Publications
Proceedings, refereed
CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software
In 17th International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2021). ACM, 2021.Status: Published
CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software
Data-driven research on the automated discovery and repair of
security vulnerabilities in source code requires comprehensive
datasets of real-life vulnerable code and their fixes. To assist
in such research, we propose a method to automatically collect and
curate a comprehensive vulnerability dataset from Common Vulnerabilities
and Exposures (CVE) records in the public National Vulnerability
Database (NVD). We implement our approach in a fully automated
dataset collection tool and share an initial release of the resulting
vulnerability dataset named CVEfixes.
The CVEfixes collection tool automatically fetches all available
CVE records from the NVD, gathers the vulnerable code and corresponding
fixes from associated open-source repositories, and organizes the
collected information in a relational database. Moreover, the
dataset is enriched with meta-data such as programming language,
and detailed code and security metrics at five levels of abstraction.
The collection can easily be repeated to keep up-to-date with newly
discovered or patched vulnerabilities. The initial release of
CVEfixes spans all published CVEs up to 9 June 2021, covering 5365
CVE records for 1754 open-source projects that were addressed in a
total of 5495 vulnerability fixing commits.
CVEfixes supports various types of data-driven software security
research, such as vulnerability prediction, vulnerability classification,
vulnerability severity prediction, analysis of vulnerability-related
code changes, and automated vulnerability repair.
Afilliation | Software Engineering |
Project(s) | Data-Driven Software Engineering Department |
Publication Type | Proceedings, refereed |
Year of Publication | 2021 |
Conference Name | 17th International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2021) |
Pagination | 30-39 |
Date Published | 08/2021 |
Publisher | ACM |
ISBN Number | 978-1-4503-8680-7/21/08 |
Keywords | dataset, Security vulnerabilities, software repository mining, source code repair, vulnerability classification, vulnerability prediction |
URL | https://doi.org/10.1145/3475960.3475985 |
DOI | 10.1145/3475960.3475985 |
Proceedings, refereed
Deep neural architecture for geospatial trajectory completion over occupancy gridmap
In 2020 IEEE 13th International Conference on Cloud Computing (CLOUD)2020 IEEE 13th International Conference on Cloud Computing (CLOUD). Beijing, China: IEEE, 2020.Status: Published
Deep neural architecture for geospatial trajectory completion over occupancy gridmap
GPS data is widely used in many real-world applications. The quality of GPS data is critically important to produce high-quality results. In real-world applications, certain GPS trajectories are sparse and incomplete, which causes challenges to GPS trajectory-based applications. Few existing studies have tried to address this problem using complicated algorithms based on conventional heuristics; this requires extensive domain knowledge of underlying applications. Deep learning in the recent era has achieved great success in solving many sequences to sequence prediction problems. In this paper, deep learning-based bidirectional convolutional recurrent encoder-decoder architecture using an attention mechanism is proposed that predicts the missing data points, resulting in a complete GPS trajectory. The proposed method shows significant improvement over state-of-the-art benchmark methods.
Afilliation | Machine Learning |
Project(s) | Data-Driven Software Engineering Department |
Publication Type | Proceedings, refereed |
Year of Publication | 2020 |
Conference Name | 2020 IEEE 13th International Conference on Cloud Computing (CLOUD)2020 IEEE 13th International Conference on Cloud Computing (CLOUD) |
Pagination | 37-39 |
Date Published | 10/2020 |
Publisher | IEEE |
Place Published | Beijing, China |
ISBN Number | 978-1-7281-8780-8 |
ISSN Number | 2159-6190 |
Keywords | deep learning, GPS, trajectories |
URL | https://ieeexplore.ieee.org/document/9284256 |
DOI | 10.1109/CLOUD49709.202010.1109/CLOUD49709.2020.00018 |
Journal Article
Mode Inference using enhanced Segmentation and Pre-processing on raw Global Positioning System data
Measurement and Control 53, no. 7-8 (2020): 1144-1158.Status: Published
Mode Inference using enhanced Segmentation and Pre-processing on raw Global Positioning System data
Many applications use the Global Positioning System data that provide rich context information for multiple purposes. Easier availability and access of Global Positioning System data can facilitate various mobile applications, and one of such applications is to infer the mobility of a user. Most existing works for inferring users’ transportation modes need the combination of Global Positioning System data and other types of data such as accelerometer and Global System for Mobile Communications. However, the dependency of the applications to use data sources other than the Global Positioning System makes the use of applications difficult if the peer data source is not available. In this paper, we introduce a new generic framework for the inference of transportation mode by only using the Global Positioning System data. Our contribution is threefold. First, we propose a new method for Global Positioning System trajectory data preprocessing using the grid probability distribution function. Second, we introduce an algorithm for the change point–based trajectory segmentation, to more effectively identify the single-mode segments from Global Positioning System trajectories. Third, we introduce new statistical-based topographic features that are more discriminative for transportation mode detection. Through extensive evaluation on the large trajectory data GeoLife, our approach shows significant performance improvement in terms of accuracy over state-of-the-art baseline models.
Afilliation | Machine Learning |
Project(s) | Data-Driven Software Engineering Department |
Publication Type | Journal Article |
Year of Publication | 2020 |
Journal | Measurement and Control |
Volume | 53 |
Issue | 7-8 |
Pagination | 1144 - 1158 |
Date Published | 08/2020 |
Publisher | SAGE journals |
ISSN | 0020-2940 |
Keywords | classification, global positioning system trajectory, Machine learning, statistical analysis, transportation mode |
URL | https://journals.sagepub.com/doi/10.1177/0020294020918324 |
DOI | 10.1177/0020294020918324 |
Book Chapter
Modelling Security Requirements for Software Development with Common Criteria
In Security, Privacy, and Anonymity in Computation, Communication, and Storage, XVI, 506. Vol. 11611. Springer, 2019.Status: Published
Modelling Security Requirements for Software Development with Common Criteria
Designing software needs to address the issues of adaptation and evaluation in terms of object-oriented concepts to prevent the loss of resources in terms of system failure. System security assessments are common practice, and system certification according to a standard requires submitting relevant software security information to applicable authorities. Many security-related standards exist to develop various security-critical systems; however, Common Criteria (ISO/IEC 15408) is an International de-facto standard that assures specification, implementation, and evaluation of an IT security product. This research will aid in better communication and enhanced collaboration among different stakeholders, especially between software and security engineers, by proposing a model of security-related concepts in de-facto standard Unified Modeling Language (UML). In this paper, we present a Usage Scenario and a Conceptual Model by extracting key security-related images from Common Criteria. The effectiveness is illustrated by a case study on Facebook Meta-Model, built for the evaluation purpose of Common Criteria models.
Afilliation | Software Engineering |
Project(s) | Data-Driven Software Engineering Department |
Publication Type | Book Chapter |
Year of Publication | 2019 |
Book Title | Security, Privacy, and Anonymity in Computation, Communication, and Storage |
Volume | 11611 |
Edition | 1 |
Series Volume | 1611-3349 |
Pagination | XVI, 506 |
Date Published | 07/2019 |
Publisher | Springer |
ISBN Number | 978-3-030-24906-9 |
ISBN | 978-3-030-24907-6 |
Keywords | common criteria (ISO/IEC 15408), security evaluation, security requirement engineering, software modelling, UML profile |
URL | https://link.springer.com/chapter/10.1007%2F978-3-030-24907-6_7 |
Proceedings, refereed
Cloud Computing Security Threats and Attacks with Their Mitigation Techniques
In International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). Nanjing, China: IEEE, 2017.Status: Published
Cloud Computing Security Threats and Attacks with Their Mitigation Techniques
Cloud computing is a rapidly growing internet technology for facilitating various services to its consumers. It proposes many striking promises to the general public or big companies like Amazon, Google, Microsoft, IBM, etc., to maintain and upgrade their position in a fast-growing cloud computing environment and to enhance their services for a large number of users. However, with the fast development and enticing offerings, many issues associated with this technology also arise, which need to be addressed, with security being the strongest barrier to its adoption. Security concerns are an active area of research, which needs to be addressed properly to avoid security threats and attacks that are disasters for both service providers and service consumers. This paper highlights cloud computing architectural principles, cloud computing key security requirements, cloud computing security threats and cloud computing security attacks with their mitigation techniques, and future research challenges.
Afilliation | Software Engineering |
Project(s) | Data-Driven Software Engineering Department |
Publication Type | Proceedings, refereed |
Year of Publication | 2017 |
Conference Name | International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) |
Pagination | 244-251 |
Date Published | 10/2017 |
Publisher | IEEE |
Place Published | Nanjing, China |
ISBN Number | 978-1-5386-2209-4 |
Keywords | Cloud computing, mitigation techniques, security attacks, security requirements, security threats |
URL | http://ieeexplore.ieee.org/document/8250365/ |
DOI | 10.1109/CyberC.2017.37 |