost of an additional 14s average latency to filter out benign pack- ages by analyzing the package metadata. ConfuGuard is used in production at our industry partner, whose analysts have already confirmed 630 real attacks detected by ConfuGuard 

Abstract As innovation in deep learning continues, many engineers are incorporating Pre-Trained Models (PTMs) as components in computer systems. Some PTMs are foundation models, and others are fine-tuned variations adapted to different needs. When these PTMs are named well, it facilitates model discovery and reuse. However, prior research has shown that model names are not always well chosen and can sometimes be inaccurate and misleading. The naming practices for PTM packages have not been systematically studied, which hampers engineers’ ability to efficiently search for and reliably reuse these models. In this paper, we conduct the first empirical investigation of PTM naming practices in the Hugging Face PTM registry. We begin by reporting on a survey of 108 Hugging Face users, highlighting differences from traditional software package naming and presenting findings on PTM naming practices. The survey results indicate a mismatch between engineers’ preferences and current practices in PTM naming. We then introduce DARA, the first automatedDNNARchitectureAssessment technique designed to detect PTM naming inconsistencies. Our results demonstrate that architectural information alone is sufficient to detect these inconsistencies, achieving an accuracy of 94% in identifying model types and promising performance (over 70%) in other architectural metadata as well. We also highlight potential use cases for automated naming tools, such as model validation, PTM metadata generation and verification, and plagiarism detection. Our study provides a foundation for automating naming inconsistency detection. Finally, we envision future work focusing on automated tools for standardizing package naming, improving model selection and reuse, and strengthening the security of the PTM supply chain.“The main idea is to treat a program as a piece of literature, addressed to human beings rather than to a computer”—D. Knuth 

Regular Expression Denial of Service (ReDoS) is a vulnerability class that has become prominent in recent years. Attackers can weaponize such weaknesses as part of asymmetric cyberattacks that exploit the slow worst-case matching time of regular expres- sion (regex) engines. In the past, problematic regular expressions have led to outages at Cloudflare and Stack Overflow, showing the severity of the problem. While ReDoS has drawn significant research attention, there has been no systematization of knowledge to delineate the state of the art and identify opportunities for fur- ther research. In this paper, we describe the existing knowledge on ReDoS. We first provide a systematic literature review, discussing approaches for detecting, preventing, and mitigating ReDoS vul- nerabilities. Then, our engineering review surveys the latest regex engines to examine whether and how ReDoS defenses have been re- alized. Combining our findings, we observe that (1) in the literature, almost no studies evaluate whether and how ReDoS vulnerabilities can be weaponized against real systems, making it difficult to assess their real-world impact; and (2) from an engineering view, many mainstream regex engines now have ReDoS defenses, rendering many threat models obsolete. We conclude with an extensive dis- cussion, highlighting avenues for future work. The open challenges in ReDoS research are to evaluate emerging defenses and support engineers in migrating to defended engines. We also highlight the parallel between performance bugs and asymmetric DoS, and we argue that future work should capitalize more on this similarity and adopt a more systematic view on ReDoS-like vulnerabilities. 

Abstract Successful behavioral adaptation requires an ongoing assessment of rewarding outcomes based on one’s current state. A frontocentral ERP associated with reward feedback, the reward positivity (RewP), has been linked to reflect information about reward value and motivational states. It is, however, unclear if changes in the RewP are influenced by changes in reward value as a function of motivational state. To examine this, hungry participants (n= 31) completed two rounds of a modified Doors Task incorporating Pavlovian conditioning during EEG recordings and obtained feedback associated with sweet and savory food reinforcers equally matched in pleasantness and desirability. Participants underwent reinforcer devaluation, a paradigm designed to isolate inference-based behavior based on decreasing reward value, in between rounds by eating one of the foods to satiety. Prior to devaluation, participants were hungry and rated both food reinforcers equally pleasant. After devaluation, participants were sated and rated the devalued food, but not the non-devalued food, significantly less pleasant, suggesting a sensory-specific change in reward value. Logistic regression of win-stay/lose-switch behavior during the Doors Task shows participants made sensory-specific adjustments in food preferences during postdevaluation. Nonparametric permutation tests based on the tmax statistic performed revealed no significant differences in RewP amplitudes, suggesting the RewP is insensitive to reinforcer devaluation. This could not be explained by differences in perceived pleasantness or desirability. These findings suggest that affective and motivational factors such as tracking inferences based on decreases in reward value did not modulate the RewP. 

ABSTRACT Reproduction is often costly for males, as it may require the growth of structural traits that aid in dispersal to find females, competition over mating opportunities, and ejaculate production. The growth of such traits can be energetically demanding, and these demands often arise concurrently during development. As such, these traits may be especially prone to resource allocation trade‐offs. Yet, such traits are rarely studied in tandem. We designed a study to improve understanding of investment dynamics in flight muscle, a dispersal trait; a sexually selected weapon used in mate competition; and testes used for sperm production. We used the leaf‐footed cactus bug,Narnia femorata(Hemiptera: Coreidae), a species where males use their hindleg as weapons to compete for matings. Males can naturally drop their limbs, and when hindlegs are lost during development, adult males do not grow a weapon. Existing studies have revealed that testes growth increases when investment in weapons ceases. Yet, this work only examined responses to the loss of a single hindleg and limited the scope of traits to testes. Here, we examined weapon loss at two levels and investigated a third trait: dispersal. We found that testes size increased stepwise with limb loss; the loss of one hindleg weapon increased testes mass by around 9%, and two legs increased it by 20%. This intriguing pattern suggests a direct, quantity‐specific trade‐off in tissue development across traits. We also detected only a limited increase in dispersal investment when males did not grow weapons. Yet, dispersal may still be enhanced for those that drop hind legs; those without the substantial weight of hind limbs may have the potential to disperse farther.