Portal de Programas de Pós-Graduação (UFSJ)

SIGAA - Sistema Integrado de Gestão de Atividades Acadêmicas

PPGCC PROGRAMA DE PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO PRÓ-REITORIA DE PESQUISA E PÓS-GRADUAÇÃO Phone: Not available E-mail: sachetto@ufsj.edu.br http://www.ufsj.edu.br//ppgcc

Banca de DEFESA: GLEYBERSON DA SILVA ANDRADE

Uma banca de DEFESA de MESTRADO foi cadastrada pelo programa.
STUDENT : GLEYBERSON DA SILVA ANDRADE
DATE: 27/08/2021
TIME: 09:00
LOCAL: Google Meet
TITLE:

Machine Learning-based Analysis Heuristic for Vulnerability Detection on Configurable Systems

KEY WORDS:

Software Product Lines, Vulnerability Detection, Secure Coding, Machine Learning

PAGES: 90
BIG AREA: Ciências Exatas e da Terra
AREA: Ciência da Computação
SUBÁREA: Metodologia e Técnicas da Computação
SPECIALTY: Engenharia de Software
SUMMARY:

Configurable software systems offer a variety of benefits, such as supporting the easy configuration of custom behaviors for distinctive needs. However, it is known that the presence of configuration options in source code complicates maintenance tasks and requires additional effort from developers when adding or editing code statements. They need to consider multiple configurations when executing tests or performing static analysis to detect vulnerabilities. Therefore, vulnerabilities have been widely reported in configurable software systems. Unfortunately, the effectiveness of vulnerability detection depends on how the multiple configurations (i.e., samples sets) are selected. In this work, we tackle the challenge of generating more adequate system configuration samples by considering the intrinsic characteristics of security vulnerabilities. We propose a new sampling heuristic based on Machine Learning for recommending the subset of configurations that should be analyzed individually. We collected 53 metrics of 11 projects written in C referring to software complexity, probability of vulnerability incidence, evolution history, and developer's contribution. These data were subjected to execution in different scenarios, such as Cross-validation and Cross-project-validation, attempting to reduce the number of variants recommended by the LSA (Linear Sampling Algorithm) heuristic. Our results show that we can achieve high vulnerability-detection effectiveness with a smaller sample size.

BANKING MEMBERS:
Presidente - 2058929 - ELDER JOSE REIOLI CIRILO
Interno - 2400331 - VINICIUS HUMBERTO SERAPILHA DURELLI
Interno - 2325597 - DIEGO ROBERTO COLOMBO DIAS
Externo à Instituição - RAFAEL SERAPILHA DURELLI - UFLA
Externo à Instituição - ERICK GALANI MAZIERO - UFLA

Notícia cadastrada em: 13/08/2021 09:01