References of "Bissyande, Tegawendé François D Assise 50000802"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailMining Families of Android Applications for Extractive SPL Adoption
Li, Li UL; Martinez, Jabier UL; Ziadi, Tewfik et al

in The 20th International Systems and Software Product Line Conference (SPLC 2016) (2016)

The myriads of smart phones around the globe gave rise to a vast proliferation of mobile applications. These applications target an increasing number of user profiles and tasks. In this context, Android ... [more ▼]

The myriads of smart phones around the globe gave rise to a vast proliferation of mobile applications. These applications target an increasing number of user profiles and tasks. In this context, Android is a leading technology for their development and on-line markets are the main means for their distribution. In this paper we motivate, from two perspectives, the mining of these markets with the objective to identify families of apps variants in the wild. The first perspective is related to research activities where building realistic case studies for evaluating extractive SPL adoption techniques are needed. The second is related to a large- scale, world-wide and time-aware study of reuse practice in an industry which is now flourishing among all others within the software engineering community. This study is relevant to assess potential for SPLE practices adoption. We present initial implementations of the mining process and we discuss analyses of variant families. [less ▲]

Detailed reference viewed: 255 (14 UL)
Full Text
Peer Reviewed
See detailTowards an Autonomous Vision-Based Unmanned Aerial System against Wildlife Poachers
Olivares Mendez, Miguel Angel UL; Fu, Changhong; Ludivig, Philippe et al

in Sensors (2015), 15(12), 29861

Poaching is an illegal activity that remains out of control in many countries. Based on the 2014 report of the United Nations and Interpol, the illegal trade of global wildlife and natural resources ... [more ▼]

Poaching is an illegal activity that remains out of control in many countries. Based on the 2014 report of the United Nations and Interpol, the illegal trade of global wildlife and natural resources amounts to nearly $213 billion every year, which is even helping to fund armed conflicts. Poaching activities around the world are further pushing many animal species on the brink of extinction. Unfortunately, the traditional methods to fight against poachers are not enough, hence the new demands for more efficient approaches. In this context, the use of new technologies on sensors and algorithms, as well as aerial platforms is crucial to face the high increase of poaching activities in the last few years. Our work is focused on the use of vision sensors on UAVs for the detection and tracking of animals and poachers, as well as the use of such sensors to control quadrotors during autonomous vehicle following and autonomous landing. [less ▲]

Detailed reference viewed: 274 (46 UL)
Full Text
Peer Reviewed
See detailVulnerabilities of Government Websites in a Developing Country – The Case of Burkina Faso
Bissyande, Tegawendé François D Assise UL; Ouoba, Jonathan; Ahmat, Daouda et al

in 7th International Conference on e‐Infrastructure and e‐Services for Developing Countries (2015, December)

Slowly, but consistently, the digital gap between developing and developed countries is being closed. Everyday, there are initiatives towards relying on ICT to simplify the interaction between citizens ... [more ▼]

Slowly, but consistently, the digital gap between developing and developed countries is being closed. Everyday, there are initiatives towards relying on ICT to simplify the interaction between citizens and their governments in developing countries. E-government is thus becoming a reality: in Burkina Faso, all government bodies are taking part in this movement with web portals dedicated to serving the public. Unfortunately, in this rush to promote government actions within this trend of digitization, little regards is given to the security of such web sites. In many cases, government highly critical web sites are simply produced in a product line fashion using Content Management Systems which the webmasters do not quite master. We discuss in this study our findings on empirically assessing the security of govern- ment websites in Burkina Faso. By systematically scanning these websites for simple and well-known vulnerabilities, we were able to discover issues that deserved urgent attention. As an example, we were able to crawl from temporary backup files in a government web site all information (hostname, login and password in clear) to read and write directly in the database and for impersonating the administrator of the website. We also found that around 50% of the government websites are built on top of platforms suffering from 14 publicly known vulnerabilities, and thus can be readily attacked by any hacker. [less ▲]

Detailed reference viewed: 202 (10 UL)
Full Text
Peer Reviewed
See detailPotential Component Leaks in Android Apps: An Investigation into a new Feature Set for Malware Detection
Li, Li UL; Allix, Kevin UL; Li, Daoyuan UL et al

in The 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS 2015) (2015, August)

Detailed reference viewed: 570 (261 UL)
Full Text
See detailHarvesting Fix Hints in the History of Bugs
Bissyande, Tegawendé François D Assise UL

Report (2015)

In software development, fixing bugs is an im- portant task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the ... [more ▼]

In software development, fixing bugs is an im- portant task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the strategies are limited to a set of identified bugs that were thoroughly studied to define their properties. They thus manage to cover a niche of faults such as infinite loops. We build on the assumption that bugs, and the associated user bug reports, are repetitive and propose a new approach of fix recommendations based on the history of bugs and their associated fixes. In our approach, once a bug is reported, it is automatically compared to all previously fixed bugs using information retrieval techniques and machine learning classification. Based on this comparison, we recommend top-k fix actions, identified from past fix examples, that may be suitable as hints for software developers to address the new bug [less ▲]

Detailed reference viewed: 71 (5 UL)
Full Text
See detailA Study of Potential Component Leaks in Android Apps
Li, Li UL; Allix, Kevin UL; Li, Daoyuan UL et al

Report (2015)

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications ... [more ▼]

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validation show high performance with 95% precision for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps. By further investigating the generalization ability of this feature set, we highlight an issue often overlooked in the Android malware detection community: Qualitative aspects of training datasets have a strong impact on a malware detector’s performance. Furthermore, this impact cannot be overcome by simply increasing the Quantity of training material. [less ▲]

Detailed reference viewed: 232 (2 UL)
Full Text
Peer Reviewed
See detailApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in International Conference on ICT Systems Security and Privacy Protection (SEC 2015) (2015, May)

Detailed reference viewed: 246 (10 UL)
Full Text
Peer Reviewed
See detailAutomating the Extraction of Model-based Software Product Lines from Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) (2015)

Detailed reference viewed: 138 (9 UL)
Full Text
Peer Reviewed
See detailIccTA: Detecting Inter-Component Privacy Leaks in Android Apps
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015) (2015)

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating ... [more ▼]

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components. Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting inter-component detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps. [less ▲]

Detailed reference viewed: 1279 (41 UL)
Full Text
Peer Reviewed
See detailAre Your Training Datasets Yet Relevant? - An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

in Engineering Secure Software and Systems - 7th International Symposium ESSoS 2015, Milan, Italy, March 4-6, 2015. Proceedings (2015)

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show ... [more ▼]

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to con- firm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 1175 (36 UL)
Full Text
Peer Reviewed
See detailEmpirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Empirical Software Engineering (2014)

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective ... [more ▼]

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild. To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications’ CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed—F-measures dropping from over 0.9 in the lab to below 0.1 in the wild —raises one important question: How do state-of-the-art approaches perform in the wild ? [less ▲]

Detailed reference viewed: 538 (56 UL)
Full Text
Peer Reviewed
See detailSensing in the Urban Technological Deserts-A Position Paper for Smart Cities in Least Developed Countries
Ouoba, Jonathan; Bissyande, Tegawendé François D Assise UL

in International Workshop on Web Intelligence and Smart Sensing (2014, September 01)

Technological progress in recent years have allowed to produce sensors, on macroscopic and microscopic scales, that are now essential to ubiquitous computing. This paradigm has made the concept of smart ... [more ▼]

Technological progress in recent years have allowed to produce sensors, on macroscopic and microscopic scales, that are now essential to ubiquitous computing. This paradigm has made the concept of smart cities a reality that is now in synchrony with the needs and requirements for living in this era. Whether it concerns commuters in public transportations or users of existential services such as hospitals, the implementation of smart cities is equally important in developed countries than in the least developed countries. Unfortunately, in the latter, sensors and the associated technologies are not readily available to implement smart cities. It is therefore necessary to identify surrogate ways of sensing the ambiant environment. In this position paper, we discuss the situations in least developed countries and the obstacles to common implementations of smart cities. We also provide a preliminary enumeration of how mobile-phones with SMS-based services and the cultural model can be leveraged to build smart cities in such urban technological deserts. [less ▲]

Detailed reference viewed: 73 (0 UL)
Full Text
Peer Reviewed
See detailA Forensic Analysis of Android Malware -- How is Malware Written and How It Could Be Detected?
Allix, Kevin UL; Jerome, Quentin UL; Bissyande, Tegawendé François D Assise UL et al

in Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference (2014, July)

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last ... [more ▼]

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last years, none has addressed it from a forensic point of view. After collecting over 500,000 applications from user markets and research repositories, we perform an analysis that yields precious insights on the writing process of Android malware. This study also explores some strange artifacts in the datasets, and the divergent capabilities of state-of-the-art antivirus to recognize/define malware. We further highlight some major weak usage and misunderstanding of Android security by the criminal community and show some patterns in their operational flow. Finally, using insights from this analysis, we build a naive malware detection scheme that could complement existing anti virus software. [less ▲]

Detailed reference viewed: 433 (24 UL)
Full Text
See detailMachine Learning-Based Malware Detection for Android Applications: History Matters!
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

Report (2014)

Machine Learning-based malware detection is a promis- ing scalable method for identifying suspicious applica- tions. In particular, in today’s mobile computing realm where thousands of applications are ... [more ▼]

Machine Learning-based malware detection is a promis- ing scalable method for identifying suspicious applica- tions. In particular, in today’s mobile computing realm where thousands of applications are daily poured into markets, such a technique could be valuable to guaran- tee a strong filtering of malicious apps. The success of machine-learning approaches however is highly de- pendent on (1) the quality of the datasets that are used for training and of (2) the appropriateness of the tested datasets with regards to the built classifiers. Unfortu- nately, there is scarce mention of these aspects in the evaluation of existing state-of-the-art approaches in the literature. In this paper, we consider the relevance of history in the construction of datasets, to highlight its impact on the performance of the malware detection scheme. Typ- ically, we show that simply picking a random set of known malware to train a malware detector, as it is done in most assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to confirm a number of intuitive assump- tions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 659 (38 UL)
Full Text
Peer Reviewed
See detailAhead of time static analysis for automatic generation of debugging interfaces to the Linux kernel
Bissyande, Tegawendé François D Assise UL; Réveillère, Laurent; Lawall, Julia et al

in Automated Software Engineering (2014)

The Linux kernel does not export a stable, well-defined kernel interface, complicating the development of kernel-level services, such as device drivers and file systems. While there does exist a set of ... [more ▼]

The Linux kernel does not export a stable, well-defined kernel interface, complicating the development of kernel-level services, such as device drivers and file systems. While there does exist a set of functions that are exported to external modules, this set of functions frequently changes, and the functions have implicit, ill-documented preconditions. No specific debugging support is provided. We present Diagnosys, an approach to automatically constructing a debugging interface for the Linux kernel. First, a designated kernel maintainer uses Diagnosys to identify constraints on the use of the exported functions. Based on this information, developers of kernel services can then use Diagnosys to generate a debugging interface specialized to their code. When a service including this interface is tested, it records information about potential problems. This information is preserved following a kernel crash or hang. Our experiments show that the generated debugging interface provides useful log information and incurs a low performance penalty. [less ▲]

Detailed reference viewed: 126 (2 UL)
Full Text
Peer Reviewed
See detailLarge-scale Machine Learning-based Malware Detection: Confronting the "10-fold Cross Validation" Scheme with Reality
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (2014, March)

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results ... [more ▼]

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results were recorded in the literature, many approaches being assessed with the common “10-Fold cross validation” scheme. This paper revisits the purpose of mal- ware detection to discuss the adequacy of the “10-Fold” scheme for validating techniques that may not perform well in real- ity. To this end, we have devised several Machine Learning classifiers that rely on a novel set of features built from ap- plications’ CFGs. We use a sizeable dataset of over 50,000 Android applications collected from sources where state-of- the art approaches have selected their data. We show that our approach outperforms existing machine learning-based approaches. However, this high performance on usual-size datasets does not translate in high performance in the wild. [less ▲]

Detailed reference viewed: 352 (30 UL)
See detaile-Infrastructure and e-Services for Developing Countries
Bissyande, Tegawendé François D Assise UL; van Stam, Gertjan

Book published by Springer (2014)

Detailed reference viewed: 150 (0 UL)
Full Text
Peer Reviewed
See detailGot Issues? Who Cares About It? A Large Scale Investigation of Issue Trackers from GitHub
Bissyande, Tegawendé François D Assise UL; Lo, David; Jiang, Lingxiao et al

in Proceedings of the 24th International Symposium on Software Reliability Engineering (ISSRE 2013) (2013, November)

Detailed reference viewed: 195 (9 UL)
Full Text
Peer Reviewed
See detailImplementing an Embedded Compiler using Program Transformation Rules
Bissyande, Tegawendé François D Assise UL; Réveillère, Laurent; Lawall, Julia et al

in Software : Practice & Experience (2013)

Domain-specific languages (DSLs) are well-recognized to ease programming and improve robustness for a specific domain, by providing high-level domain-specific notations and verifications of domain ... [more ▼]

Domain-specific languages (DSLs) are well-recognized to ease programming and improve robustness for a specific domain, by providing high-level domain-specific notations and verifications of domain-specific properties. The compiler of a DSL, however, is often difficult to develop and maintain, due to the need to define a specific treatment for a large and potentially increasing number of language constructs. To address this issue, we propose an approach for specifying a DSL compiler and verifier using control-flow sensitive concrete-syntax based matching rules. These rules either collect information about the source code to carry out verifications or perform transformations to carry out compilation. Because rules only mention the relevant constructs, using their concrete syntax, and hide the complexity of control-flow graph traversal, it is easy to understand the purpose of each rule. Furthermore, new compilation steps can be added using only a small number of lines of code. We explore this approach in the context of the z2z DSL for network gateway development, and show that the core of its compiler and verifier can be implemented in this manner. [less ▲]

Detailed reference viewed: 129 (0 UL)