Browsing by Author "Meng, Na"
Now showing 1 - 20 of 62
Results Per Page
Sort Options
- Advancing the Development and Utilization of Data Infrastructure for Smart HomesAnik, Sheik Murad Hassan (Virginia Tech, 2024-09-12)The smart home era is inevitably arising towards our everyday life. However, the scarcity of publicly available data remains a major hurdle in the domain, limiting people's capability of performing data analysis and their effectiveness in creating smart home automations. To mitigate this hurdle and its influence, our research explored three research directions to (1) create a better infrastructure that effectively collects and visualizes indoor-environment sensing data, (2) create a machine learning-based approach to demonstrate a novel way of analyzing indoor-environment data to facilitate human-centered building design, and (3) conduct an empirical study to explore the challenges and opportunities in existing smart home development. Specifically, we conducted three research projects. First, we created an open-source IoT-based cost-effective, distributed, scalable, and portable indoor environmental data collection system, Building Data Lite (BDL). We deployed this research prototype in 12 households, which deployment so far has collected more than 2 million records that are available to public in general. Second, building occupant persona is a very important component in human-centered smart home design, so we investigated an approach of applying state-of-the-art machine-learning models to data collected by an existing infrastructure, to enable the automatic creation of building occupant persona while minimizing human effort. Third, Home Assistant (HA) is an open-source off-the-shelf smart home platform that users frequently use to transform their residences into smart homes. However, many users seem to be stuck with the configuration scripts of home automations. We conducted an empirical study by (1) crawling posts on HA forum, (2) manually analyzing those posts to understand users' common technical concerns as well as frequently recommended resolutions, and (3) applying existing tools to assess the tool usefulness in alleviating users' pain. All our research projects will shed light on future directions in smart home design and development.
- Analysis and Enforcement of Properties in Software SystemsWu, Meng (Virginia Tech, 2019-07-02)Due to the lack of effective techniques for detecting and mitigating property violations, existing approaches to ensure the safety and security of software systems are often labor intensive and error prone. Furthermore, they focus primarily on functional correctness of the software code while ignoring micro-architectural details of the underlying processor, such as cache and speculative execution, which may undermine their soundness guarantees. To fill the gap, I propose a set of new methods and tools for ensuring the safety and security of software systems. Broadly speaking, these methods and tools fall into three categories. The first category is concerned with static program analysis. Specifically, I develop a novel abstract interpretation framework that considers both speculative execution and a cache model, and guarantees to be sound for estimating the execution time of a program and detecting side-channel information leaks. The second category is concerned with static program transformation. The goal is to eliminate side channels by equalizing the number of CPU cycles and the number of cache misses along all program paths for all sensitive variables. The third category is concerned with runtime safety enforcement. Given a property that may be violated by a reactive system, the goal is to synthesize an enforcer, called the shield, to correct the erroneous behaviors of the system instantaneously, so that the property is always satisfied by the combined system. I develop techniques to make the shield practical by handling both burst error and real-valued signals. The proposed techniques have been implemented and evaluated on realistic applications to demonstrate their effectiveness and efficiency.
- Android Game Testing using Reinforcement LearningKhurana, Suhani (Virginia Tech, 2023-06-30)Android is the most popular operating system and occupies close to 70% of the market share. With the growth in the usage of Android OS, the number of games also increased and the Android play store has over 500,000 games. Testing of Android games is done either manually or through some of the existing tools which automate some parts of this testing. Manual testing requires a great deal of effort and can be expensive to afford. The existing tools which automate testing do not make use of any domain knowledge. This can cause the testing to be ineffective as the game may involve complex strategies, intricate details, widgets, etc. Existing tools like Android Monkey and Time Machine generate random Android events, including gestures like touch, swipe, clicks, and other system-level events across the application. Some deep learning methods like Wuji were only created for combat-type games. These limitations make it imperative to create a testing paradigm that uses domain knowledge as well as is easy to use by a developer who doesn't have any machine or deep learning knowledge. In this work, we develop a tool called DRAG- Deep Reinforcement learning based Android Gamer - which leverages Reinforcement Learning to learn the requisite domain knowledge and play the game in a fashion like a human would. DRAG uses a unified Reinforcement Learning agent and a Unified Reinforcement Learning environment. It only customizes the action space for each game. This generalization is done in the following ways- 1) Record an 8-minute demo video of the game and capture the underlying Android action log. 2) Analyze the recorded video and the action log to generate an action space for the Reinforcement Learning Agent. The unified RL agent is trained by providing it the score and coverage as a reward and screenshots of the game as observed states. We chose a set of 19 different open-sourced games for evaluation of the created tool. These games differ in the action set required by each of them - some require tapping icons, some require swiping in random directions, and some require more complex actions which are a combination of different gestures. The evaluation of our tool outperformed state-of-the-art TimeMachine for all 19 games and outperformed Monkey in 16 of the 19 games. This strengthens the fact that Deep Reinforcement Learning can be used to test Android games and can provide better results than tools that make no use of any domain knowledge.
- Automatic Restoration and Management of Computational NotebooksVenkatesan, Satish (Virginia Tech, 2022-03-03)Computational Notebook platforms are very commonly used by programmers and data scientists. However, due to the interactive development environment of notebooks, developers struggle to maintain effective code organization which has an adverse effect on their productivity. In this thesis, we research and develop techniques to help solve issues with code organization that developers face in an effort to improve productivity. Notebooks are often executed out of order which adversely effects their portability. To determine cell execution orders in computational notebooks, we develop a technique that determines the execution order for a given cell and if need be, attempt to rearrange the cells to match the intended execution order. With such a tool, users would not need to manually determine the execution orders themselves. In a user study with 9 participants, our approach on average saves users about 95% of the time required to determine execution orders manually. We also developed a technique to support insertion of cells in rows in addition to the standard column insertion to help better represent multiple contexts. In a user study with 9 participants, this technique on a scale of one to ten on average was judged as a 8.44 in terms of representing multiple contexts as opposed to standard view which was judged as 4.77.
- Broadly Enabling KLEE to Effortlessly Find Unrecoverable Errors in RustZhang, Ying; Li, Peng; Ding, Yu; Wang, Lingxiang; Williams, Dan; Meng, Na (ACM, 2024)Rust is a general-purpose programming language designed for performance and safety. Unrecoverable errors (e.g., Divide by Zero) in Rust programs are critical, as they signal bad program states and terminate programs abruptly. Previous work has contributed to utilizing KLEE, a dynamic symbolic test engine, to verify the program would not panic. However, it is difficult for engineers who lack domain expertise to write test code correctly. Besides, the effectiveness of KLEE in finding panics in production Rust code has not been evaluated. We created an approach, called PanicCheck, to hide the complexity of verifying Rust programs with KLEE. Using PanicCheck, engineers only need to annotate the function-to-verify with #[panic_check]. The annotation guides PanicCheck to generate test code, compile the function together with tests, and execute KLEE for verification. After applying PanicCheck to 21 open-source and 2 closed-source projects, we found 61 test inputs that triggered panics; 59 of the 61 panics have been addressed by developers so far. Our research shows promising verification results by KLEE, while revealing technical challenges in using KLEE. Our experience will shed light on future practice and research in program verification.
- A Characterization Study of Merge Conflicts in Java ProjectsShen, Bowen; Gulzar, Muhammad Ali; He, Fei; Meng, Na (ACM, 2022)In collaborative software development, programmers create branches to add features and fix bugs, and merge branches to integrate edits. When edits from different branches textually overlap (i.e., textual conflicts) or lead to compilation and runtime errors (i.e., build and test conflicts), it is challenging for developers to remove conflicts. Prior work proposed tools to detect and solve conflicts. However, many questions are not fully investigated, such as what types of conflicts exist in practice and how developers or tools handle them. For this paper, we used automated textual merge, compilation, and testing to reveal 3 types of conflicts in 208 open-source repositories: textual conflicts, build conflicts (i.e., conflicts causing build errors), and test conflicts (i.e., conflicts triggering test failures). We manually inspected 538 conflicts and their resolutions to characterize merge conflicts. Our analysis revealed three phenomena. First, higher-order conflicts (i.e., build and test conflicts) are harder to handle, while existing tools mainly focus on textual conflicts. Second, developers resolved most higher-order conflicts by applying similar edits to multiple program locations. Third, developers resolved 64% of true textual conflicts by keeping complete edits from either a left or right branch. Our work will shed light on future research of software merge.
- Checking Metadata Usage for Enterprise ApplicationsZhang, Yaxuan (Virginia Tech, 2021-05-20)It is becoming more and more common for developers to build enterprise applications on Spring framework or other other Java frameworks. While the developers are enjoying the convenient implementations of web frameworks, developers should pay attention to con- figuration deployment with metadata usage (i.e., Java annotations and XML deployment descriptors). Different formats of metadata can correspond to each other. Metadata usually exist in multiple files. Maintaining such metadata is challenging and time-consuming. Cur- rent compilers and research tools rarely inspect the XML files, not to say the corresponding relationship between Java annotations and XML files. To help developers ensure the quality of metadata, this work presents a Domain Specific Language, RSL, and its engine, MeEditor. RSL facilitates pattern definition for correct metadata usage. MeEditor can take in specified rules and check Java projects for any rule violations. Developer can define rules with RSL considering the metadata usage. Then, developers can run RSL script with MeEditor. 9 rules were extracted from Spring specification and are written in RSL. To evaluate the effectiveness and correctness of MeEditor, we mined 180 plus 500 open-source projects from Github. To evaluate the effectiveness and usefulness of MeEditor, we conducted our evaluation by taking two steps. First, we evaluated the effec- tiveness of MeEditor by constructing a know ground truth data set. Based on experiments of ground truth data set, MeEditor can identified the metadata misuse. MeEditor detected bug with 94% precision, 94% recall, 94% accuracy. Second, we evaluate the usefulness of MeEditor by applying it to real world projects (total 500 projects). For the latest version of these 500 projects, MeEditor gave 79% precision according to our manual inspection. Then, we applied MeEditor to the version histories of rule-adopted projects, which adopt the rule and is identified as correct project for latest version. MeEditor identified 23 bugs, which later fixed by developers.
- CLOSUREX: Transforming Source Code for Correct Persistent FuzzingRanjan, Rishi (Virginia Tech, 2024-05-29)Fuzzing is a popular technique which has been adopted for automated vulnerability research for software hardening. Research reveals that increasing fuzzing throughput directly increases bug discovery rate. Given fuzzing revolves around executing a large number of test cases, test case execution rate is the dominant component of overall fuzzing throughput. To increase test case execution rate, researchers provide techniques that reduce the amount of time spent performing work that is independent of specific test case data. The highest performance approach is persistent fuzzing, which reuses a single process for all test cases by looping back to the start instead of exiting. This eliminates all process initialization and tear-down costs. Unfortunately, persistent fuzzing leads to semantically inconsistent program states because process state changes from one test case remains for subsequent test cases. This semantic inconsistency results in both missed crashes and false crashes, undermining fuzzing effectiveness. I observe that existing fuzzing execution mechanisms exist on a continuum, based on the amount of state that gets discarded and restored between test cases. I present a fuzzing execution mechanism that sits at a new spot on this state restoration continuum, where only test-case-execution-specific state is reset. This fine-grain state restoration provides near-persistent performance with the correctness of heavyweight state restoration. I construct CLOSUREX as a set of LLVM compiler passes that integrate with AFL++. Our evaluation on ten popular open-source fuzzing targets show that CLOSUREX maintains semantic correctness all while increasing test case execution rate by over 3.5x, on average, compared to AFL++. CLOSUREX also finds bugs more consistently and 1.9x faster than AFL++, with CLOSUREX discovering 15 0-day bugs (4 CVEs).
- A Cloud-Based Visual Simulation Environment for Traffic NetworksOnder, Sait Tuna (Virginia Tech, 2018-06-19)Cloud-based Integrated Development Environments (IDEs) are highly complex systems compared to stand-alone IDEs that are installed on client devices. Today, the visual simulation environments developed as services on the cloud can offer similar features as client-based IDEs thanks to the advancements to the cloud technologies. However, most of the existing visual simulation tools are developed for client-based systems. Moving towards the cloud for visual simulation environments can provide better collaboration for simulation developers, easy access to the software, and less client hardware dependency. Proper guidance for the development of visual simulation tools can help researchers to develop their tools as a service on the cloud. This thesis presents a Cloud-based visuAl simulatioN enVironment for trAffic networkS (CANVAS), providing a framework that tackles challenges on the cloud-based visual simulation tools. CANVAS offers a set of tools for the composition and visualization of simulation models for the traffic network problem domain. CANVAS uses an asynchronous visualization protocol with efficient resource utilization on the server, enabling concurrent usage of the IDE. The simulation is executed on the server while the visualization is processed on the client-device within web browsers enabling execution-heavy simulations to thin clients. The component-based architecture of CANVAS offers a fully decoupled system that provides easier development and maintenance. The architecture can be used for the development of other cloud-based visual simulation IDEs. The CANVAS design and asynchronous visualization protocol show that advanced visualization capabilities can be provided to the client without depending on the client hardware.
- Computational Analysis of Viruses in Metagenomic DataTithi, Saima Sultana (Virginia Tech, 2019-10-24)Viruses have huge impact on controlling diseases and regulating many key ecosystem processes. As metagenomic data can contain many microbiomes including many viruses, by analyzing metagenomic data we can analyze many viruses at the same time. The first step towards analyzing metagenomic data is to identify and quantify viruses present in the data. In order to answer this question, we developed a computational pipeline, FastViromeExplorer. FastViromeExplorer leverages a pseudoalignment based approach, which is faster than the traditional alignment based approach to quickly align millions/billions of reads. Application of FastViromeExplorer on both human gut samples and environmental samples shows that our tool can successfully identify viruses and quantify the abundances of viruses quickly and accurately even for a large data set. As viruses are getting increased attention in recent times, most of the viruses are still unknown or uncategorized. To discover novel viruses from metagenomic data, we developed a computational pipeline named FVE-novel. FVE-novel leverages a hybrid of both reference based and de novo assembly approach to recover novel viruses from metagenomic data. By applying FVE-novel to an ocean metagenome sample, we successfully recovered two novel viruses and two different strains of known phages. Analysis of viral assemblies from metagenomic data reveals that viral assemblies often contain assembly errors like chimeric sequences which means more than one viral genomes are incorrectly assembled together. In order to identify and fix these types of assembly errors, we developed a computational tool called VirChecker. Our tool can identify and fix assembly errors due to chimeric assembly. VirChecker also extends the assembly as much as possible to complete it and then annotates the extended and improved assembly. Application of VirChecker to viral scaffolds collected from an ocean meatgenome sample shows that our tool successfully fixes the assembly errors and extends two novel virus genomes and two strains of known phage genomes.
- Computational Insights into Evolutionary Dynamics of Human and Primate GenesLiang, Xiao (Virginia Tech, 2024-06-06)The evolutionary history of genes across different species is a subject of research interest. For human genes, there is a particular focus on investigating the possible origins of genes. However, there has been limited research on the development process from an evolutionary perspective. Additionally, most previous studies have focused on model organisms and representative organisms from various eras, with less attention given to primates, which are evolutionarily more closely-related to humans. With the advancement of whole genome sequencing of primates, investigating the genes of various primate species has become a viable possibility. This dissertation work integrates computational insights into the topics of primate and human gene emergence, conservation, and loss. Specifically, this series of studies contributes to three aspects of the topic: (1) the environmental conditions in evolution history that are associated with the emergence of primate and human de novo genes, (2) the evolutionary dynamics of human cancer genes in primates, and (3) gene conservation and loss in primates. Results reveal that primate and human de novo genes and cancer genes share similarities in the time of emergence, peaking later than random human genes and tending to occur in local warm periods in the context of an overall trend of decreasing global surface temperature. Cancer genes are more conserved in their evolutionary origins than random human genes, with two peaks of emergence, one before primates and the other within 20 million years, and have different patterns within the two time periods. Genes with high expression in the human brain exhibit more conservation in their evolutionary origins than those in the immune system or random genes. On the other hand, genes expressed highly in the mouse brain tend to be either prevalent in primates or specific to mouse. Overall, this dissertation work charts the evolutionary history of a number of distinct primate and human genes, elucidates the potential association of ancient environmental factors with primate genomes, provides insights into the origin, conservation, and emergence of cancer genes in primates, as well as examines the conservation and loss of genes in different tissues. The hope is that these results will contribute to a greater understanding of the picture of gene evolution in primate and human genomes.
- Computational Tools for Annotating Antibiotic Resistance in Metagenomic DataArango Argoty, Gustavo Alonso (Virginia Tech, 2019-04-15)Metagenomics has become a reliable tool for the analysis of the microbial diversity and the molecular mechanisms carried out by microbial communities. By the use of next generation sequencing, metagenomic studies can generate millions of short sequencing reads that are processed by computational tools. However, with the rapid adoption of metagenomics a large amount of data has been generated. This situation requires the development of computational tools and pipelines to manage the data scalability, accessibility, and performance. In this thesis, several strategies varying from command line, web-based platforms to machine learning have been developed to address these computational challenges. Interpretation of specific information from metagenomic data is especially a challenge for environmental samples as current annotation systems only offer broad classification of microbial diversity and function. Therefore, I developed MetaStorm, a public web-service that facilitates customization of computational analysis for metagenomic data. The identification of antibiotic resistance genes (ARGs) from metagenomic data is carried out by searches against curated databases producing a high rate of false negatives. Thus, I developed DeepARG, a deep learning approach that uses the distribution of sequence alignments to predict over 30 antibiotic resistance categories with a high accuracy. Curation of ARGs is a labor intensive process where errors can be easily propagated. Thus, I developed ARGminer, a web platform dedicated to the annotation and inspection of ARGs by using crowdsourcing. Effective environmental monitoring tools should ideally capture not only ARGs, but also mobile genetic elements and indicators of co-selective forces, such as metal resistance genes. Here, I introduce NanoARG, an online computational resource that takes advantage of the long reads produced by nanopore sequencing technology to provide insights into mobility, co-selection, and pathogenicity. Sequence alignment has been one of the preferred methods for analyzing metagenomic data. However, it is slow and requires high computing resources. Therefore, I developed MetaMLP, a machine learning approach that uses a novel representation of protein sequences to perform classifications over protein functions. The method is accurate, is able to identify a larger number of hits compared to sequence alignments, and is >50 times faster than sequence alignment techniques.
- A Cost-Effective, Scalable, and Portable IoT Data Infrastructure for Indoor Environment SensingAnik, Sheik; Gao, Xinghua; Meng, Na; Agee, Philip; McCoy, Andrew P. (2022-05-15)The vast number of facility management systems, home automation systems, and the ever-increasing number of Internet of Things (IoT) devices are in constant need of environmental monitoring. Indoor environment data can be utilized to improve indoor facilities and better occupants’ working and living experience, however, such data are scarce because many existing facility monitoring technologies are expensive and proprietary for certain building systems. With the aim of addressing the indoor environment data availability issue, the authors designed and prototyped a cost-effective, distributed, scalable, and portable indoor environmental data collection system, Building Data Lite (BDL). BDL is based on Raspberry Pi computers and multiple changeable arrays of sensors, such as sensors of temperature, humidity, light, motion, sound, vibration, and multiple types of gases. The system includes a distributed sensing network and a centralized server. The server provides a web-based graphical user interface that enables users to access the collected data over the Internet. To evaluate the BDL system’s functionality, cost effectiveness, scalability, and portability, the research team conducted a case study in an affordable housing community where the system prototype is deployed to 12 households. The results indicate that the system is functioning as designed, costs $73 per zone and provides 12 types of indoor environment data, is easy to scale up, and is fully portable. This research contributes to the body of knowledge by proposing an innovative way for establishing a distributed wireless IoT data infrastructure for indoor environment sensing in new or existing buildings.
- Cost-saving in Continuous Integration: Development, Improvement, and Evaluation of Build Selection ApproachesJin, Xianhao (Virginia Tech, 2022-05-24)Continuous integration (CI) is a widely used practice in modern software engineering. Unfortunately, it is also an expensive practice — Google and Mozilla estimate their CI systems in millions of dollars. In this dissertation, I propose a collection of novel build selection approaches that are able to save the cost of CI. I also propose the first exhaustive comparison of techniques to improve CI including build and test granularity approaches. I firstly design a build selection approach (SMARTBUILDSKIP) for CI cost reduction in a balanceable way. The evaluation of SMARTBUILDSKIP shows that it can save a median of 30% of builds by only incurring a median delay of 1 build in a median of 15% of failing builds under its most conservative configuration. To minimize the delayed failure observation, I then propose the second build selection approach (PRECISEBUILDSKIP) that can save cost without delaying failure observation. We find that PRECISEBUILDSKIP can save a median of 5.5% of builds while capturing the majority of failing builds (100% in median) from the evaluation. After that, I evaluate the strengths and weaknesses of 10 techniques that can improve CI including SMARTBUILDSKIP. The findings of the comparison motivate my next work to design a hybrid technique (HYBRIDBUILDSKIP) that combines these techniques to produce more cost-saving while keeping a low proportion of failing builds that are delayed in observation. Finally, I design an experiment to understand how different weights of test duration among the whole build duration can influence the cost-saving of build and test selection techniques.
- Data-driven Algorithms for Critical Detection Problems: From Healthcare to Cybersecurity DefensesSong, Wenjia (Virginia Tech, 2025-01-16)Machine learning and data-driven approaches have been widely applied to critical detection problems, but their performance is often hindered by data-related challenges. This dissertation seeks to address three key challenges: data imbalance, scarcity of high-quality labels, and excessive data processing requirements, through studies in healthcare and cybersecurity. We study healthcare problems with imbalanced clinical datasets that lead to performance disparities across prediction classes and demographic groups. We systematically evaluate these disparities and propose a Double Prioritized (DP) bias correction method that significantly improves the model performance for underrepresented groups and reduces biases. Cyber threats, such as ransomware and advanced persistent threats (APTs), have presented growing threats in recent years. Existing ransomware defenses often rely on black-box models trained on unverified traces, providing limited interpretability. To address the scarcity of reliably labeled training data, we experimentally profile runtime ransomware behaviors of real-world samples and identify core patterns, enabling explainable and trustworthy detection. For APT detection, the large size of system audit logs hinders real-time detection. We introduce Madeline, a lightweight system that efficiently processes voluminous logs with compact representations, overcoming real-time detection bottlenecks. These contributions provide deployable and effective solutions, offering insights for future research within and beyond the fields of healthcare and cybersecurity.
- Detecting Build Conflicts in Software Merge for Java Programs via Static AnalysisTowqir, Sheikh Shadab; Shen, Bowen; Gulzar, Muhammad Ali; Meng, Na (ACM, 2022-10-10)In software merge, the edits from different branches can textually overlap (i.e., textual conflicts) or cause build and test errors (i.e., build and test conflicts), jeopardizing programmer productivity and software quality. Existing tools primarily focus on textual conflicts; few tools detect higher-order conflicts (i.e., build and test conflicts). However, existing detectors of build conflicts are limited. Due to their heavy usage of automatic build, current detectors (e.g., Crystal) only report build errors instead of identifying the root causes; developers have to manually locate conflicting edits. These detectors only help when the branches-to-merge have no textual conflict. We present a new static analysis-based approach Bucond (“build conflict detector”). Given three code versions in a merging scenario: base b, left l , and right r , Bucond models each version as a graph, and compares graphs to extract entity-related edits (e.g., class renaming) in l and r . We believe that build conflicts occur when certain edits are co-applied to related entities between branches. Bucond realizes this insight via pattern matching to identify any cross-branch edit combination that can trigger build conflicts (e.g., one branch adds a reference to field F while the other branch removes F). We systematically explored and devised 57 patterns, covering 97% of the build conflicts in our experiments. Our evaluation shows Bucond to complement build-based detectors, as it (1) detects conflicts with 100% precision and 88%–100% recall, (2) locates conflicting edits, and (3) works well when those detectors do not.
- DR_BEV: Developer Recommendation Based on Executed VocabularyBendelac, Alon (Virginia Tech, 2020-05-28)Bug-fixing, or fixing known errors in computer software, makes up a large portion of software development expenses. Once a bug is discovered, it must be assigned to an appropriate developer who has the necessary expertise to fix the bug. This bug-assignment task has traditionally been done manually. However, this manual task is time-consuming, error-prone, and tedious. Therefore, automatic bug assignment techniques have been developed to facilitate this task. Most of the existing techniques are report-based. That is, they work on bugs that are textually described in bug reports. However, only a subset of bugs that are observed as a faulty program execution are also described textually. Certain bugs, such as security vulnerability bugs, are only represented with a faulty program execution, and are not described textually. In other words, these bugs are represented by a code coverage, which indicates which lines of source code have been executed in the faulty program execution. Promptly fixing these software security vulnerability bugs is necessary in order to manage security threats. Accordingly, execution-based bug assignment techniques, which model a bug with a faulty program execution, are an important tool in fixing software security bugs. In this thesis, we compare WhoseFault, an existing execution-based bug assignment technique, to report-based techniques. Additionally, we propose DR_BEV (Developer Recommendation Based on Executed Vocabulary), a novel execution-based technique that models developer expertise based on the vocabulary of each developer's source code contributions, and we demonstrate that this technique out-performs the current state-of-the-art execution-based technique. Our observations indicate that report-based techniques perform better than execution-based techniques, but not by a wide margin. Therefore, while a report-based technique should be used if a report exists for a bug, our results should provide confidence in the scenarios in which only execution-based techniques are applicable.
- DroidCat: Unified Dynamic Detection of Android MalwareCai, Haipeng; Meng, Na; Ryder, Barbara G.; Yao, Danfeng (Daphne) (Department of Computer Science, Virginia Polytechnic Institute & State University, 2016)Various dynamic approaches have been developed to detect or categorize Android malware. These approaches execute software, collect call traces, and then detect abnormal system calls or sensitive API usage. Consequently, attackers can evade these approaches by intentionally obfuscating those calls under focus. Additionally, existing approaches treat detection and categorization of malware as separate tasks, although intuitively both tasks are relevant and could be performed simultaneously. This paper presents DroidCat, the first unified dynamic malware detection approach, which not only detects malware, but also pinpoints the malware family. DroidCat leverages supervised machine learning to train a multi-class classifier using diverse behavioral profiles of benign apps and different kinds of malware. Compared with prior heuristics-based machine learning-based approaches, the feature set used in DroidCat is decided purely based on a systematic dynamic characterization study of benign and malicious apps. All differentiating features that show behavioral differences between benign and malicious apps are included. In this way, DroidCat is robust to existing evasion attacks. We evaluated DroidCat using leave-one-out cross validation with 136 benign apps and 135 malicious apps. The evaluation shows that DroidCat provided an effective and scalable unified malware detection solution with 81% precision, 82% recall, and 92% accuracy.
- Efficient Symbolic Execution of Concurrent SoftwareGuo, Shengjian (Virginia Tech, 2019-04-26)Concurrent software has been widely utilizing in computer systems owing to the highly efficient computation. However, testing and verifying concurrent software remain challenging tasks. This matter is not only because of the non-deterministic thread interferences which are hard to reason about but also because of the large state space due to the simultaneous path and interleaving explosions. That is, the number of program paths in each thread may be exponential in the number of branch conditions, and also, the number of thread interleavings may be exponential in the number of concurrent operations. This dissertation presents a set of new methods, built upon symbolic execution, a program analysis technique that systematically explores program state space, for testing concurrent programs. By modeling both functional and non-functional properties of the programs as assertions, these new methods efficiently analyze the viable behaviors of the given concurrent programs. The first method is assertion guided symbolic execution, a state space reduction technique that identifies and eliminates redundant executions w.r.t the explored interleavings. The second method is incremental symbolic execution, which generates test inputs only for the influenced program behaviors by the small code changes between two program versions. The third method is SYMPLC, a technique with domain-specific reduction strategies for generating tests for the multitasking Programmable Logic Controller (PLC) programs written in languages specified by the IEC 61131-3 standard. The last method is adversarial symbolic execution, a technique for detecting concurrency related side-channel information leaks by analyzing the cache timing behaviors of a concurrent program in symbolic execution. This dissertation evaluates the proposed methods on a diverse set of both synthesized programs and real-world applications. The experimental results show that these techniques can significantly outperform state-of-the-art symbolic execution tools for concurrent software.
- Empirical Investigations of More Practical Fault Localization ApproachesDao, Tung Manh (Virginia Tech, 2023-10-18)Developers often spend much of their valuable development time on software debugging and bug finding. In addition, software defects cost software industry as a whole hundreds or even a trillion of US dollars. As a result, many fault localization (FL) techniques for localizing bugs automatically, have been proposed. Despite its popularity, adopting FL in industrial environments has been impractical due to its undesirable accuracy and high runtime overhead cost. Motivated by the real-world challenges of FL applicability, this dissertation addresses these issues by proposing two main enhancements to the existing FL. First, it explores different strategies to combine a variety of program execution information with Information Retrieval-based fault localization (IRFL) techniques to increase FL's accuracy. Second, this dissertation research invents and experiments with the unconventional techniques of Instant Fault Localization (IFL) using the innovative concept of triggering modes. Our empirical evaluations of the proposed approaches on various types of bugs in a real software development environment shows that both FL's accuracy is increased and runtime is reduced significantly. We find that execution information helps increase IRFL's Top-10 by 17–33% at the class level, and 62–100% at the method level. Another finding is that IFL achieves as much as 100% runtime cost reduction while gaining comparable or better accuracy. For example, on single-location bugs, IFL scores 73% MAP, compared with 56% of the conventional approach. For multi-location bugs, IFL's Top-1 performance on real bugs is 22%, just right below 24% that of the existing FL approaches. We hope the results and findings from this dissertation help make the adaptation of FL in the real-world industry more practical and prevalent.