Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00100
Jingbo Yang, Jian Ren, Wenjun Wu
Software developers need to take advantage of a variety of APIs (application programming interface) in their programs to implement specific functions. The problem of API misuses often arises when developers have incorrect understandings about the new APIs without carefully reading API documents. In order to avoid software defects caused by API misuse, researchers have explored multiple methods, including using AI(artificial intelligence) technology.As a kind of neural network in AI, Transformer has a good sequence processing ability, and the self attention mechanism used by Transformer can better catch the relation in a sequence or between different sequences. Besides it has a good model interpretability. From the perspective of combining API misuse detection with AI, this paper implements a standard Transformer model and a target-combination Transformer model to the learning of API usage information in a named API call sequence extracted from API usage program code. Then we present in the paper the way that our models use API usage information to detect if an API is misused in code. We use F1, precision and recall to evaluate the detection ability and show the advantages of our models in these three indexes. Besides, our models based on Transformer both have a better convergence. Finally, this paper explains why the models based on Transformer has a better performance by showing attention weight among different elements in code.
{"title":"API Misuse Detection Method Based on Transformer","authors":"Jingbo Yang, Jian Ren, Wenjun Wu","doi":"10.1109/QRS57517.2022.00100","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00100","url":null,"abstract":"Software developers need to take advantage of a variety of APIs (application programming interface) in their programs to implement specific functions. The problem of API misuses often arises when developers have incorrect understandings about the new APIs without carefully reading API documents. In order to avoid software defects caused by API misuse, researchers have explored multiple methods, including using AI(artificial intelligence) technology.As a kind of neural network in AI, Transformer has a good sequence processing ability, and the self attention mechanism used by Transformer can better catch the relation in a sequence or between different sequences. Besides it has a good model interpretability. From the perspective of combining API misuse detection with AI, this paper implements a standard Transformer model and a target-combination Transformer model to the learning of API usage information in a named API call sequence extracted from API usage program code. Then we present in the paper the way that our models use API usage information to detect if an API is misused in code. We use F1, precision and recall to evaluate the detection ability and show the advantages of our models in these three indexes. Besides, our models based on Transformer both have a better convergence. Finally, this paper explains why the models based on Transformer has a better performance by showing attention weight among different elements in code.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115967574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00048
Qihao Bao, Bixin Li, Tianyuan Hu, Dongyu Cao
With the wide application of the Raft consensus algorithm in blockchain systems, its safety has attracted more and more attention. However, although some researchers have formally verified the safety of the Raft consensus algorithm in most scenarios, there are still some safety problems with Raft consensus algorithm in some special scenarios, and cause problems now and then. For example, as a core part of the Raft consensus algorithm, the Raft leader election algorithm usually faces some safety problems in following scenarios: if the network communication between some nodes is abnormal, the leader node could be unstable or even cannot be elected, or the log entry cannot be updated, etc. In this paper, we model check the safety of the Raft leader election algorithm throughly using Spin. We use Promela language to model the Raft leader election algorithm and use Linear-time Temporal Logic (LTL) formulae to characterize three safety properties including stability, liveness, and uniqueness. The verification results show that the Raft leader election algorithm does not hold stability and liveness when some nodes are faulty and node log entries are inconsistent. For these safety problems, we give the suggestions for improving safety by analyzing counter examples.
{"title":"Model Checking the Safety of Raft Leader Election Algorithm","authors":"Qihao Bao, Bixin Li, Tianyuan Hu, Dongyu Cao","doi":"10.1109/QRS57517.2022.00048","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00048","url":null,"abstract":"With the wide application of the Raft consensus algorithm in blockchain systems, its safety has attracted more and more attention. However, although some researchers have formally verified the safety of the Raft consensus algorithm in most scenarios, there are still some safety problems with Raft consensus algorithm in some special scenarios, and cause problems now and then. For example, as a core part of the Raft consensus algorithm, the Raft leader election algorithm usually faces some safety problems in following scenarios: if the network communication between some nodes is abnormal, the leader node could be unstable or even cannot be elected, or the log entry cannot be updated, etc. In this paper, we model check the safety of the Raft leader election algorithm throughly using Spin. We use Promela language to model the Raft leader election algorithm and use Linear-time Temporal Logic (LTL) formulae to characterize three safety properties including stability, liveness, and uniqueness. The verification results show that the Raft leader election algorithm does not hold stability and liveness when some nodes are faulty and node log entries are inconsistent. For these safety problems, we give the suggestions for improving safety by analyzing counter examples.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134645318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00038
Kazuki Yoda, Tomoki Nakamaru, Soramichi Akiyama, S. Chiba
This paper presents a technique for detecting an anomaly in method placements in Java packages. This anomaly detection helps code reviewers discover a method belonging to an inappropriate package in modularity when developers commit changes in their software development projects. Moving such a method to an appropriate package will contribute to the maintenance of good modularity in their projects. This is particularly beneficial in the later stage of development, where modularity is often violated by adding new features not anticipated in the initial plan. Our technique is based on few-shot classification in machine learning. This paper empirically reveals that our neural network model can detect an anomaly in method placements and a significant portion of the anomalies is considered as inappropriate method placements in modularity. Our model can discover even a method placement that violates a project-specific coding rule that its developers would choose for some reason of maintainability or readability. Our technique is useful for maintaining the consistency in such a project-specific rule.
{"title":"An Anomaly-Based Approach for Detecting Modularity Violations on Method Placement","authors":"Kazuki Yoda, Tomoki Nakamaru, Soramichi Akiyama, S. Chiba","doi":"10.1109/QRS57517.2022.00038","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00038","url":null,"abstract":"This paper presents a technique for detecting an anomaly in method placements in Java packages. This anomaly detection helps code reviewers discover a method belonging to an inappropriate package in modularity when developers commit changes in their software development projects. Moving such a method to an appropriate package will contribute to the maintenance of good modularity in their projects. This is particularly beneficial in the later stage of development, where modularity is often violated by adding new features not anticipated in the initial plan. Our technique is based on few-shot classification in machine learning. This paper empirically reveals that our neural network model can detect an anomaly in method placements and a significant portion of the anomalies is considered as inappropriate method placements in modularity. Our model can discover even a method placement that violates a project-specific coding rule that its developers would choose for some reason of maintainability or readability. Our technique is useful for maintaining the consistency in such a project-specific rule.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133119261","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As different versions of the same application might be implemented based on different platforms/programming languages, it is significantly important to build an automated migration tool for the application programming interface (API) mapping relations between different platforms/programming languages. In this paper, we propose an approach to discover API mappings based on the API documentation. We first divide the information in the API documentation into different types of entities, relations, and attributes to construct their respective API Documentation Graphs (ADGs). Then, we encode nodes, edges and triplets of ADGs and input them to a new graph neural network (GNN) for entity alignment to obtain the API mappings between the two different platforms/programming languages. Taking HarmonyOS and Android as representative cases, we evaluate our approach based on their API documentation. The results show that our approach improves top-1, top-5, and top10 accuracies by 50.57%, 56.25%, and 52.66%, respectively, compared with documentation-based baselines.
{"title":"Cross Platform API Mappings based on API Documentation Graphs","authors":"Yanjie Shao, Tianyue Luo, Xiang Ling, Limin Wang, Senwen Zheng","doi":"10.1109/QRS57517.2022.00097","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00097","url":null,"abstract":"As different versions of the same application might be implemented based on different platforms/programming languages, it is significantly important to build an automated migration tool for the application programming interface (API) mapping relations between different platforms/programming languages. In this paper, we propose an approach to discover API mappings based on the API documentation. We first divide the information in the API documentation into different types of entities, relations, and attributes to construct their respective API Documentation Graphs (ADGs). Then, we encode nodes, edges and triplets of ADGs and input them to a new graph neural network (GNN) for entity alignment to obtain the API mappings between the two different platforms/programming languages. Taking HarmonyOS and Android as representative cases, we evaluate our approach based on their API documentation. The results show that our approach improves top-1, top-5, and top10 accuracies by 50.57%, 56.25%, and 52.66%, respectively, compared with documentation-based baselines.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134056879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00099
Yubo Zhang, Yanfang Liu, Xinxin Fan, Yunfeng Lu
With the purpose of saving the developing time of software engineers and promoting the work efficiency of programs, the research on automated source-code summarization (SCS) has become necessary in recent years, i.e. generating language descriptions for source code. To date, there exist two categories of SCS methods: information retrieval (IR)-based SCS and neural-based SCS. The latter is the mainstream method at present, however, this line of work suffers from the drawback of incapability to generate low-frequency words, which potentially degrades the performance. To tackle this predicament, we in this paper propose an IR-enhanced neural SCS method RetCom to improve the prediction of low-frequency words through leveraging both structural-level and semantic-level code retrievals. Furthermore, we figure out a token-level context-dependent mixture network to fuse different information sources, i.e. original code, structurally most similar code, and semantically most similar code. Finally, extensive experiments are performed to validate our proposed RetCom using two real-world datasets. Compared to several baseline methods, the experimental results show that our method does validly capture more low-frequency words to conduct a superior performance.
{"title":"RetCom: Information Retrieval-Enhanced Automatic Source-Code Summarization","authors":"Yubo Zhang, Yanfang Liu, Xinxin Fan, Yunfeng Lu","doi":"10.1109/QRS57517.2022.00099","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00099","url":null,"abstract":"With the purpose of saving the developing time of software engineers and promoting the work efficiency of programs, the research on automated source-code summarization (SCS) has become necessary in recent years, i.e. generating language descriptions for source code. To date, there exist two categories of SCS methods: information retrieval (IR)-based SCS and neural-based SCS. The latter is the mainstream method at present, however, this line of work suffers from the drawback of incapability to generate low-frequency words, which potentially degrades the performance. To tackle this predicament, we in this paper propose an IR-enhanced neural SCS method RetCom to improve the prediction of low-frequency words through leveraging both structural-level and semantic-level code retrievals. Furthermore, we figure out a token-level context-dependent mixture network to fuse different information sources, i.e. original code, structurally most similar code, and semantically most similar code. Finally, extensive experiments are performed to validate our proposed RetCom using two real-world datasets. Compared to several baseline methods, the experimental results show that our method does validly capture more low-frequency words to conduct a superior performance.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132653534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00030
Bahareh Afshinpour, Roland Groz, Massih-Reza Amini
Telemetry data (e.g.: CPU and memory usage) is an essential source of information for a software system that projects the system’s health. Anomalies in telemetry data warn system administrators about an imminent failure or deterioration of service quality. However, input events to the system (such as service requests) are the cause of abnormal system behaviour and, thus, anomalous telemetry data. By observing input events, one might predict anomalies even before they appear in telemetry data, thus giving the system administrator even earlier warning before the failure. Finding a correlation between input events and anomalies in telemetry data is challenging in many cases. This paper proposes a machine learning approach to learn the causality correlation between input event sequences and telemetry data. To this aim, a Natural Language Processing(NLP) approach is employed to create a concept space model to distinguish between normal and abnormal test sequences. Based on a vectorized representation of each input sequence, the concept space indicates whether the sequence will cause a system failure. Since the meaning of fault is not established in system status Telemetry-based fault detection, the suggested technique first detects periods of time when a software system status encounters aberrant situations (Bug-Zones). An extensive study on a real-world database acquired by a telecommunication operator and an open-source microservice software demonstrates that our approach achieves 71% and 90% accuracy as a Bug-Zones predictor.
{"title":"Telemetry-Based Software Failure Prediction by Concept-Space Model Creation","authors":"Bahareh Afshinpour, Roland Groz, Massih-Reza Amini","doi":"10.1109/QRS57517.2022.00030","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00030","url":null,"abstract":"Telemetry data (e.g.: CPU and memory usage) is an essential source of information for a software system that projects the system’s health. Anomalies in telemetry data warn system administrators about an imminent failure or deterioration of service quality. However, input events to the system (such as service requests) are the cause of abnormal system behaviour and, thus, anomalous telemetry data. By observing input events, one might predict anomalies even before they appear in telemetry data, thus giving the system administrator even earlier warning before the failure. Finding a correlation between input events and anomalies in telemetry data is challenging in many cases. This paper proposes a machine learning approach to learn the causality correlation between input event sequences and telemetry data. To this aim, a Natural Language Processing(NLP) approach is employed to create a concept space model to distinguish between normal and abnormal test sequences. Based on a vectorized representation of each input sequence, the concept space indicates whether the sequence will cause a system failure. Since the meaning of fault is not established in system status Telemetry-based fault detection, the suggested technique first detects periods of time when a software system status encounters aberrant situations (Bug-Zones). An extensive study on a real-world database acquired by a telecommunication operator and an open-source microservice software demonstrates that our approach achieves 71% and 90% accuracy as a Bug-Zones predictor.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115543994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00116
Yuan Zhao, Gaolei Yi, Fan Liu, Zhan-wei Hui, Jianhua Zhao
Modern software brings many conveniences to users through big data, but it also risks privacy leakage. In recent years, privacy leaks have been frequent, and various countries have introduced privacy protection bills to protect users' privacy security and avoid misuse of their private data.The researchers have conducted many studies to protect user privacy, including privacy policy compliance checks and mobile application permission checks. However, little existing work considers the verification of matching software code behavior and privacy policy. In this paper, we propose a set of privacy scanning methods to solve mentioned issues with static code analysis.We first classify privacy text and extracts privacy information. Then we perform static analysis on the code to obtain variable privacy information and privacy propagation paths by combining an abstract syntax tree and the call graph. We also match the results to the text analysis results. The experiments demonstrate that our method outperforms other classification methods in privacy text judgment, with an accuracy rate of 90% in detecting privacy information in the code. Meanwhile, the short running time ensures that no extra overhead is imposed on the user.
{"title":"A Framework for Scanning Privacy Information based on Static Analysis","authors":"Yuan Zhao, Gaolei Yi, Fan Liu, Zhan-wei Hui, Jianhua Zhao","doi":"10.1109/QRS57517.2022.00116","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00116","url":null,"abstract":"Modern software brings many conveniences to users through big data, but it also risks privacy leakage. In recent years, privacy leaks have been frequent, and various countries have introduced privacy protection bills to protect users' privacy security and avoid misuse of their private data.The researchers have conducted many studies to protect user privacy, including privacy policy compliance checks and mobile application permission checks. However, little existing work considers the verification of matching software code behavior and privacy policy. In this paper, we propose a set of privacy scanning methods to solve mentioned issues with static code analysis.We first classify privacy text and extracts privacy information. Then we perform static analysis on the code to obtain variable privacy information and privacy propagation paths by combining an abstract syntax tree and the call graph. We also match the results to the text analysis results. The experiments demonstrate that our method outperforms other classification methods in privacy text judgment, with an accuracy rate of 90% in detecting privacy information in the code. Meanwhile, the short running time ensures that no extra overhead is imposed on the user.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125104095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00056
A. Amiri, Uwe Zdun, Konstantinos Plakidas
Container scheduling is a fundamental part of today’s service and cloud-based applications. Schedulers operate at different levels depending on how much control the system developers have. On the one hand, container orchestration managers such as Google Kubernetes manage the scheduling of containers to different nodes. On the other hand, serverless managers, such as Google Autopilot, take care of the underlying infrastructure automatically, and developers do not need to manage the nodes. However, when it comes to container depletion, i.e., removing the assigned cloud resources to an idle container, current scheduling technologies have limitations. In this paper, we propose our approach to managing cloud resource usage when containers are idle efficiently. For this purpose, we deplete idle containers statefully, i.e., propose a novel manager that monitors idle containers, saves their state, and efficiently depletes them. This manager reconstructs a depleted container using the saved state when reconstruction is needed. In our approach, we suggest an Infrastructure as Code component to automate the creation of new nodes if a depleted container cannot be scheduled on the same node, e.g., because of being overloaded. We provide an analytical model for the stateful depletion of containers and their rescheduling and empirically evaluate the accuracy of our model. For this purpose, we ran an experiment on a private cloud infrastructure and Google Cloud Platform. Our model has a low error rate of 4.28% averaged over public and private clouds.
{"title":"Stateful Depletion and Scheduling of Containers on Cloud Nodes for Efficient Resource Usage","authors":"A. Amiri, Uwe Zdun, Konstantinos Plakidas","doi":"10.1109/QRS57517.2022.00056","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00056","url":null,"abstract":"Container scheduling is a fundamental part of today’s service and cloud-based applications. Schedulers operate at different levels depending on how much control the system developers have. On the one hand, container orchestration managers such as Google Kubernetes manage the scheduling of containers to different nodes. On the other hand, serverless managers, such as Google Autopilot, take care of the underlying infrastructure automatically, and developers do not need to manage the nodes. However, when it comes to container depletion, i.e., removing the assigned cloud resources to an idle container, current scheduling technologies have limitations. In this paper, we propose our approach to managing cloud resource usage when containers are idle efficiently. For this purpose, we deplete idle containers statefully, i.e., propose a novel manager that monitors idle containers, saves their state, and efficiently depletes them. This manager reconstructs a depleted container using the saved state when reconstruction is needed. In our approach, we suggest an Infrastructure as Code component to automate the creation of new nodes if a depleted container cannot be scheduled on the same node, e.g., because of being overloaded. We provide an analytical model for the stateful depletion of containers and their rescheduling and empirically evaluate the accuracy of our model. For this purpose, we ran an experiment on a private cloud infrastructure and Google Cloud Platform. Our model has a low error rate of 4.28% averaged over public and private clouds.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123411963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00037
Minjune Kim, Jinny Cho, Hyuk-Soon Lim, T. Moore, Frederica Free-Nelson, R. Ko, Dan Dongseong Kim
As cyberattacks are rising, Moving Target Defense (MTD) can be a countermeasure to proactively protect a networked system against cyber-attacks. Despite the fact that MTD systems demonstrate security effectiveness against the reconnaissance of Cyber Kill Chain (CKC), a time-based MTD has a limitation when it comes to protecting a system against the next phases of CKC. In this work, we propose a novel hybrid MTD technique, its implementation and evaluation. Our hybrid MTD system is designed on a real SDN testbed and it uses an intrusion detection system (IDS) to provide an additional MTD triggering condition. This in itself presents an extra layer of system protection. Our hybrid MTD technique can enhance security in the response to multi-phased cyber-attacks. The use of the reactive MTD triggering from intrusion detection alert shows that it is effective to thwart the further phase of detected cyber-attacks. We also investigate the performance degradation due to more frequent MTD triggers.This work contributes to (1) proposing an ML-based rule classification model for predicting identified attacks which helps a decision-making process for security enhancement; (2) developing a hybrid-based MTD integrated with a Network Intrusion Detection System (NIDS) with the consideration of performance and security; and (3) assessment of the performance degradation and security effectiveness against potential real attacks (i.e., scanning, dictionary, and SQL injection attack) in a physical testbed.
{"title":"Evaluating Performance and Security of a Hybrid Moving Target Defense in SDN Environments","authors":"Minjune Kim, Jinny Cho, Hyuk-Soon Lim, T. Moore, Frederica Free-Nelson, R. Ko, Dan Dongseong Kim","doi":"10.1109/QRS57517.2022.00037","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00037","url":null,"abstract":"As cyberattacks are rising, Moving Target Defense (MTD) can be a countermeasure to proactively protect a networked system against cyber-attacks. Despite the fact that MTD systems demonstrate security effectiveness against the reconnaissance of Cyber Kill Chain (CKC), a time-based MTD has a limitation when it comes to protecting a system against the next phases of CKC. In this work, we propose a novel hybrid MTD technique, its implementation and evaluation. Our hybrid MTD system is designed on a real SDN testbed and it uses an intrusion detection system (IDS) to provide an additional MTD triggering condition. This in itself presents an extra layer of system protection. Our hybrid MTD technique can enhance security in the response to multi-phased cyber-attacks. The use of the reactive MTD triggering from intrusion detection alert shows that it is effective to thwart the further phase of detected cyber-attacks. We also investigate the performance degradation due to more frequent MTD triggers.This work contributes to (1) proposing an ML-based rule classification model for predicting identified attacks which helps a decision-making process for security enhancement; (2) developing a hybrid-based MTD integrated with a Network Intrusion Detection System (NIDS) with the consideration of performance and security; and (3) assessment of the performance degradation and security effectiveness against potential real attacks (i.e., scanning, dictionary, and SQL injection attack) in a physical testbed.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125935061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: