Automatic Detection of Insecure Codes in Stack Overflow

As the popularity of modern social coding paradigm such as Stack Overflow grows, its potential security risks increase as well (e.g., insecure codes could be easily embedded and distributed). To address this largely overlooked issue, we bring a new insight to exploit social coding properties in addition to code content for automatic detection of insecure code snippets in Stack Overflow. To determine if the given code snippets are insecure, we not only analyze the code content, but also utilize various kinds of relations among users, badges, questions, answers, code snippets and keywords in Stack Overflow. To model the rich semantic relationships, we first introduce a structured heterogeneous information network (HIN) for representation and then use meta-path based approach to incorporate higher-level semantics to build up relatedness over code snippets. Later, we propose two different novel network embedding models named Snippet2vec and CodeHin2Vec for representation learning in HIN to automate the insecure code snippet detection in Stack Overflow. More specifically, Snippet2vec learns the low dimensional representations for the nodes (i.e., code snippets) in the HIN where both the HIN structures and semantics are maximally preserved, while CodeHin2Vec utilizes HIN to depict relatedness over code snippets to generate code-to-code sequences, based on which sequence-to-sequence (seq2seq) concept in machine translation is further leveraged to learn representations of code snippets. Accordingly, we developed systems ICSD and iTrustSO which integrate our proposed methods respectively in insecure code snippet detection in Stack Overflow. Comprehensive experiments on the data collections from Stack Overflow are conducted to validate the effectiveness of our developed systems by comparisons with the state-of-the-art baseline methods

Four essays in international macroeconomics

Chapter 1: We propose an integral correction mechanism to model real exchange rate dynamics. In estimation, we also allow a Harrod-Balassa-Samuelson effect on real exchange rate long-run equilibrium. Using data from 19 OECD countries, we find the integral correction mechanism fitting in-sample data significantly better than the popular smooth transition autoregression model. The special dynamics of the integral correction mechanism help explain the PPP puzzle by distinguishing mean-reversion speeds in the long- and short- run. However, the integral correction mechanism shows a significant out-of-sample forecast gain over the random walk in only few cases. Though the gain is robust across forecast horizons and quite large at long horizons. Chapter 2: This chapter evaluates the ability of a standard IRBC model augmented with an input adjustment cost of imported goods to explain different aspects of the real exchange rate like the standard deviation, the autocorrelation function, the spectrum and the integral correction mechanism. I find that the simple IRBC model with an appropriate calibration can well capture all features of the real exchange rate. The input adjustment cost plays the key role. As compared to the standard model, it implies a reversed impulse response of the real exchange rate with a fast speed going back to steady state and introduces a long-run cyclical movement in most macroeconomic variables. I find that this particular impulse response helps explain the PPP puzzle. Chapter 3: I study optimal unconventional monetary policy under commitment in a two-country model where domestic policy entails larger spillovers to foreign countries. Equity injections into financial intermediaries turn out to be more efficient than discount window lending and the large-scale asset purchases that have been employed in many countries. Due to precautionary effects of future crises, a central bank should exit from its policy more slowly than the speed of deleveraging in the financial sector. The optimal policy can be changed considerably if cross-country policy cooperation is not imposed. In this case, interventions tend to be too strong in one country but too weak in the other. Gains from cooperation become positive if using unconventional monetary policy is costly enough, then correlates positively with the cost. Chapter 4: I consider the implementation of optimal unconventional monetary policy outlined in chapter 3. I find the Ramsey policy characterised by a simple rules responding to gaps in asset prices. However, it requires knowledge of asset prices that would be realized in a world free of financial friction so cannot be used to guide unconventional monetary policy in practice. The best practical simple rule responds to credit spread with inertia