References of "Bissyande, Tegawendé François D Assise 50000802"
     in
Bookmark and Share    
Full Text
See detailHarvesting Fix Hints in the History of Bugs
Bissyande, Tegawendé François D Assise UL

Report (2015)

In software development, fixing bugs is an im- portant task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the ... [more ▼]

In software development, fixing bugs is an im- portant task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the strategies are limited to a set of identified bugs that were thoroughly studied to define their properties. They thus manage to cover a niche of faults such as infinite loops. We build on the assumption that bugs, and the associated user bug reports, are repetitive and propose a new approach of fix recommendations based on the history of bugs and their associated fixes. In our approach, once a bug is reported, it is automatically compared to all previously fixed bugs using information retrieval techniques and machine learning classification. Based on this comparison, we recommend top-k fix actions, identified from past fix examples, that may be suitable as hints for software developers to address the new bug [less ▲]

Detailed reference viewed: 43 (3 UL)
Full Text
See detailA Study of Potential Component Leaks in Android Apps
Li, Li UL; Allix, Kevin UL; Li, Daoyuan UL et al

Report (2015)

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications ... [more ▼]

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validation show high performance with 95% precision for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps. By further investigating the generalization ability of this feature set, we highlight an issue often overlooked in the Android malware detection community: Qualitative aspects of training datasets have a strong impact on a malware detector’s performance. Furthermore, this impact cannot be overcome by simply increasing the Quantity of training material. [less ▲]

Detailed reference viewed: 179 (2 UL)
Full Text
Peer Reviewed
See detailApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in International Conference on ICT Systems Security and Privacy Protection (SEC 2015) (2015, May)

Detailed reference viewed: 184 (10 UL)
Full Text
Peer Reviewed
See detailAutomating the Extraction of Model-based Software Product Lines from Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) (2015)

Detailed reference viewed: 90 (9 UL)
Full Text
Peer Reviewed
See detailIccTA: Detecting Inter-Component Privacy Leaks in Android Apps
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015) (2015)

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating ... [more ▼]

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components. Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting inter-component detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps. [less ▲]

Detailed reference viewed: 1197 (40 UL)
Full Text
Peer Reviewed
See detailAre Your Training Datasets Yet Relevant? - An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

in Engineering Secure Software and Systems - 7th International Symposium ESSoS 2015, Milan, Italy, March 4-6, 2015. Proceedings (2015)

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show ... [more ▼]

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to con- firm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 1113 (31 UL)
Full Text
Peer Reviewed
See detailEmpirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Empirical Software Engineering (2014)

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective ... [more ▼]

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild. To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications’ CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed—F-measures dropping from over 0.9 in the lab to below 0.1 in the wild —raises one important question: How do state-of-the-art approaches perform in the wild ? [less ▲]

Detailed reference viewed: 456 (43 UL)
Full Text
Peer Reviewed
See detailSensing in the Urban Technological Deserts-A Position Paper for Smart Cities in Least Developed Countries
Ouoba, Jonathan; Bissyande, Tegawendé François D Assise UL

in International Workshop on Web Intelligence and Smart Sensing (2014, September 01)

Technological progress in recent years have allowed to produce sensors, on macroscopic and microscopic scales, that are now essential to ubiquitous computing. This paradigm has made the concept of smart ... [more ▼]

Technological progress in recent years have allowed to produce sensors, on macroscopic and microscopic scales, that are now essential to ubiquitous computing. This paradigm has made the concept of smart cities a reality that is now in synchrony with the needs and requirements for living in this era. Whether it concerns commuters in public transportations or users of existential services such as hospitals, the implementation of smart cities is equally important in developed countries than in the least developed countries. Unfortunately, in the latter, sensors and the associated technologies are not readily available to implement smart cities. It is therefore necessary to identify surrogate ways of sensing the ambiant environment. In this position paper, we discuss the situations in least developed countries and the obstacles to common implementations of smart cities. We also provide a preliminary enumeration of how mobile-phones with SMS-based services and the cultural model can be leveraged to build smart cities in such urban technological deserts. [less ▲]

Detailed reference viewed: 49 (0 UL)
Full Text
Peer Reviewed
See detailA Forensic Analysis of Android Malware -- How is Malware Written and How It Could Be Detected?
Allix, Kevin UL; Jerome, Quentin UL; Bissyande, Tegawendé François D Assise UL et al

in Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference (2014, July)

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last ... [more ▼]

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last years, none has addressed it from a forensic point of view. After collecting over 500,000 applications from user markets and research repositories, we perform an analysis that yields precious insights on the writing process of Android malware. This study also explores some strange artifacts in the datasets, and the divergent capabilities of state-of-the-art antivirus to recognize/define malware. We further highlight some major weak usage and misunderstanding of Android security by the criminal community and show some patterns in their operational flow. Finally, using insights from this analysis, we build a naive malware detection scheme that could complement existing anti virus software. [less ▲]

Detailed reference viewed: 310 (16 UL)
Full Text
See detailMachine Learning-Based Malware Detection for Android Applications: History Matters!
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

Report (2014)

Machine Learning-based malware detection is a promis- ing scalable method for identifying suspicious applica- tions. In particular, in today’s mobile computing realm where thousands of applications are ... [more ▼]

Machine Learning-based malware detection is a promis- ing scalable method for identifying suspicious applica- tions. In particular, in today’s mobile computing realm where thousands of applications are daily poured into markets, such a technique could be valuable to guaran- tee a strong filtering of malicious apps. The success of machine-learning approaches however is highly de- pendent on (1) the quality of the datasets that are used for training and of (2) the appropriateness of the tested datasets with regards to the built classifiers. Unfortu- nately, there is scarce mention of these aspects in the evaluation of existing state-of-the-art approaches in the literature. In this paper, we consider the relevance of history in the construction of datasets, to highlight its impact on the performance of the malware detection scheme. Typ- ically, we show that simply picking a random set of known malware to train a malware detector, as it is done in most assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to confirm a number of intuitive assump- tions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 614 (35 UL)
Full Text
Peer Reviewed
See detailAhead of time static analysis for automatic generation of debugging interfaces to the Linux kernel
Bissyande, Tegawendé François D Assise UL; Réveillère, Laurent; Lawall, Julia et al

in Automated Software Engineering (2014)

The Linux kernel does not export a stable, well-defined kernel interface, complicating the development of kernel-level services, such as device drivers and file systems. While there does exist a set of ... [more ▼]

The Linux kernel does not export a stable, well-defined kernel interface, complicating the development of kernel-level services, such as device drivers and file systems. While there does exist a set of functions that are exported to external modules, this set of functions frequently changes, and the functions have implicit, ill-documented preconditions. No specific debugging support is provided. We present Diagnosys, an approach to automatically constructing a debugging interface for the Linux kernel. First, a designated kernel maintainer uses Diagnosys to identify constraints on the use of the exported functions. Based on this information, developers of kernel services can then use Diagnosys to generate a debugging interface specialized to their code. When a service including this interface is tested, it records information about potential problems. This information is preserved following a kernel crash or hang. Our experiments show that the generated debugging interface provides useful log information and incurs a low performance penalty. [less ▲]

Detailed reference viewed: 89 (2 UL)
Full Text
Peer Reviewed
See detailLarge-scale Machine Learning-based Malware Detection: Confronting the "10-fold Cross Validation" Scheme with Reality
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (2014, March)

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results ... [more ▼]

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results were recorded in the literature, many approaches being assessed with the common “10-Fold cross validation” scheme. This paper revisits the purpose of mal- ware detection to discuss the adequacy of the “10-Fold” scheme for validating techniques that may not perform well in real- ity. To this end, we have devised several Machine Learning classifiers that rely on a novel set of features built from ap- plications’ CFGs. We use a sizeable dataset of over 50,000 Android applications collected from sources where state-of- the art approaches have selected their data. We show that our approach outperforms existing machine learning-based approaches. However, this high performance on usual-size datasets does not translate in high performance in the wild. [less ▲]

Detailed reference viewed: 301 (21 UL)
See detaile-Infrastructure and e-Services for Developing Countries
Bissyande, Tegawendé François D Assise UL; van Stam, Gertjan

Book published by Springer (2014)

Detailed reference viewed: 104 (0 UL)
Full Text
Peer Reviewed
See detailGot Issues? Who Cares About It? A Large Scale Investigation of Issue Trackers from GitHub
Bissyande, Tegawendé François D Assise UL; Lo, David; Jiang, Lingxiao et al

in Proceedings of the 24th International Symposium on Software Reliability Engineering (ISSRE 2013) (2013, November)

Detailed reference viewed: 127 (7 UL)
Full Text
Peer Reviewed
See detailImplementing an Embedded Compiler using Program Transformation Rules
Bissyande, Tegawendé François D Assise UL; Réveillère, Laurent; Lawall, Julia et al

in Software : Practice & Experience (2013)

Domain-specific languages (DSLs) are well-recognized to ease programming and improve robustness for a specific domain, by providing high-level domain-specific notations and verifications of domain ... [more ▼]

Domain-specific languages (DSLs) are well-recognized to ease programming and improve robustness for a specific domain, by providing high-level domain-specific notations and verifications of domain-specific properties. The compiler of a DSL, however, is often difficult to develop and maintain, due to the need to define a specific treatment for a large and potentially increasing number of language constructs. To address this issue, we propose an approach for specifying a DSL compiler and verifier using control-flow sensitive concrete-syntax based matching rules. These rules either collect information about the source code to carry out verifications or perform transformations to carry out compilation. Because rules only mention the relevant constructs, using their concrete syntax, and hide the complexity of control-flow graph traversal, it is easy to understand the purpose of each rule. Furthermore, new compilation steps can be added using only a small number of lines of code. We explore this approach in the context of the z2z DSL for network gateway development, and show that the core of its compiler and verifier can be implemented in this manner. [less ▲]

Detailed reference viewed: 90 (0 UL)
Full Text
Peer Reviewed
See detailTowards Securing Communications in Infrastructure-poor Areas
Ahmat, Daouda; Bissyande, Tegawendé François D Assise UL; Magoni, Damien

in Proceedings of the 5th EAI International Conference on e-Infrastructure and e-Services for Developing Countries (2013)

Structured P2P networks have proven to be effective in the exchange of data between nodes whose identity and content are generally indexed in a DHT. For years, such DHT networks have allowed, among other ... [more ▼]

Structured P2P networks have proven to be effective in the exchange of data between nodes whose identity and content are generally indexed in a DHT. For years, such DHT networks have allowed, among other users, third world inhabitants, such as African people, to exchange information among them and with the rest of the world without relying on a centralized infrastructure. Unfortunately, more than ever, reliability of communication across the Internet is threatened by various attacks, including usurpation of identity, eavesdropping or traffic modification. Thus, in order to overcome these security issues and allow peers to securely exchange data, we propose a new key management scheme that enables to handle public keys in the absence of a central coordination which would be required in a traditional PKI. [less ▲]

Detailed reference viewed: 109 (0 UL)
Full Text
Peer Reviewed
See detailSustainable ICT4D in Africa: Where Do We Go From Here?
Bissyande, Tegawendé François D Assise UL; Ahmat, Daouda; Ouoba, Jonathan et al

in EAI International Conference on e-Infrastructure and e-Services for Developing Countries (2013)

In recent years many researchers in Africa and beyond have devoted considerable resources investigating ways to harness the potential of ICT for improving users’ livelihood in developing areas. Topics and ... [more ▼]

In recent years many researchers in Africa and beyond have devoted considerable resources investigating ways to harness the potential of ICT for improving users’ livelihood in developing areas. Topics and domains of interest appear to be broad with recurring themes and solutions. Unfortunately there are no clear research roadmaps on what is urgent and of the state of the art solutions. In this position paper for the AFRICOMM series of conference, we propose to investigate some priorities for ICT4D in Africa. We believe that our work could motivate researchers and create a synergy around a few important challenges of ICT4D in Africa. [less ▲]

Detailed reference viewed: 121 (1 UL)
Full Text
Peer Reviewed
See detailAn Empirical Study of Adoption of Software Testing in Open Source Projects
Pavneet Singh, Kochaar; Bissyande, Tegawendé François D Assise UL; Lo, David et al

in Proceedings of the 13th International Conference on Quality Software (QSIC 2013) (2013)

Testing is an indispensable part of software development efforts. It helps to improve the quality of software systems by finding bugs and errors during development and deployment. Huge amount of resources ... [more ▼]

Testing is an indispensable part of software development efforts. It helps to improve the quality of software systems by finding bugs and errors during development and deployment. Huge amount of resources are spent on testing efforts. However, to what extent are they used in practice? In this study, we investigate the adoption of testing in open source projects. We study more than 20,000 non-trivial software projects and explore the correlation of test cases with various project development characteristics including: project size, development team size, number of bugs, number of bug reporters, and the programming languages of these projects. [less ▲]

Detailed reference viewed: 182 (3 UL)