{"id":"https://openalex.org/W4327642537","doi":"https://doi.org/10.1109/cns56114.2022.10066153","title":"Alexa Skills: Security Vulnerabilities and Countermeasures","display_name":"Alexa Skills: Security Vulnerabilities and Countermeasures","publication_year":2022,"publication_date":"2022-10-03","ids":{"openalex":"https://openalex.org/W4327642537","doi":"https://doi.org/10.1109/cns56114.2022.10066153"},"language":"en","primary_location":{"id":"doi:10.1109/cns56114.2022.10066153","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/cns56114.2022.10066153","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103142359","display_name":"Dan Su","orcid":"https://orcid.org/0000-0002-8230-466X"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dan Su","raw_affiliation_strings":["Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070828650","display_name":"Jiqiang Liu","orcid":"https://orcid.org/0000-0003-1147-4327"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiqiang Liu","raw_affiliation_strings":["Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101952501","display_name":"Sencun Zhu","orcid":"https://orcid.org/0000-0002-1047-7967"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sencun Zhu","raw_affiliation_strings":["School of EECS, The Pennsylvania State University"],"affiliations":[{"raw_affiliation_string":"School of EECS, The Pennsylvania State University","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100334497","display_name":"Xiaoyang Wang","orcid":"https://orcid.org/0000-0001-6629-0176"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaoyang Wang","raw_affiliation_strings":["Beijing Key Laboratory of Traffic Data Analysis and Mining, Beijing Jiaotong University"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Traffic Data Analysis and Mining, Beijing Jiaotong University","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5109361586","display_name":"Wei Wang","orcid":"https://orcid.org/0000-0002-9679-9480"},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Wang","raw_affiliation_strings":["Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University"],"affiliations":[{"raw_affiliation_string":"Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University","institution_ids":["https://openalex.org/I21193070"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5103142359"],"corresponding_institution_ids":["https://openalex.org/I21193070"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18413956,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vetting","display_name":"Vetting","score":0.8479257225990295},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7635539770126343},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6830386519432068},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5293909907341003},{"id":"https://openalex.org/keywords/adversary-model","display_name":"Adversary model","score":0.42579129338264465},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.41805851459503174},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4161335825920105},{"id":"https://openalex.org/keywords/security-awareness","display_name":"Security awareness","score":0.41180163621902466}],"concepts":[{"id":"https://openalex.org/C2777230681","wikidata":"https://www.wikidata.org/wiki/Q7923820","display_name":"Vetting","level":2,"score":0.8479257225990295},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7635539770126343},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6830386519432068},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5293909907341003},{"id":"https://openalex.org/C7606001","wikidata":"https://www.wikidata.org/wiki/Q4686702","display_name":"Adversary model","level":3,"score":0.42579129338264465},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.41805851459503174},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4161335825920105},{"id":"https://openalex.org/C2778652015","wikidata":"https://www.wikidata.org/wiki/Q7445019","display_name":"Security awareness","level":3,"score":0.41180163621902466}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cns56114.2022.10066153","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/cns56114.2022.10066153","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.4399999976158142,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2087970742","https://openalex.org/W2114275288","https://openalex.org/W2574022511","https://openalex.org/W2801982182","https://openalex.org/W2886326201","https://openalex.org/W2889270945","https://openalex.org/W2896457183","https://openalex.org/W2916032017","https://openalex.org/W2921394285","https://openalex.org/W2942373674","https://openalex.org/W2970641574","https://openalex.org/W3081818170","https://openalex.org/W3139099451","https://openalex.org/W4300824008","https://openalex.org/W6722479552","https://openalex.org/W6751333134","https://openalex.org/W6754404224","https://openalex.org/W6755207826","https://openalex.org/W6761820864","https://openalex.org/W6782698827"],"related_works":["https://openalex.org/W4221142798","https://openalex.org/W4285163392","https://openalex.org/W2111145992","https://openalex.org/W2034199088","https://openalex.org/W4362599004","https://openalex.org/W4298144666","https://openalex.org/W2889153935","https://openalex.org/W2412036290","https://openalex.org/W4287667467","https://openalex.org/W3174120180"],"abstract_inverted_index":{"The":[0],"home":[1],"voice":[2,49],"assistants":[3],"such":[4],"as":[5],"Amazon":[6],"Alexa":[7,42,146],"have":[8,28],"become":[9],"increasingly":[10],"popular":[11],"due":[12],"to":[13,45,114,149],"many":[14],"interesting":[15],"voice-activated":[16],"services":[17],"provided":[18],"through":[19],"special":[20],"applications":[21],"called":[22],"skills.":[23],"These":[24],"skills,":[25],"though":[26],"useful,":[27],"also":[29,105],"introduced":[30],"new":[31],"security,":[32],"safety":[33],"and":[34,54,84],"privacy":[35,55],"challenges.":[36],"Prior":[37],"work":[38],"has":[39,60],"verified":[40],"that":[41,73],"is":[43],"vulnerable":[44],"multiple":[46],"types":[47],"of":[48,57,135,142,152],"attacks,":[50,137],"but":[51,104],"the":[52,97,101,129,133,136,150],"security":[53,76,98,130],"risk":[56],"using":[58],"skills":[59,92,144],"not":[61,94],"been":[62],"fully":[63],"investigated.":[64],"In":[65],"this":[66],"work,":[67],"we":[68],"study":[69,128],"an":[70,112],"adversary":[71],"model":[72],"covers":[74],"three":[75],"vulnerabilities,":[77,90],"namely,":[78],"over-privileged":[79],"resource":[80],"access,":[81],"hidden":[82,85],"code-manipulation":[83],"content-manipulation.":[86],"By":[87],"exploiting":[88],"these":[89],"malicious":[91],"can":[93],"only":[95],"bypass":[96],"tests":[99],"in":[100,111,145],"vetting":[102],"process,":[103],"surreptitiously":[106],"change":[107],"their":[108],"original":[109],"functions":[110],"attempt":[113],"steal":[115],"users'":[116],"personal":[117],"information,":[118,121],"obtain":[119],"safety-sensitive":[120],"or":[122],"disseminate":[123],"arbitrary":[124],"information.":[125],"We":[126],"systematically":[127],"issues":[131],"from":[132],"feasibility":[134],"a":[138],"large-scale":[139],"survey":[140],"measurement":[141],"33,744":[143],"Skills":[147],"Store,":[148],"design":[151],"countermeasures.":[153]},"counts_by_year":[],"updated_date":"2025-12-24T23:09:58.560324","created_date":"2025-10-10T00:00:00"}