Joana Cabral Costa scite author profile

Joana Cabral Costa

2Publications

2Citation Statements Received

55Citation Statements Given

How they've been cited

How they cite others

Affiliations

Instituto de Telecomunicações, University of Beira Interior, Weatherford College

Publications

Order By: Most citations

Predicting CVSS Metric via Description Interpretation

et al. 2022

View full text Add to dashboard Cite

Cybercrime affects companies worldwide, costing millions of dollars annually. The constant increase of threats and vulnerabilities raises the need to handle vulnerabilities in a prioritized manner. This prioritization can be achieved through Common Vulnerability Scoring System (CVSS), typically used to assign a score to a vulnerability. However, there is a temporal mismatch between the vulnerability finding and score assignment, which motivates the development of approaches to aid in this aspect. We explore the use of Natural Language Processing (NLP) models in CVSS score prediction given vulnerability descriptions. We start by creating a vulnerability dataset from the National Vulnerability Database (NVD). Then, we combine text pre-processing and vocabulary addition to improve the model accuracy and interpret its prediction reasoning by assessing word importance, via Shapley values. Experiments show that the combination of Lemmatization and 5,000-word addition is optimal for DistilBERT, the outperforming model in our experiments of the NLP methods, achieving state-of-the-art results. Furthermore, specific events (such as an attack on a known software) tend to influence model prediction, which may hinder CVSS prediction. Combining Lemmatization with vocabulary addition mitigates this effect, contributing to increased accuracy. Finally, binary classes benefit the most from pre-processing techniques, particularly when one class is much more prominent than the other. Our work demonstrates that DistilBERT is a state-of-the-art model for CVSS prediction, demonstrating the applicability of deep learning approaches to aid in vulnerability handling. The code and data are available at https://github.com/Joana-Cabral/.

show abstract

Theoretical and practical assessments over SSH

Costa¹,

Roxo²,

Lopes³

et al. 2023

RPTEL

View full text Add to dashboard Cite

During the COVID-19 pandemic, universities worldwide were forced to close, causing a shift from presential to remote classes. This situation motivated teachers to find suitable tools to evaluate students remotely, fairly, and accurately. However, currently available systems are either survey or exercise evaluation based, not suitable for competency-based assessments. Faced with this context and limitations of available evaluation systems, we developed TestsOverSSH, a system to devise, deliver, and automatically correct assessments performed in a Command Line Interface (CLI) environment. Unique assessments are generated per student when they access the proposed system via Secure SHell (SSH). TestsOverSSH is composed of shell scripts that orchestrate a series of tools and services that come pre-installed in Linux distributions. It can be used to construct multiple-choice or direct answer questions while also requiring students to perform tasks in the environment per se, namely computer programming or CLI manipulation-related assignments. We present examples of the question types in this system, explaining question formats and operating guidelines. Since the assessments are directly performed in the system, logs and command history can be easily retrieved while keeping information within student devices uncollected. We performed evaluations using this system in a real context and obtained student feedback through a custom survey and the System Usability Scale (SUS). Survey results and SUS score suggest that TestsOverSSH is an intuitive evaluation tool, with eased access and usage, making it applicable for e-learning.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.