Classifying Web Exploits with Topic Modeling

This short empirical paper investigates how well topic modeling and database meta-data characteristics can classify web and other proof-of-concept (PoC) exploits for publicly disclosed software vulnerabilities. By using a dataset comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is obtained in the empirical experiment. Text mining and topic modeling are a significant boost factor behind this classification performance. In addition to these empirical results, the paper contributes to the research tradition of enhancing software vulnerability information with text mining, providing also a few scholarly observations about the potential for semi-automatic classification of exploits in the existing tracking infrastructures.Comment: Proceedings of the 2017 28th International Workshop on Database and Expert Systems Applications (DEXA). http://ieeexplore.ieee.org/abstract/document/8049693

A Neural Model for Generating Natural Language Summaries of Program Subroutines

Source code summarization -- creating natural language descriptions of source code behavior -- is a rapidly-growing research topic with applications to automatic documentation generation, program comprehension, and software maintenance. Traditional techniques relied on heuristics and templates built manually by human experts. Recently, data-driven approaches based on neural machine translation have largely overtaken template-based systems. But nearly all of these techniques rely almost entirely on programs having good internal documentation; without clear identifier names, the models fail to create good summaries. In this paper, we present a neural model that combines words from code with code structure from an AST. Unlike previous approaches, our model processes each data source as a separate input, which allows the model to learn code structure independent of the text in code. This process helps our approach provide coherent summaries in many cases even when zero internal documentation is provided. We evaluate our technique with a dataset we created from 2.1m Java methods. We find improvement over two baseline techniques from SE literature and one from NLP literature

Exploring the mathematics of motion through construction and collaboration

In this paper we give a detailed account of the design principles and construction of activities designed for learning about the relationships between position, velocity and acceleration, and corresponding kinematics graphs. Our approach is model-based, that is, it focuses attention on the idea that students constructed their own models – in the form of programs – to formalise and thus extend their existing knowledge. In these activities, students controlled the movement of objects in a programming environment, recording the motion data and plotting corresponding position-time and velocity-time graphs. They shared their findings on a specially-designed web-based collaboration system, and posted cross-site challenges to which others could react. We present learning episodes that provide evidence of students making discoveries about the relationships between different representations of motion. We conjecture that these discoveries arose from their activity in building models of motion and their participation in classroom and online communities