Titulo Estágio
Using machine learning for detecting security vulnerabilities through bug report analysis
Áreas de especialidade
Engenharia de Software
Sistemas Inteligentes
Local do Estágio
DEI-FCTUC
Enquadramento
Software verification and validation includes numerous important activities that allow building reliable software. In this context, whenever a bug is filled in proper resources must be allocated, firstly to understand if the report is really a bug. Then, typically a priority is attributed. Meanwhile, information such as type of defect, impact, steps to reproduce the bug have been added to a given bug tracking system, which allows developers to correct the problem. The whole process can become very inefficient if bugs are not detected properly, triaged correctly and classified, which in itself is a time-consuming task.
Objetivo
The goal of this work is to: i) understand the effectiveness of state-of-the-art machine learning algorithms to automatically identify security vulnerabilities and their characteristics; ii) improve the state of the art by possibly combinining the use of different algorithms in this context; and iii) to deploy the final solution in a REST web service. In practice, the expected outcome of this internship is:
• A web service tool that allows a developer to automatically classify a set of software defects;
• A research paper, to be submitted and presented at a top international conference or journal, describing the service, its underlying mechanisms, and experimental results.
Plano de Trabalhos - Semestre 1
[M=Month]
T1 (M1 – M2): Knowledge transfer and state of the art review on software defects, security vulnerabilities, Orthogonal Defect Classification, and machine learning.
T2 (M3) Design of a preliminary experiment using a small set of algorithms.
T3 (M3–M4): Preliminary analysis of the results.
T4 (M4) Implementation of a small proof-of-concept prototype.
T5 (M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
[M=Month]
T6 (M6): Integration of the intermediate defense comments into the report and adjustment of the study design.
T7 (M6–M7) Experimental evaluation using the whole set of algorithms.
T8 (M8): Deployment of the technique as a service.
T9 (M9): Write a research paper and submission to a top international conference in the Dependability or Services areas (IEEE/IFIP Dependable Systems and Networks (dsn.org), IEEE International Conferences on Web Services (conferences.computer.org/icws), International Symposium on Software reliability Engineering (issre.net), etc.).
T10 (M10): Writing the thesis.
Condições
– This proposal is associated with a scholarship of 798 EUR per Month, during at least 6 months (i.e. a total of 4788 EUR), for which the student may apply.
– Plus, it will possible to extend the scholarship duration, depending on the student’s performance.
The selected student will be integrated in the Software and Systems Engineering group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and necessary computer resources will be provided.
Observações
Please contact the advisors Nuno Laranjeiro (cnl@dei.uc.pt) or César Teixeira (cteixei@dei.uc.pt) for any question or clarification needed.
Orientador
Nuno Laranjeiro, César Teixeira
cnl@dei.uc.pt 📩