Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets of real-life vulnerable code and their fixes. To assist in such research, we propose a method to automatically collect and curate a comprehensive vulnerability dataset from Common Vulnerabilities and Exposures (CVE) records in the public National Vulnerability Database (NVD). We implement our approach in a fully automated dataset collection tool and share an initial release of the resulting vulnerability dataset named CVEfixes.The CVEfixes collection tool automatically fetches all available CVE records from the NVD, gathers the vulnerable code and corresponding fixes from associated open-source repositories, and organizes the collected information in a relational database. Moreover, the dataset is enriched with meta-data such as programming language, and detailed code and security metrics at five levels of abstraction. The collection can easily be repeated to keep up-todate with newly discovered or patched vulnerabilities. The initial release of CVEfixes spans all published CVEs up to 9 June 2021, covering 5365 CVE records for 1754 open-source projects that were addressed in a total of 5495 vulnerability fixing commits.CVEfixes supports various types of data-driven software security research, such as vulnerability prediction, vulnerability classification, vulnerability severity prediction, analysis of vulnerabilityrelated code changes, and automated vulnerability repair. CCS CONCEPTS• Security and privacy → Software and application security; Vulnerability management; • Software and its engineering → Software defect analysis; Software libraries and repositories.
Distributed Deep Neural-Network-Based Middleware for Cyber-Attacks Detection in Smart IoT Ecosystem: A Novel Framework and Performance Evaluation Approach
Cyberattacks always remain the major threats and challenging issues in the modern digital world. With the increase in the number of internet of things (IoT) devices, security challenges in these devices, such as lack of encryption, malware, ransomware, and IoT botnets, leave the devices vulnerable to attackers that can access and manipulate the important data, threaten the system, and demand ransom. The lessons from the earlier experiences of cyberattacks demand the development of the best-practices benchmark of cybersecurity, especially in modern Smart Environments. In this study, we propose an approach with a framework to discover malware attacks by using artificial intelligence (AI) methods to cover diverse and distributed scenarios. The new method facilitates proactively tracking network traffic data to detect malware and attacks in the IoT ecosystem. Moreover, the novel approach makes Smart Environments more secure and aware of possible future threats. The performance and concurrency testing of the deep neural network (DNN) model deployed in IoT devices are computed to validate the possibility of in-production implementation. By deploying the DNN model on two selected IoT gateways, we observed very promising results, with less than 30 kb/s increase in network bandwidth on average, and just a 2% increase in CPU consumption. Similarly, we noticed minimal physical memory and power consumption, with 0.42 GB and 0.2 GB memory usage for NVIDIA Jetson and Raspberry Pi devices, respectively, and an average 13.5% increase in power consumption per device with the deployed model. The ML models were able to demonstrate nearly 93% of detection accuracy and 92% f1-score on both utilized datasets. The result of the models shows that our framework detects malware and attacks in Smart Environments accurately and efficiently.
Purpose Software fault prediction is an important concept that can be applied at an early stage of the software life cycle. Effective prediction of faults may improve the reliability and testability of software systems. As service-oriented architecture (SOA)-based systems become more and more complex, the interaction between participating services increases frequently. The component services may generate enormous reports and fault information. Although considerable research has stressed on developing fault-proneness prediction models in service-oriented systems (SOS) using machine learning (ML) techniques, there has been little work on assessing how effective the source code metrics are for fault prediction. The paper aims to discuss this issue. Design/methodology/approach In this paper, the authors have proposed a fault prediction framework to investigate fault prediction in SOS using metrics of web services. The effectiveness of the model has been explored by applying six ML techniques, namely, Naïve Bayes, Artificial Networks (ANN), Adaptive Boosting (AdaBoost), decision tree, Random Forests and Support Vector Machine (SVM), along with five feature selection techniques to extract the essential metrics. The authors have explored accuracy, precision, recall, f-measure and receiver operating characteristic curves of the area under curve values as performance measures. Findings The experimental results show that the proposed system can classify the fault-proneness of web services, whether the service is faulty or non-faulty, as a binary-valued output automatically and effectively. Research limitations/implications One possible threat to internal validity in the study is the unknown effects of undiscovered faults. Specifically, the authors have injected possible faults into the classes using Java C3.0 tool and only fixed faults are injected into the classes. However, considering the Java C3.0 community of development, testing and use, the authors can generalize that the undiscovered faults should be few and have less impact on the results presented in this study, and that the results may be limited to the investigated complexity metrics and the used ML techniques. Originality/value In the literature, only few studies have been observed to directly concentrate on metrics-based fault-proneness prediction of SOS using ML techniques. However, most of the contributions are regarding the fault prediction of the general systems rather than SOS. A majority of them have considered reliability, changeability, maintainability using a logging/history-based approach and mathematical modeling rather than fault prediction in SOS using metrics. Thus, the authors have extended the above contributions further by applying supervised ML techniques over web services metrics and measured their capability by employing fault injection methods.
Edge computing is a technique of optimizing cloud computing systems by performing data processing at the edge of the network, near the source of the data in the systems. And, cloud computing is a service that delivers on-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, which is trending in today's technology-driven world. With the advantage of flexibility, storage, sharing, and easy accessibility, cloud is being used by major players in IT (information technology). This chapter highlights cloud/edge computing architecture and its current issues and challenges from technological and organizational aspects. A brief introduction of edge computing architecture with similar technologies along with its service models is discussed. A few counterexamples of cloud computing architecture are showed. Organizational aspects of cloud computing architecture, as well as IBM and Oracle reference cloud architecture, are briefly presented. Some emerging issues and challenges associated with cloud/edge computing on its utilization are also elaborated.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
