Context-Aware Neural Fault Localization, 2023 Singapore Management University
Context-Aware Neural Fault Localization, Zhuo Zhang, Xiaoguang Mao, Meng Yan, Xin Xia, David Lo, David Lo
Research Collection School Of Computing and Information Systems
Numerous fault localization techniques identify suspicious statements potentially responsible for program failures by discovering the statistical correlation between test results (i.e., failing or passing) and the executions of the different statements of a program (i.e., covered or not covered). They rarely incorporate a failure context into their suspiciousness evaluation despite the fact that a failure context showing how a failure is produced is useful for analyzing and locating faults. Since a failure context usually contains the transitive relationships among the statements of causing a failure, its relationship complexity becomes one major obstacle for the context incorporation in suspiciousness evaluation of …
Synthesizing Speech Test Cases With Text-To-Speech? An Empirical Study On The False Alarms In Automated Speech Recognition Testing, 2023 Singapore Management University
Synthesizing Speech Test Cases With Text-To-Speech? An Empirical Study On The False Alarms In Automated Speech Recognition Testing, Julia Kaiwen Lau, Kelvin Kai Wen Kong, Julian Hao Yong, Per Hoong Tan, Zhou Yang, Zi Qian Yong, Joshua Chern Wey Low, Chun Yong Chong, Mei Kuan Lim, David Lo
Research Collection School Of Computing and Information Systems
Recent studies have proposed the use of Text-To-Speech (TTS) systems to automatically synthesise speech test cases on a scale and uncover a large number of failures in ASR systems. However, the failures uncovered by synthetic test cases may not reflect the actual performance of an ASR system when it transcribes human audio, which we refer to as false alarms. Given a failed test case synthesised from TTS systems, which consists of TTS-generated audio and the corresponding ground truth text, we feed the human audio stating the same text to an ASR system. If human audio can be correctly transcribed, an …
Finding Causally Different Tests For An Industrial Control System, 2023 Singapore Management University
Finding Causally Different Tests For An Industrial Control System, Christopher M. Poskitt, Yuqi Chen, Jun Sun, Yu Jiang
Research Collection School Of Computing and Information Systems
Industrial control systems (ICSs) are types of cyber-physical systems in which programs, written in languages such as ladder logic or structured text, control industrial processes through sensing and actuating. Given the use of ICSs in critical infrastructure, it is important to test their resilience against manipulations of sensor/actuator inputs. Unfortunately, existing methods fail to test them comprehensively, as they typically focus on finding the simplest-to-craft manipulations for a testing goal, and are also unable to determine when a test is simply a minor permutation of another, i.e. based on the same causal events. In this work, we propose a guided …
Nodemedic: End-To-End Analysis Of Node.Js Vulnerabilities With Provenance Graphs, 2023 Singapore Management University
Nodemedic: End-To-End Analysis Of Node.Js Vulnerabilities With Provenance Graphs, Darion Cassel, Wai Tuck Wong, Limin Jia
Research Collection School Of Computing and Information Systems
Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic, an end-to-end analysis infrastructure that automates test driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: automated constraint-based exploit synthesis to confirm vulnerabilities; Attack-defense-tree-based rating of flow exploitability.We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js …
Mitigating Adversarial Attacks On Data-Driven Invariant Checkers For Cyber-Physical Systems, 2023 BiTS - Pilani
Mitigating Adversarial Attacks On Data-Driven Invariant Checkers For Cyber-Physical Systems, Rajib Ranjan Maiti, Cheah Huei Yoong, Venkata Reddy Palleti, Arlindo Silva, Christopher M. Poskitt
Research Collection School Of Computing and Information Systems
The use of invariants in developing security mechanisms has become an attractive research area because of their potential to both prevent attacks and detect attacks in Cyber-Physical Systems (CPS). In general, an invariant is a property that is expressed using design parameters along with Boolean operators and which always holds in normal operation of a system, in particular, a CPS. Invariants can be derived by analysing operational data of various design parameters in a running CPS, or by analysing the system's requirements/design documents, with both of the approaches demonstrating significant potential to detect and prevent cyber-attacks on a CPS. While …
Beyond "Protected" And "Private": An Empirical Security Analysis Of Custom Function Modifiers In Smart Contracts, 2023 Singapore Management University
Beyond "Protected" And "Private": An Empirical Security Analysis Of Custom Function Modifiers In Smart Contracts, Yuzhou Fang, Daoyuan Wu, Xiao Yi, Shuai Wang, Yufan Chen, Mengjie Chen, Yang Liu, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
A smart contract is a piece of application-layer code running on blockchain ledgers and it provides programmatic logic via transaction-based execution of pre-defined functions. Smart contract functions are by default invokable by any party. To safeguard them, the mainstream smart contract language, i.e., Solidity of the popular Ethereum blockchain, proposed a unique language-level keyword called “modifier,” which allows developers to define custom function access control policies beyond the traditional “protected” and “private” modifiers in classic programming languages.In this paper, we aim to conduct a large-scale security analysis of the modifiers used in real-world Ethereum smart contracts. To achieve this, we …
Duplicate Bug Report Detection: How Far Are We?, 2023 Singapore Management University
Duplicate Bug Report Detection: How Far Are We?, Ting Zhang, Donggyun Han, Venkatesh Vinayakarao, Ivana Clairine Irsan, Bowen Xu, Thung Ferdian, David Lo, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
Many Duplicate Bug Report Detection (DBRD) techniques have been proposed in the research literature. The industry uses some other techniques. Unfortunately, there is insufficient comparison among them, and it is unclear how far we have been. This work fills this gap by comparing the aforementioned techniques. To compare them, we first need a benchmark that can estimate how a tool would perform if applied in a realistic setting today. Thus, we first investigated potential biases that affect the fair comparison of the accuracy of DBRD techniques. Our experiments suggest that data age and issue tracking system choice cause a significant …
Testing Automated Driving Systems By Breaking Many Laws Efficiently, 2023 Xidian University
Testing Automated Driving Systems By Breaking Many Laws Efficiently, Xiaodong Zhang, Wei Zhao, Yang Sun, Jun Sun, Yulong Shen, Xuewen Dong, Zijiang Yang
Research Collection School Of Computing and Information Systems
An automated driving system (ADS), as the brain of an autonomous vehicle (AV), should be tested thoroughly ahead of deployment. ADS must satisfy a complex set of rules to ensure road safety, e.g., the existing traffic laws and possibly future laws that are dedicated to AVs. To comprehensively test an ADS, we would like to systematically discover diverse scenarios in which certain traffic law is violated. The challenge is that (1) there are many traffic laws (e.g., 13 testable articles in Chinese traffic laws and 16 testable articles in Singapore traffic laws, with 81 and 43 violation situations respectively); and …
Semantic-Based Neural Network Repair, 2023 Singapore Management University
Semantic-Based Neural Network Repair, Richard Schumi, Jun Sun
Research Collection School Of Computing and Information Systems
Recently, neural networks have spread into numerous fields including many safety-critical systems. Neural networks are built (and trained) by programming in frameworks such as TensorFlow and PyTorch. Developers apply a rich set of pre-defined layers to manually program neural networks or to automatically generate them (e.g., through AutoML). Composing neural networks with different layers is error-prone due to the non-trivial constraints that must be satisfied in order to use those layers. In this work, we propose an approach to automatically repair erroneous neural networks. The challenge is in identifying a minimal modification to the network so that it becomes valid. …
Qebverif: Quantization Error Bound Verification Of Neural Networks, 2023 Singapore Management University
Qebverif: Quantization Error Bound Verification Of Neural Networks, Yedi Zhang, Fu Song, Jun Sun
Research Collection School Of Computing and Information Systems
To alleviate the practical constraints for deploying deep neural networks (DNNs) on edge devices, quantization is widely regarded as one promising technique. It reduces the resource requirements for computational power and storage space by quantizing the weights and/or activation tensors of a DNN into lower bit-width fixed-point numbers, resulting in quantized neural networks (QNNs). While it has been empirically shown to introduce minor accuracy loss, critical verified properties of a DNN might become invalid once quantized. Existing verification methods focus on either individual neural networks (DNNs or QNNs) or quantization error bound for partial quantization. In this work, we propose …
Seed Selection For Testing Deep Neural Networks, 2023 Singapore Management University
Seed Selection For Testing Deep Neural Networks, Yuhan Zhi, Xiaofei Xie, Chao Shen, Jun Sun, Xiaoyu Zhang, Xiaohong Guan
Research Collection School Of Computing and Information Systems
Deep learning (DL) has been applied in many applications. Meanwhile, the quality of DL systems is becoming a big concern. To evaluate the quality of DL systems, a number of DL testing techniques have been proposed. To generate test cases, a set of initial seed inputs are required. Existing testing techniques usually construct seed corpus by randomly selecting inputs from training or test dataset. Till now, there is no study on how initial seed inputs affect the performance of DL testing and how to construct an optimal one. To fill this gap, we conduct the first systematic study to evaluate …
Silent Compiler Bug De-Duplication Via Three-Dimensional Analysis, 2023 Tianjin University
Silent Compiler Bug De-Duplication Via Three-Dimensional Analysis, Chen Yang, Junjie Chen, Xingyu Fan, Jiajun Jiang, Jun Sun
Research Collection School Of Computing and Information Systems
Compiler testing is an important task for assuring the quality of compilers, but investigating test failures is very time-consuming. This is because many test failures are caused by the same compiler bug (known as bug duplication problem). In particular, this problem becomes much more challenging on silent compiler bugs (also called wrong code bugs), since these bugs can provide little information (unlike crash bugs that can produce error messages) for bug de-duplication. In this work, we propose a novel technique (called D3) to solve the duplication problem on silent compiler bugs. Its key insight is to characterize the silent bugs …
Framework For Assessing Information System Security Posture Risks, 2023 The University of Western Ontario
Framework For Assessing Information System Security Posture Risks, Syed Waqas Hamdani
Electronic Thesis and Dissertation Repository
In today’s data-driven world, Information Systems, particularly the ones operating in regulated industries, require comprehensive security frameworks to protect against loss of confidentiality, integrity, or availability of data, whether due to malice, accident or otherwise. Once such a security framework is in place, an organization must constantly monitor and assess the overall compliance of its systems to detect and rectify any issues found. This thesis presents a technique and a supporting toolkit to first model dependencies between security policies (referred to as controls) and, second, devise models that associate risk with policy violations. Third, devise algorithms that propagate risk when …
Evaluating The Likelihood Of Bug Inducing Commits Using Metrics Trend Analysis, 2023 Western University
Evaluating The Likelihood Of Bug Inducing Commits Using Metrics Trend Analysis, Parul Parul
Electronic Thesis and Dissertation Repository
Continuous software engineering principles advocate a release-small, release-often process model, where new functionality is added to a system, in small increments and very frequently. In such a process model, every time a change is introduced it is important to identify as early as possible, whether the system has entered a state where faults are more likely to occur. In this paper, we present a method that is based on process, quality, and source code metrics to evaluate the likelihood that an imminent bug-inducing commit is highly probable. More specifically, the method analyzes the correlations and the rate of change of …
Job Management Portal Software Review, 2023 Portland State University
Job Management Portal Software Review, Ruchir Elukurthy
University Honors Theses
This essay provides an overview of a computer science capstone project focused on developing a website for Abilities At Work, a non-profit organization. The website aims to assist employment specialists in managing clients' information and tracking their job application in finding meaningful employment. The essay highlights the various stages of the project, understanding requirements, selecting tools and technologies, creating an application architecture, and writing code. Also, this essay focuses on the challenges encountered during the project, along with the valuable lessons learned. This essay emphasizes how the project closely resembles real-world software development, offering insights for prospective students and professionals. …
Stream-Evolving Bot Detection Framework Using Graph-Based And Feature-Based Approaches For Identifying Social Bots On Twitter, 2023 United Arab Emirates University
Stream-Evolving Bot Detection Framework Using Graph-Based And Feature-Based Approaches For Identifying Social Bots On Twitter, Eiman Alothali
Dissertations
This dissertation focuses on the problem of evolving social bots in online social networks, particularly Twitter. Such accounts spread misinformation and inflate social network content to mislead the masses. The main objective of this dissertation is to propose a stream-based evolving bot detection framework (SEBD), which was constructed using both graph- and feature-based models. It was built using Python, a real-time streaming engine (Apache Kafka version 3.2), and our pretrained model (bot multi-view graph attention network (Bot-MGAT)). The feature-based model was used to identify predictive features for bot detection and evaluate the SEBD predictions. The graph-based model was used to …
Blockchain-Enabled Ehr Sharing In Healthcare Federation: Sharding And Interblockchain Communication, 2023 United Arab Emirates University
Blockchain-Enabled Ehr Sharing In Healthcare Federation: Sharding And Interblockchain Communication, Faiza Hashim
Dissertations
Electronic Health Records (EHRs) are crucial components of the healthcare system, facilitating accurate and efficient diagnosis. Blockchain technology has emerged as a promising solution to improve EHRs sharing among medical practitioners while ensuring privacy and security. By leveraging its decentralized, distributed, immutable, and secure architecture, blockchain has the potential to revolutionize the healthcare system. However, due to security concerns, blockchain networks in healthcare typically operate in private or consortium modes, resulting in isolated networks within a federation. Scalability remains a significant challenge for blockchain networks, as the number of participating nodes increases within each network of the federation. Consensus mechanisms …
Scanet: Self-Paced Semi-Curricular Attention Network For Non-Homogeneous Image Dehazing, 2023 Singapore Management University
Scanet: Self-Paced Semi-Curricular Attention Network For Non-Homogeneous Image Dehazing, Yu Guo, Yuan Gao, Ryan Wen Liu, Yuxu Lu, Jingxiang Qu, Shengfeng He, Ren Wenqi
Research Collection School Of Computing and Information Systems
The presence of non-homogeneous haze can cause scene blurring, color distortion, low contrast, and other degradations that obscure texture details. Existing homogeneous dehazing methods struggle to handle the non-uniform distribution of haze in a robust manner. The crucial challenge of non-homogeneous dehazing is to effectively extract the non-uniform distribution features and reconstruct the details of hazy areas with high quality. In this paper, we propose a novel self-paced semi-curricular attention network, called SCANet, for non-homogeneous image dehazing that focuses on enhancing haze-occluded regions. Our approach consists of an attention generator network and a scene re-construction network. We use the luminance …
Mapping Programs To Equations, 2023 New Jersey Institute of Technology
Mapping Programs To Equations, Hessamaldin Mohammadi
Dissertations
Extracting the function of a program from a static analysis of its source code is a valuable capability in software engineering; at a time when there is increasing talk of using AI (Artificial Intelligence) to generate software from natural language specifications, it becomes increasingly important to determine the exact function of software as written, to figure out what AI has understood the natural language specification to mean. For all its criticality, the ability to derive the domain-to-range function of a program has proved to be an elusive goal, due primarily to the difficulty of deriving the function of iterative statements. …
Algorithmic Bias: Causes And Effects On Marginalized Communities, 2023 University of San Diego
Algorithmic Bias: Causes And Effects On Marginalized Communities, Katrina M. Baha
Undergraduate Honors Theses
Individuals from marginalized backgrounds face different healthcare outcomes due to algorithmic bias in the technological healthcare industry. Algorithmic biases, which are the biases that arise from the set of steps used to solve or analyze a problem, are evident when people from marginalized communities use healthcare technology. For example, many pulse oximeters, which are the medical devices used to measure oxygen saturation in the blood, are not able to accurately read people who have darker skin tones. Thus, people with darker skin tones are not able to receive proper health care due to their pulse oximetry data being inaccurate. This …