no code implementations • 22 Mar 2024 • Sivana Hamer, Marcelo d'Amorim, Laurie Williams
Our findings suggest developers are under-educated on insecure code propagation from both platforms, as we found 274 unique vulnerabilities and 25 types of CWE.
no code implementations • 18 Mar 2024 • Nusrat Zahan, Philipp Burckhardt, Mikola Lysenko, Feross Aboukhadijeh, Laurie Williams
Our baseline comparison demonstrates a notable improvement over static analysis in precision scores above 25% and F1 scores above 15%.
no code implementations • 3 Jan 2024 • Md Rayhanur Rahman, Brandon Wroblewski, Quinn Matthews, Brantley Morgan, Tim Menzies, Laurie Williams
The goal of this paper is to aid security practitioners in prioritizing and proactive defense against cyberattacks by mining temporal attack patterns from cyberthreat intelligence reports.
no code implementations • 5 Oct 2022 • Md Rayhanur Rahman, Laurie Williams
\textit{The goal of this study is to aid cybersecurity researchers and practitioners choose attack technique extraction methods for monitoring and sharing threat intelligence by comparing the underlying methods from the TTP extraction studies in the literature.}
no code implementations • 22 Mar 2022 • Rui Shu, Tianpei Xia, Laurie Williams, Tim Menzies
Conclusion: Based on this study, we would suggest the use of optimized GANs as an alternative method for security vulnerability data class imbalanced issues.
no code implementations • 14 Sep 2021 • Md Rayhanur Rahman, Rezvan Mahdavi-Hezaveh, Laurie Williams
Cybersecurity researchers have contributed to the automated extraction of CTI from textual sources, such as threat reports and online articles, where cyberattack strategies, procedures, and tools are described.
no code implementations • 23 Nov 2020 • Rui Shu, Tianpei Xia, Laurie Williams, Tim Menzies
Conclusion: When employing ensemble defense against adversarial evasion attacks, we suggest creating an ensemble with unexpected models that are distant from the attacker's expected model (i. e., target model) through methods such as hyperparameter optimization.
no code implementations • 4 Nov 2019 • Rui Shu, Tianpei Xia, Jianfeng Chen, Laurie Williams, Tim Menzies
For example, in a study of security bug reports from the Chromium dataset, the median recalls of FARSEC and Swift were 15. 7% and 77. 4%, respectively.
Software Engineering
1 code implementation • 16 Jul 2019 • Akond Rahman, Md. Rayhanur Rahman, Chris Parnin, Laurie Williams
We observe agreement for 130 of the responded 187 bug reports, which suggests the relevance of security smells for IaC scripts amongst practitioners.
Cryptography and Security Software Engineering