Weighted system dependence graph

Abstract-In this paper, we present a weighted, hybrid program-dependence model that represents the relevance of highly related, dependent code to assist developer comprehension of the program for multiple software-engineering tasks. Programmers often need to understand the dependencies among program elements, which may exist across multiple modules. Although such dependencies can be gathered from traditional models, such as slices, the scalability of these approaches is often prohibitive for direct, practical use. To address this scalability issue, as well as to assist developer comprehension, we introduce a program model that includes static dependencies as well as information about any number of executions, which inform the weight and relevance of the dependencies. Additionally, classes of executions can be differentiated in such a way as to support multiple software-engineering tasks. We evaluate this weighted, hybrid model for a task that involves exploring the structural context while debugging. The results demonstrate that the new model more effectively reveals relevant failure-correlated code than the static-only model, thus enabling a more scalable exploration or post hoc analysis

Data-Mining Techniques for Call-Graph-Based Software-Defect Localisation

Defect localisation is an important problem in software engineering. This dissertation investigates call-graph-mining-based software defect localisation, which supports software developers by providing hints where defects might be located. It extends the state-of-the-art by proposing new graph representations and mining techniques for weighted graphs. This leads to a broader range of detectable defects, to an increased localisation precision and to enhanced scalability

Dagstuhl Reports : Volume 1, Issue 2, February 2011

Online Privacy: Towards Informational Self-Determination on the Internet (Dagstuhl Perspectives Workshop 11061) : Simone Fischer-Hübner, Chris Hoofnagle, Kai Rannenberg, Michael Waidner, Ioannis Krontiris and Michael Marhöfer Self-Repairing Programs (Dagstuhl Seminar 11062) : Mauro Pezzé, Martin C. Rinard, Westley Weimer and Andreas Zeller Theory and Applications of Graph Searching Problems (Dagstuhl Seminar 11071) : Fedor V. Fomin, Pierre Fraigniaud, Stephan Kreutzer and Dimitrios M. Thilikos Combinatorial and Algorithmic Aspects of Sequence Processing (Dagstuhl Seminar 11081) : Maxime Crochemore, Lila Kari, Mehryar Mohri and Dirk Nowotka Packing and Scheduling Algorithms for Information and Communication Services (Dagstuhl Seminar 11091) Klaus Jansen, Claire Mathieu, Hadas Shachnai and Neal E. Youn

Bridging statistical learning and formal reasoning for cyber attack detection

Current cyber-infrastructures are facing increasingly stealthy attacks that implant malicious payloads under the cover of benign programs. Current attack detection approaches based on statistical learning methods may generate misleading decision boundaries when processing noisy data with such a mixture of benign and malicious behaviors. On the other hand, attack detection based on formal program analysis may lack completeness or adaptivity when modeling attack behaviors. In light of these limitations, we have developed LEAPS, an attack detection system based on supervised statistical learning to classify benign and malicious system events. Furthermore, we leverage control flow graphs inferred from the system event logs to enable automatic pruning of the training data, which leads to a more accurate classification model when applied to the testing data. Our extensive evaluation shows that, compared with pure statistical learning models, LEAPS achieves consistently higher accuracy when detecting real-world camouflaged attackswith benign program cover-up

Reproducing Failures in Fault Signatures

Software often fails in the field, however reproducing and debugging field failures is very challenging: the failure-inducing input may be missing, and the program setup can be complicated and hard to reproduce by the developers. In this paper, we propose to generate fault signatures from the failure locations and the original source code to reproduce the faults in small executable programs. We say that a fault signature reproduces the fault in the original program if the two failed in the same location, triggered the same error conditions after executing the same selective sequences of failure-inducing statements. A fault signature aims to contain only sufficient statements that can reproduce the faults. That way, it provides some context to inform how a fault is developed and also avoids unnecessary complexity and setups that may block fault diagnosis. To compute fault signatures from the failures, we applied a path-sensitive static analysis tool to generate a path that leads to the fault, and then applied an existing syntactic patching tool to convert the path into an executable program. Our evaluation on real-world bugs from Corebench, BugBench, and Manybugs shows that fault signatures can reproduce the fault for the original programs. Because fault signatures are less complex, automatic test input generation tools generated failure-inducing inputs that could not be generated by using the entire programs. Some failure-inducing inputs can be directly transferred to the original programs. Our experimental data are publicly available at https://doi.org/10.5281/zenodo.5430155

Employing Program Semantics for Malware Detection

In recent years, malware has emerged as a critical security threat. Additionally, malware authors continue to embed numerous anti–detection features to evade existing malware detection approaches. Against this advanced class of malicious programs, dynamic behavior–based malware detection approaches outperform the traditional signature–based approaches by neutralizing the effects of obfuscation and morphing techniques. The majority of dynamic behavior detectors rely on system–calls to model the infection and propagation dynamics of malware. However, these approaches do not account an important anti–detection feature of modern malware, i.e., system–call injection attack. This attack allows the malicious binaries to inject irrelevant and independent system–calls during the program execution thus modifying the execution sequences defeating the existing system–call based detection. To address this problem, we propose an evasion–proof solution that is not vulnerable to system–call injection attacks. Our proposed approach precisely characterizes the program semantics using Asymptotic Equipartition Property (AEP) mainly applied in information theoretic domain. The AEP allows us to extract the information–rich call sequences that are further quantified to detect the malicious binaries. Furthermore, the proposed detection model is less vulnerable to call–injection attacks as the discriminating components are not directly visible to malware authors. This particular characteristic of proposed approach hampers a malware author’s aim of defeating our approach. We run a thorough set of experiments to evaluate our solution and compare it with existing system-call based malware detection techniques. The results demonstrate that the proposed solution is effective in identifying real malware instances