67 research outputs found
Classifying Web Exploits with Topic Modeling
This short empirical paper investigates how well topic modeling and database
meta-data characteristics can classify web and other proof-of-concept (PoC)
exploits for publicly disclosed software vulnerabilities. By using a dataset
comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is
obtained in the empirical experiment. Text mining and topic modeling are a
significant boost factor behind this classification performance. In addition to
these empirical results, the paper contributes to the research tradition of
enhancing software vulnerability information with text mining, providing also a
few scholarly observations about the potential for semi-automatic
classification of exploits in the existing tracking infrastructures.Comment: Proceedings of the 2017 28th International Workshop on Database and
Expert Systems Applications (DEXA).
http://ieeexplore.ieee.org/abstract/document/8049693
An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications
This paper examines software vulnerabilities in common Python packages used
particularly for web development. The empirical dataset is based on the PyPI
package repository and the so-called Safety DB used to track vulnerabilities in
selected packages within the repository. The methodological approach builds on
a release-based time series analysis of the conditional probabilities for the
releases of the packages to be vulnerable. According to the results, many of
the Python vulnerabilities observed seem to be only modestly severe; input
validation and cross-site scripting have been the most typical vulnerabilities.
In terms of the time series analysis based on the release histories, only the
recent past is observed to be relevant for statistical predictions; the
classical Markov property holds.Comment: Forthcoming in: Proceedings of the 9th International Workshop on
Empirical Software Engineering in Practice (IWESEP 2018), Nara, IEE
Reassessing Measures for Press Freedom
There has been a newly refound interest in press freedom in the face of
various global scandals, transformation of media, technological change,
obstacles to deliberative democracy, and other factors. Press freedom is
frequently used also as an explanatory factor in comparative empirical
research. However, validations of existing measurement instruments on press
freedom have been far and few between. Given these points, this paper evaluates
eight cross-country instruments on press freedom in 147 countries between 2001
and 2020, replicating an earlier study with a comparable research setup. The
methodology is based on principal component analysis and multi-level regression
modeling. According to the results, the construct (convergence) validity of the
instruments is good; they all measure the same underlying semi-narrow
definition for press freedom elaborated in the paper. In addition, any of the
indices seems suitable to be used interchangeability in empirical research.
Limitations and future research directions are further discussed.Comment: Submitte
The Treachery of Images in the Digital Sovereignty Debate
This short theoretical and argumentative essay contributes to the ongoing
deliberation about the so-called digital sovereignty, as pursued particularly
in the European Union (EU). Drawing from classical political science
literature, the essay approaches the debate through paradoxes that arise from
applying classical notions of sovereignty to the digital domain. With these
paradoxes and a focus on the Peace of Westphalia in 1648, the essay develops a
viewpoint distinct from the conventional territorial notion of sovereignty.
Accordingly, the lesson from Westphalia has more to do with the capacity of a
state to govern. It is also this capacity that is argued to enable the
sovereignty of individuals within the digital realm. With this viewpoint, the
essay further advances another, broader, and more pressing debate on politics
and democracy in the digital era.Comment: Minds and Machines, published online in July 2021, pp. 1-1
- …