References of "Klein, Jacques 50002098"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailTowards Refined Classifications Driven by SHAP Explanations
Arslan, Yusuf UL; Lebichot, Bertrand UL; Allix, Kevin UL et al

in Holzinger, Andreas; Kieseberg, Peter; Tjoa, A. Min (Eds.) et al Machine Learning and Knowledge Extraction (2022, August 11)

Machine Learning (ML) models are inherently approximate; as a result, the predictions of an ML model can be wrong. In applications where errors can jeopardize a company's reputation, human experts often ... [more ▼]

Machine Learning (ML) models are inherently approximate; as a result, the predictions of an ML model can be wrong. In applications where errors can jeopardize a company's reputation, human experts often have to manually check the alarms raised by the ML models by hand, as wrong or delayed decisions can have a significant business impact. These experts often use interpretable ML tools for the verification of predictions. However, post-prediction verification is also costly. In this paper, we hypothesize that the outputs of interpretable ML tools, such as SHAP explanations, can be exploited by machine learning techniques to improve classifier performance. By doing so, the cost of the post-prediction analysis can be reduced. To confirm our intuition, we conduct several experiments where we use SHAP explanations directly as new features. In particular, by considering nine datasets, we first compare the performance of these "SHAP features" against traditional "base features" on binary classification tasks. Then, we add a second-step classifier relying on SHAP features, with the goal of reducing false-positive and false-negative results of typical classifiers. We show that SHAP explanations used as SHAP features can help to improve classification performance, especially for false-negative reduction. [less ▲]

Detailed reference viewed: 12 (0 UL)
Full Text
Peer Reviewed
See detailDigBug—Pre/post-processing operator selection for accurate bug localization
Kim, Kisub; Ghatpande, Sankalp UL; Liu, Kui et al

in Journal of Systems and Software (2022), 189

Bug localization is a recurrent maintenance task in software development. It aims at identifying relevant code locations (e.g., code files) that must be inspected to fix bugs. When such bugs are reported ... [more ▼]

Bug localization is a recurrent maintenance task in software development. It aims at identifying relevant code locations (e.g., code files) that must be inspected to fix bugs. When such bugs are reported by users, the localization process become often overwhelming as it is mostly a manual task due to incomplete and informal information (written in natural languages) available in bug reports. The research community has then invested in automated approaches, notably using Information Retrieval techniques. Unfortunately, reported performance in the literature is still limited for practical usage. Our key observation, after empirically investigating a large dataset of bug reports as well as workflow and results of state-of-the-art approaches, is that most approaches attempt localization for every bug report without considering the different characteristics of the bug reports. We propose DigBug as a straightforward approach to specialized bug localization. This approach selects pre/post-processing operators based on the attributes of bug reports; and the bug localization model is parameterized in accordance as well. Our experiments confirm that departing from “one-size-fits-all” approaches, DigBug outperforms the state-of-the-art techniques by 6 and 14 percentage points, respectively in terms of MAP and MRR on average. [less ▲]

Detailed reference viewed: 22 (1 UL)
Full Text
Peer Reviewed
See detailLuxemBERT: Simple and Practical Data Augmentation in Language Model Pre-Training for Luxembourgish
Lothritz, Cedric UL; Lebichot, Bertrand UL; Allix, Kevin UL et al

in Proceedings of the Language Resources and Evaluation Conference, 2022 (2022, June)

Pre-trained Language Models such as BERT have become ubiquitous in NLP where they have achieved state-of-the-art performance in most NLP tasks. While these models are readily available for English and ... [more ▼]

Pre-trained Language Models such as BERT have become ubiquitous in NLP where they have achieved state-of-the-art performance in most NLP tasks. While these models are readily available for English and other widely spoken languages, they remain scarce for low-resource languages such as Luxembourgish. In this paper, we present LuxemBERT, a BERT model for the Luxembourgish language that we create using the following approach: we augment the pre-training dataset by considering text data from a closely related language that we partially translate using a simple and straightforward method. We are then able to produce the LuxemBERT model, which we show to be effective for various NLP tasks: it outperforms a simple baseline built with the available Luxembourgish text data as well the multilingual mBERT model, which is currently the only option for transformer-based language models in Luxembourgish. Furthermore, we present datasets for various downstream NLP tasks that we created for this study and will make available to researchers on request. [less ▲]

Detailed reference viewed: 67 (4 UL)
Full Text
Peer Reviewed
See detailTriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs
Samhi, Jordan UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL

in 19th International Conference on Mining Software Repositories, Data Showcase, (MSR 2022) (2022, May 23)

Many Android apps analyzers rely, among other techniques, on dynamic analysis to monitor their runtime behavior and detect potential security threats. However, malicious developers use subtle, though ... [more ▼]

Many Android apps analyzers rely, among other techniques, on dynamic analysis to monitor their runtime behavior and detect potential security threats. However, malicious developers use subtle, though efficient, techniques to bypass dynamic analyzers. Logic bombs are examples of popular techniques where the malicious code is triggered only under specific circumstances, challenging comprehensive dynamic analyses. The research community has proposed various approaches and tools to detect logic bombs. Unfortunately, rigorous assessment and fair comparison of state-of-the-art techniques are impossible due to the lack of ground truth. In this paper, we present TriggerZoo, a new dataset of 406 Android apps containing logic bombs and benign trigger-based behavior that we release only to the research community using authenticated API. These apps are real-world apps from Google Play that have been automatically infected by our tool AndroBomb. The injected pieces of code implementing the logic bombs cover a large pallet of realistic logic bomb types that we have manually characterized from a set of real logic bombs. Researchers can exploit this dataset as ground truth to assess their approaches and provide comparisons against other tools. [less ▲]

Detailed reference viewed: 85 (7 UL)
Full Text
Peer Reviewed
See detailDifuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Samhi, Jordan UL; Li, Li; Bissyande, Tegawendé François D Assise UL et al

in 44th International Conference on Software Engineering (ICSE 2022) (2022, May 21)

One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is logic bombs, where malicious operations are triggered only when specific conditions are satisfied ... [more ▼]

One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is logic bombs, where malicious operations are triggered only when specific conditions are satisfied. Defusing logic bombs remains an unsolved problem in the literature. In this work, we propose to investigate Suspicious Hidden Sensitive Operations (SHSOs) as a step towards triaging logic bombs. To that end, we develop a novel hybrid approach that combines static analysis and anomaly detection techniques to uncover SHSOs, which we predict as likely implementations of logic bombs. Concretely, Difuzer identifies SHSO entry-points using an instrumentation engine and an inter-procedural data-flow analysis. Then, it extracts trigger-specific features to characterize SHSOs and leverages One-Class SVM to implement an unsupervised learning model for detecting abnormal triggers. We evaluate our prototype and show that it yields a precision of 99.02% to detect SHSOs among which 29.7% are logic bombs. Difuzer outperforms the state-of-the-art in revealing more logic bombs while yielding less false positives in about one order of magnitude less time. All our artifacts are released to the community. [less ▲]

Detailed reference viewed: 60 (8 UL)
Full Text
Peer Reviewed
See detailJuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
Samhi, Jordan UL; Gao, Jun UL; Daoudi, Nadia UL et al

in 44th International Conference on Software Engineering (ICSE 2022) (2022, May 21)

Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art ... [more ▼]

Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JuCify approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JuCify builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are ``unreachable'' in apps' call-graphs, both in goodware and malware. Using JuCify, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JuCify's model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JuCify we can find sensitive data leaks that pass through native code. [less ▲]

Detailed reference viewed: 85 (15 UL)
Full Text
Peer Reviewed
See detailA Deep Dive inside DREBIN: An Explorative Analysis beyond Android Malware Detection Scores
Daoudi, Nadia UL; Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL et al

in ACM Transactions on Privacy and Security (2022), 25(2),

Machine learning (ML) advances have been extensively explored for implementing large-scale malware detection. When reported in the literature, performance evaluation of ML-based detectors generally ... [more ▼]

Machine learning (ML) advances have been extensively explored for implementing large-scale malware detection. When reported in the literature, performance evaluation of ML-based detectors generally focuses on highlighting the ratio of samples that are correctly or incorrectly classified, overlooking essential questions on why/how the learned models can be demonstrated as reliable. In the Android ecosystem, several recent studies have highlighted how evaluation setups can carry biases related to datasets or evaluation methodologies. Nevertheless, there is little work attempting to dissect the produced model to provide some understanding of its intrinsic characteristics. In this work, we fill this gap by performing a comprehensive analysis of a state-of-the-art Android Malware detector, namely DREBIN, which constitutes today a key reference in the literature. Our study mainly targets an in-depth understanding of the classifier characteristics in terms of (1) which features actually matter among the hundreds of thousands that DREBIN extracts, (2) whether the high scores of the classifier are dependent on the dataset age, (3) whether DREBIN's explanations are consistent within malware families, etc. Overall, our tentative analysis provides insights into the discriminatory power of the feature set used by DREBIN to detect malware. We expect our findings to bring about a systematisation of knowledge for the community. [less ▲]

Detailed reference viewed: 209 (23 UL)
Full Text
Peer Reviewed
See detailOn the Suitability of SHAP Explanations for Refining Classifications
Arslan, Yusuf UL; Lebichot, Bertrand UL; Allix, Kevin UL et al

in In Proceedings of the 14th International Conference on Agents and Artificial Intelligence (ICAART 2022) (2022, February)

In industrial contexts, when an ML model classifies a sample as positive, it raises an alarm, which is subsequently sent to human analysts for verification. Reducing the number of false alarms upstream in ... [more ▼]

In industrial contexts, when an ML model classifies a sample as positive, it raises an alarm, which is subsequently sent to human analysts for verification. Reducing the number of false alarms upstream in an ML pipeline is paramount to reduce the workload of experts while increasing customers’ trust. Increasingly, SHAP Explanations are leveraged to facilitate manual analysis. Because they have been shown to be useful to human analysts in the detection of false positives, we postulate that SHAP Explanations may provide a means to automate false-positive reduction. To confirm our intuition, we evaluate clustering and rules detection metrics with ground truth labels to understand the utility of SHAP Explanations to discriminate false positives from true positives. We show that SHAP Explanations are indeed relevant in discriminating samples and are a relevant candidate to automate ML tasks and help to detect and reduce false-positive results. [less ▲]

Detailed reference viewed: 157 (11 UL)
Full Text
Peer Reviewed
See detailIs this Change the Answer to that Problem? Correlating Descriptions of Bug and Code Changes for Evaluating Patch Correctness
Tian, Haoye UL; Tang, Xunzhu UL; Habib, Andrew UL et al

in Is this Change the Answer to that Problem? Correlating Descriptions of Bug and Code Changes for Evaluating Patch Correctness (2022)

Detailed reference viewed: 24 (16 UL)
Full Text
Peer Reviewed
See detailPredicting Patch Correctness Based on the Similarity of Failing Test Cases
Tian, Haoye UL; Li, Yinghua UL; Pian, Weiguo UL et al

in ACM Transactions on Software Engineering and Methodology (2022)

Detailed reference viewed: 47 (29 UL)
Full Text
Peer Reviewed
See detailANCHOR: locating android framework-specific crashing faults
Kong, Pingfan UL; Li, Li; Gao, Jun UL et al

in Automated Software Engineering (2021)

Android framework-specific app crashes are hard to debug. Indeed, the callback-based event-driven mechanism of Android challenges crash localization techniques that are developed for traditional Java ... [more ▼]

Android framework-specific app crashes are hard to debug. Indeed, the callback-based event-driven mechanism of Android challenges crash localization techniques that are developed for traditional Java programs. The key challenge stems from the fact that the buggy code location may not even be listed within the stack trace. For example, our empirical study on 500 framework-specific crashes from an open benchmark has revealed that 37 percent of the crash types are related to bugs that are outside the stack traces. Moreover, Android programs are a mixture of code and extra-code artifacts such as the Manifest file. The fact that any artifact can lead to failures in the app execution creates the need to position the localization target beyond the code realm. In this paper, we propose Anchor, a two-phase suspicious bug location suggestion tool. Anchor specializes in finding crash-inducing bugs outside the stack trace. Anchor is lightweight and source code independent since it only requires the crash message and the apk file to locate the fault. Experimental results, collected via cross-validation and in-the- wild dataset evaluation, show that Anchor is effective in locating Android framework-specific crashing faults. [less ▲]

Detailed reference viewed: 41 (7 UL)
Full Text
Peer Reviewed
See detailSmartGift: Learning to Generate Practical Inputs for Testing Smart Contracts
Zhou, Teng; Liu, Kui; Li, Li et al

in IEEE International Conference on Software Maintenance and Evolution (ICSME) (2021, September)

Detailed reference viewed: 40 (1 UL)
Full Text
Peer Reviewed
See detailRevisiting Test Cases to Boost Generate-and-Validate Program Repair
Zhang, Jingtang; Liu, Kui; Kim, Dongsun et al

in IEEE International Conference on Software Maintenance and Evolution (ICSME) (2021, September)

Detailed reference viewed: 42 (1 UL)
Full Text
Peer Reviewed
See detailTaming Reflection: An Essential Step Toward Whole-program Analysis of Android Apps
Sun, Xiaoyu; Li, Li; Bissyande, Tegawendé François D Assise UL et al

in ACM Transactions on Software Engineering and Methodology (2021), 30(3), 1-36

Android developers heavily use reflection in their apps for legitimate reasons. However, reflection is also significantly used for hiding malicious actions. Unfortunately, current state-of-the-art static ... [more ▼]

Android developers heavily use reflection in their apps for legitimate reasons. However, reflection is also significantly used for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are incomplete, given the measures taken by malware writers to elude static detection. We propose a new instrumentation-based approach to address this issue in a non-invasive way. Specifically, we introduce to the community a prototype tool called DroidRA, which reduces the resolution of reflective calls to a composite constant propagation problem and then leverages the COAL solver to infer the values of reflection targets. After that, it automatically instruments the app to replace reflective calls with their corresponding Java calls in a traditional paradigm. Our approach augments an app so that it can be more effectively statically analyzable, including by such static analyzers that are not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can indeed infer the target values of reflective calls and subsequently allow state-of-the-art tools to provide more sound and complete analysis results. [less ▲]

Detailed reference viewed: 40 (2 UL)
Full Text
Peer Reviewed
See detailOn the Impact of Sample Duplication in Machine Learning based Android Malware Detection
Zhao, Yanjie; Li, Li; Wang, Haoyu et al

in ACM Transactions on Software Engineering and Methodology (2021), 30(3), 1-38

Detailed reference viewed: 32 (0 UL)
Full Text
Peer Reviewed
See detailComparing MultiLingual and Multiple MonoLingual Models for Intent Classification and Slot Filling
Lothritz, Cedric UL; Allix, Kevin UL; Lebichot, Bertrand UL et al

in 26th International Conference on Applications of Natural Language to Information Systems (2021, June 25)

With the momentum of conversational AI for enhancing client-to-business interactions, chatbots are sought in various domains, including FinTech where they can automatically handle requests for opening ... [more ▼]

With the momentum of conversational AI for enhancing client-to-business interactions, chatbots are sought in various domains, including FinTech where they can automatically handle requests for opening/closing bank accounts or issuing/terminating credit cards. Since they are expected to replace emails and phone calls, chatbots must be capable to deal with diversities of client populations. In this work, we focus on the variety of languages, in particular in multilingual countries. Specifically, we investigate the strategies for training deep learning models of chatbots with multilingual data. We perform experiments for the specific tasks of Intent Classification and Slot Filling in financial domain chatbots and assess the performance of mBERT multilingual model vs multiple monolingual models. [less ▲]

Detailed reference viewed: 113 (14 UL)
Full Text
See detailA Journey Through Android App Analysis: Solutions and Open Challenges
Klein, Jacques UL

in International Symposium on Advanced Security on Software and Systems (2021, June)

Users can today download a wide variety of apps ranging from simple toy games to sophisticated business-critical apps. They rely on these apps daily to perform diverse tasks, some of them related to ... [more ▼]

Users can today download a wide variety of apps ranging from simple toy games to sophisticated business-critical apps. They rely on these apps daily to perform diverse tasks, some of them related to sensitive information such as their finance or health. Ensuring high-quality, reliable, and secure apps is thus key. In the TruX research group of the interdisciplinary center for Security, Reliability, and Trust (SnT) of the University of Luxembourg, we are working for about 10 years to deliver practical techniques, tools, and other artifacts (such as repositories) making the analysis of Android apps possible. In this paper, we will briefly introduce our key contributions in both (1) Android app static analysis to detect security issues, and (2) Android Malware Detection with machine learning. We will conclude by listing several open challenges that we are currently facing towards improving the analysis and security of Android apps. [less ▲]

Detailed reference viewed: 39 (0 UL)
Peer Reviewed
See detailLes dangers de pastebin
Samhi, Jordan UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL

Article for general public (2021)

Detailed reference viewed: 87 (14 UL)
Full Text
Peer Reviewed
See detailRAICC: Revealing Atypical Inter-Component Communication in Android Apps
Samhi, Jordan UL; Bartel, Alexandre UL; Bissyande, Tegawendé François D Assise UL et al

in 43rd International Conference on Software Engineering (ICSE) (2021, May)

Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within and across apps. Unfortunately, as reported by a large ... [more ▼]

Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within and across apps. Unfortunately, as reported by a large body of literature, ICC is rather "complex and largely unconstrained", leaving room to a lack of precision in apps modeling. To address the challenge of tracking ICCs within apps, state of the art static approaches such as Epicc, IccTA and Amandroid have focused on the documented framework ICC methods (e.g., startActivity) to build their approaches. In this work we show that ICC models inferred in these state of the art tools may actually be incomplete: the framework provides other atypical ways of performing ICCs. To address this limitation in the state of the art, we propose RAICC a static approach for modeling new ICC links and thus boosting previous analysis tasks such as ICC vulnerability detection, privacy leaks detection, malware detection, etc. We have evaluated RAICC on 20 benchmark apps, demonstrating that it improves the precision and recall of uncovered leaks in state of the art tools. We have also performed a large empirical investigation showing that Atypical ICC methods are largely used in Android apps, although not necessarily for data transfer. We also show that RAICC increases the number of ICC links found by 61.6% on a dataset of real-world malicious apps, and that RAICC enables the detection of new ICC vulnerabilities. [less ▲]

Detailed reference viewed: 116 (30 UL)
Full Text
Peer Reviewed
See detailA Comparison of Pre-Trained Language Models for Multi-Class Text Classification in the Financial Domain
Arslan, Yusuf UL; Allix, Kevin UL; Veiber, Lisa UL et al

in Companion Proceedings of the Web Conference 2021 (WWW '21 Companion), April 19--23, 2021, Ljubljana, Slovenia (2021, April 19)

Detailed reference viewed: 128 (22 UL)