131 research outputs found
Ethical Perspectives in AI: A Two-folded Exploratory Study From Literature and Active Development Projects
Background: Interest in Artificial Intelligence (AI) based systems has been gaining traction at a fast pace, both for software development teams and for society as a whole. This increased interest has lead to the employment of AI techniques such as Machine Learning and Deep Learning for diverse purposes, like medicine and surveillance systems, and such uses have raised the awareness about the ethical implications of the usage of AI systems. Aims: With this work we aim to obtain an overview of the current state of the literature and software projects on tools, methods and techniques used in practical AI ethics. Method: We have conducted an exploratory study in both a scientific database and a software projects repository in order to understand their current state on techniques, methods and tools used for implementing AI ethics. Results: A total of 182 abstracts were retrieved and five classes were devised from the analysis in Scopus, 1) AI in Agile and Business for Requirement Engineering (RE) (22.8%), 2) RE in Theoretical Context (14.8%), 3) Quality Requirements (22.6%), 4) Proceedings and Conferences (22%), 5) AI in Requirements Engineering (17.8%). Furthermore, out of 589 projects from GitHub, we found 21 tools for implementing AI ethics. Highlighted publicly available tools found to assist the implementation of AI ethics are InterpretML, Deon and TransparentAI. Conclusions: The combined energy of both explored sources fosters an enhanced debate and stimulates progress towards AI ethics in practice
Opinion Mining for Software Development: A Systematic Literature Review
Opinion mining, sometimes referred to as sentiment analysis, has gained increasing attention in software engineering (SE) studies.
SE researchers have applied opinion mining techniques in various contexts, such as identifying developers’ emotions expressed in
code comments and extracting users’ critics toward mobile apps. Given the large amount of relevant studies available, it can take
considerable time for researchers and developers to figure out which approaches they can adopt in their own studies and what perils
these approaches entail.
We conducted a systematic literature review involving 185 papers. More specifically, we present 1) well-defined categories of opinion
mining-related software development activities, 2) available opinion mining approaches, whether they are evaluated when adopted in
other studies, and how their performance is compared, 3) available datasets for performance evaluation and tool customization, and 4)
concerns or limitations SE researchers might need to take into account when applying/customizing these opinion mining techniques.
The results of our study serve as references to choose suitable opinion mining tools for software development activities, and provide
critical insights for the further development of opinion mining techniques in the SE domain
RESAM: Requirements Elicitation and Specification for Deep-Learning Anomaly Models with Applications to UAV Flight Controllers
CyberPhysical systems (CPS) must be closely monitored to identify and
potentially mitigate emergent problems that arise during their routine
operations. However, the multivariate time-series data which they typically
produce can be complex to understand and analyze. While formal product
documentation often provides example data plots with diagnostic suggestions,
the sheer diversity of attributes, critical thresholds, and data interactions
can be overwhelming to non-experts who subsequently seek help from discussion
forums to interpret their data logs. Deep learning models, such as Long
Short-term memory (LSTM) networks can be used to automate these tasks and to
provide clear explanations of diverse anomalies detected in real-time
multivariate data-streams. In this paper we present RESAM, a requirements
process that integrates knowledge from domain experts, discussion forums, and
formal product documentation, to discover and specify requirements and design
definitions in the form of time-series attributes that contribute to the
construction of effective deep learning anomaly detectors. We present a
case-study based on a flight control system for small Uncrewed Aerial Systems
and demonstrate that its use guides the construction of effective anomaly
detection models whilst also providing underlying support for explainability.
RESAM is relevant to domains in which open or closed online forums provide
discussion support for log analysis
Design of secure coding challenges for cybersecurity education in the industry
To minimize the possibility of introducing vulnerabilities in source code, software developers in the industry may attend security awareness and secure coding training. One promising novel approach to raise awareness is to use cybersecurity challenges in a capture-the-flag event. In order for this to be effective, the types of challenges must be adequately designed to address the target group. In this work we look at how to design challenges for software developers in an industrial context, based on survey given to security experts by gathering their experience on the field. While our results show that traditional methods seem to be adequate, they also reveal a new class of challenges based on code entry and interaction with an automated coach.info:eu-repo/semantics/acceptedVersio
Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis
To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study
Cybersecurity awareness platform with virtual coach and automated challenge assessment
Over the last years, the number of cyber-attacks on industrial control systems has been steadily increasing. Among several factors, proper software development plays a vital role in keeping these systems secure. To achieve secure software, developers need to be aware of secure coding guidelines and secure coding best practices. This work presents a platform geared towards software developers in the industry that aims to increase awareness of secure software development. The authors also introduce an interactive game component, a virtual coach, which implements a simple artificial intelligence engine based on the laddering technique for interviews. Through a survey, a preliminary evaluation of the implemented artifact with real-world players (from academia and industry) shows a positive acceptance of the developed platform. Furthermore, the players agree that the platform is adequate for training their secure coding skills. The impact of our work is to introduce a new automatic challenge evaluation method together with a virtual coach to improve existing cybersecurity awareness training programs. These training workshops can be easily held remotely or off-line.info:eu-repo/semantics/acceptedVersio
Cybersecurity Awareness Platform with Virtual Coach and Automated Challenge Assessment
Over the last years, the number of cyber-attacks on industrial control
systems has been steadily increasing. Among several factors, proper software
development plays a vital role in keeping these systems secure. To achieve
secure software, developers need to be aware of secure coding guidelines and
secure coding best practices. This work presents a platform geared towards
software developers in the industry that aims to increase awareness of secure
software development. The authors also introduce an interactive game component,
a virtual coach, which implements a simple artificial intelligence engine based
on the laddering technique for interviews. Through a survey, a preliminary
evaluation of the implemented artifact with real-world players (from academia
and industry) shows a positive acceptance of the developed platform.
Furthermore, the players agree that the platform is adequate for training their
secure coding skills. The impact of our work is to introduce a new automatic
challenge evaluation method together with a virtual coach to improve existing
cybersecurity awareness training programs. These training workshops can be
easily held remotely or off-line.Comment: Preprint accepted for publication at the 6th Workshop On The Security
Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2020
Requirements Engineering that Balances Agility of Teams and System-level Information Needs at Scale
Context: Motivated by their success in software development, large-scale systems development companies are increasingly adopting agile methods and their practices. Such companies need to accommodate different development cycles of hardware and software and are usually subject to regulation and safety concerns. Also, for such companies, requirements engineering is an essential activity that involves upfront and detailed analysis which can be at odds with agile development methods. Objective: The overall aim of this thesis is to investigate the challenges and solution candidates of performing effective requirements engineering in an agile environment, based on empirical evidence. Illustrated with studies on safety and system-level information needs, we explore RE challenges and solutions in large-scale agile development, both in general and from the teams’ perspectives. Method: To meet our aim, we performed a secondary study and a series of empirical studies based on case studies. We collected qualitative data using interviews, focus groups and workshops to derive challenges and potential solutions from industry. Findings: Our findings show that there are numerous challenges of conducting requirements engineering in agile development especially where systems development is concerned. The challenges discovered sprout from an integration problem of working with agile methods while relying on established plan-driven processes for the overall system. We highlight the communication challenge of crossing the boundary of agile methods and system-level (or plan-driven) development, which also proves the coexistence of both methods. Conclusions: Our results highlight the painful areas of requirements engineering in agile development and propose solutions that can be explored further. This thesis contributes to future research, by establishing a holistic map of challenges and candidate solutions that can be further developed to make RE more efficient within agile environments
- …