Search CORE

1,189 research outputs found

Search based software engineering: Trends, techniques and applications

Author: Adamopoulos K.
Afzal W.
Afzal W.
Aguilar
Al Ba E.
Alander J. T.
Alander J. T.
Alander J. T.
Alba E.
Alba E.
Amoui M.
Ant Oniol G.
Antoniol G.
Antoniol G.
Arcuri A.
Aversano L.
Bodhuin T.
Bouktif S.
Canfora G.
Chang C. K.
Chang C. K.
Chang C. K.
Chao C.
Chicano F.
Clark J. A.
Cortellessa V.
Cowan G. S.
Dolado J. J.
Doval D.
Dozier G.
El-Faki H K.
Erformat M.
Evett M. P.
Fatiregun D.
Feather M. S.
Feather M. S.
Feldt R.
Ferreira M.
Funes P.
Gross H.-G.
Gross H.-G.
Harman M.
Harman M.
Hart J.
He P.
Hodjat B.
Jaeger M. C.
Jarillo G.
Jiang H.
Joshi A. M.
Katz G.
Khoshgoftaar T. M.
Khoshgoftaar T. M.
Kirsopp C.
Lefley M.
Li C.
Liu Y.
Liu Y.
Liu Y.
Mahanti P. K.
Mahdavi K.
Mahdavi K.
Mancoridis S.
Mancoridis S.
Mark Harman
Minohara T.
Mitchell B. S.
Mitchell B. S.
Mitchell B. S.
Monnier Y.
Nguyen C.
Pohlheim H.
Raiha O.
Ruhe G.
Ruhe G.
S. Afshin Mansouri
Sahraoui H. A.
Shan Y.
Shepperd M.
Shyang W.
Simons C. L.
Stephenson M.
Su S.
van Belle T.
Van Den Akker M.
Vivanco R.
Wang Z.
Wegener J.
Yoo S.
Yuanyuan Zhang
Zhang X.
Publication venue: 'Association for Computing Machinery (ACM)'
Publication date: 01/11/2012
Field of study

© ACM, 2012. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version is available from the link below.In the past five years there has been a dramatic increase in work on Search-Based Software Engineering (SBSE), an approach to Software Engineering (SE) in which Search-Based Optimization (SBO) algorithms are used to address problems in SE. SBSE has been applied to problems throughout the SE lifecycle, from requirements and project planning to maintenance and reengineering. The approach is attractive because it offers a suite of adaptive automated and semiautomated solutions in situations typified by large complex problem spaces with multiple competing and conflicting objectives. This article provides a review and classification of literature on SBSE. The work identifies research trends and relationships between the techniques applied and the applications to which they have been applied and highlights gaps in the literature and avenues for further research.EPSRC and E

Crossref

UCL Discovery

Brunel University Research Archive

A New Approach for Predicting Security Vulnerability Severity in Attack Prone Software Using Architecture and Repository Mined Change Metrics

Author: Hein Daniel D.
Publication venue: 'Paleontological Institute at The University of Kansas'
Publication date: 01/01/2017
Field of study

Billions of dollars are lost every year to successful cyber attacks that are fundamentally enabled by software vulnerabilities. Modern cyber attacks increasingly threaten individuals, organizations, and governments, causing service disruption, inconvenience, and costly incident response. Given that such attacks are primarily enabled by software vulnerabilities, this work examines the efficacy of using change metrics, along with architectural burst and maintainability metrics, to predict modules and files that might be analyzed or tested further to excise vulnerabilities prior to release. The problem addressed by this research is the residual vulnerability problem, or vulnerabilities that evade detection and persist in released software. Many modern software projects are over a million lines of code, and composed of reused components of varying maturity. The sheer size of modern software, along with the reuse of existing open source modules, complicates the questions of where to look, and in what order to look, for residual vulnerabilities. Traditional code complexity metrics, along with newer frequency based churn metrics (mined from software repository change history), are selected specifically for their relevance to the residual vulnerability problem. We compare the performance of these complexity and churn metrics to architectural level change burst metrics, automatically mined from the git repositories of the Mozilla Firefox Web Browser, Apache HTTP Web Server, and the MySQL Database Server, for the purpose of predicting attack prone files and modules. We offer new empirical data quantifying the relationship between our selected metrics and the severity of vulnerable files and modules, assessed using severity data compiled from the NIST National Vulnerability Database, and cross-referenced to our study subjects using unique identifiers defined by the Common Vulnerabilities and Exposures (CVE) vulnerability catalog. Specifically, we evaluate our metrics against the severity scores from CVE entries associated with known-vulnerable files and modules. We use the severity scores according to the Base Score Metric from the Common Vulnerability Scoring System (CVSS), corresponding to applicable CVE entries extracted from the NIST National Vulnerability Database, which we associate with vulnerable files and modules via automated and semi-automated techniques. Our results show that architectural level change burst metrics can perform well in situations where more traditional complexity metrics fail as reliable estimators of vulnerability severity. In particular, results from our experiments on Apache HTTP Web Server indicate that architectural level change burst metrics show high correlation with the severity of known vulnerable modules, and do so with information directly available from the version control repository change-set (i.e., commit) history

KU ScholarWorks