1,720,996 research outputs found
Adversarial deep learning for energy management in buildings
No full textDeep learning is a powerful means to classify and thus optimize Energy management in Buildings. Deep learning is effective especially when the training dataset has a reduced volume or when the test set changes at a higher frequency than the training set. Notwithstanding these favourable properties, the classification with deep learning could be distorted by an adversary who can be interested to alter the classification of the energy consumption. Several kinds of fraud could require this attack, as those aimed at energy theft. In this paper we will provide experimental implants where a dataset is tampered with in order to lead the classifier to acquire it as valid, while it contains samples attributable to energy thefts
ProMisE: a Framework for Process models custoMisation to the opErative context
No full textProcess diversity has recently become a target for the attention of a large part of the Software Engineering community. It implies that in order for a process model to be effective it must be specialized with respect to the context in which the process is execute. The authors face this problem by proposing ProMisE, a process pattern based framework able to capitalize the experiences gained in using a process model in diverse environments. It is an experience base focused on process models
A systematic literature review of blockchain and smart contract development: Techniques, tools, and open challenges
No full textBlockchain platforms and languages for writing smart contracts are becoming increasingly popular. However, smart contracts and blockchain applications are developed through non-standard software life-cycles, in which, for instance, delivered applications can hardly be updated or bugs resolved by releasing a new version of the software. Therefore, this systematic literature review oriented to software engineering aims at highlighting current problems and possible solutions concerning smart contracts and blockchain applications development. In this paper, we analyze 96 articles (written from 2016 to 2020) presenting solutions to tackle software engineering-specific challenges related to the development, test, and security assessment of blockchain-oriented software. In particular, we review papers (that appeared in international journals and conferences) relating to six specific topics: smart contract testing, smart contract code analysis, smart contract metrics, smart contract security, Dapp performance, and blockchain applications. Beyond the systematic review of the techniques, tools, and approaches that have been proposed in the literature to address the issues posed by the development of blockchain-based software, for each of the six aforementioned topics, we identify open challenges that require further research
A systematic literature review of IoT time series anomaly detection solutions
No full textThe rapid spread of the Internet of Things (IoT) devices has prompted many people and companies to adopt the IoT paradigm, as this paradigm allows the automation of several processes related to data collection and monitoring. In this context, the sensors (or other devices) generate huge amounts of data while monitoring physical spaces and objects. Therefore, the problem of managing and analyzing these huge amounts of data has stimulated researchers and practitioners to adopt anomaly detection techniques, which are automated solutions to enable the recognition of abnormal behaviors occurring in complex systems. In particular, in IoT environments, anomaly detection very often involves the analysis of time series data and this analysis should be accomplished under specific time or resource constraints. In this systematic literature review, we focus on the IoT time series anomaly detection problem by analyzing 62 articles written from 2014 to 2021. Specifically, we explore the methods and techniques adopted by researchers to deal with the issues related to dimensionality reduction, anomaly localization, and real-time monitoring, also discussing the datasets used, and the real-case scenarios tested. For each of these topics, we highlight potential limitations and open issues that need to be addressed in future work
Investigating the vulnerability fixing process in OSS projects: Peculiarities and challenges
No full textAlthough vulnerabilities can be considered and treated as bugs, they present numerous peculiarities compared to other types of bugs (canonical bugs in the remainder of the paper). A vulnerability adds functionality to a system, as it allows an adversary to misuse or abuse the system, while a canonical bug is an incomplete or incorrect implementation of a requirement, and thus degrades the functionality of the system. This difference can affect the fixing process of vulnerabilities. By mining the repositories of 6 open source projects, we characterize the differences in the fixing process between vulnerabilities and canonical bugs, highlighting critical issues which could represent challenges for future research. Results of our study demonstrate that: (i) more re-assignments (than the ones observed in canonical bugs) are required for finding the developers able to handle vulnerability-related bugs, (ii) developers’ security-related skills should be profiled, to improve the efficiency of the security bug assignment tasks, and, consequently, reduce the re-assignments, and (iii) vulnerabilities require more effort, contributors and time to define the fixing strategy but smaller time to fix than canonical bugs
About the Robustness and Looseness of Yara Rules
No full textThe tremendous and fast growth of malware circulating in the wild urges the community of malware analysts to rapidly and effectively share knowledge about the arising threats. Among the other solutions, Yara is establishing as a de facto standard for describing and exchanging Indicators of Compromise (IOCs). Unfortunately, the community of malware analysts did not agree on a set of guidelines for writing Yara rules: a plethora of very different styles for formalizing IOCs can be observed, indeed. Our thesis is that different styles of Yara rule writing could affect the quality of IOCs. With this paper we provide: (i) the definition of two dimensions of Yara rules quality, namely Robustness and Looseness; (ii) a taxonomy for describing the kinds of IOCs that can be formalized with the Yara grammar, and (iii) a suite of metrics for measuring the quality of an IOC. Finally, we carried out a study on 32,311 Yara rules for examining the different existing styles and to investigate the relationship between the writing styles and the quality of IOCs
Patchworking: Exploring the code changes induced by vulnerability fixing activities
No full textContext: Identifying and repairing vulnerable code is a critical software maintenance task. Change impact analysis plays an important role during software maintenance, as it helps software maintainers to figure out the potential effects of a change before it is applied. However, while the software engineering community has extensively studied techniques and tools for performing impact analysis of change requests, there are no approaches for estimating the impact when the change involves the resolution of a vulnerability bug. Objective: We hypothesize that similar vulnerabilities may present similar strategies for patching. More specifically, our work aims at understanding whether the class of the vulnerability to fix may determine the type of impact on the system to repair. Method: To verify our conjecture, in this paper, we examine 524 security patches applied to vulnerabilities belonging to ten different weakness categories and extracted from 98 different open-source projects written in Java. Results: We obtain empirical evidence that vulnerabilities of the same types are often resolved by applying similar code transformations, and, thus, produce almost the same impact on the codebase. Conclusion: On the one hand, our findings open the way to better management of software maintenance activities when dealing with software vulnerabilities. Indeed, vulnerability class information could be exploited to better predict how much code will be affected by the fixing, how the structural properties of the code (i.e., complexity, coupling, cohesion, size) will change, and the effort required for the fix. On the other hand, our results can be leveraged for improving automated strategies supporting developers when they have to deal with security flaws
- …
