Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197818
Daniel Ukene, H. Wimmer, Jongyeop Kim
Containerization is becoming an increasingly common aspect of DevOps. Adding a container layer increases the complexity and could impact system performance. This study explores the performance differences of the Apache and Nginx web servers on Virtual Machines (VMs) and Docker Containers with official web server images from Docker Hub. A sandbox environment was created with both containerized and non-containerized versions of the web servers, and their performance was analyzed using line graphs. The results showed differences in performance between VMs and Docker Containers, with some variation from previous research due to the virtualization being done locally rather than on the cloud. This study would be advantageous for organizations with on-premises infrastructure due to security or governing regulations.
{"title":"Evaluating the Performance of Containerized Webservers against web servers on Virtual Machines using Bombardment and Siege","authors":"Daniel Ukene, H. Wimmer, Jongyeop Kim","doi":"10.1109/SERA57763.2023.10197818","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197818","url":null,"abstract":"Containerization is becoming an increasingly common aspect of DevOps. Adding a container layer increases the complexity and could impact system performance. This study explores the performance differences of the Apache and Nginx web servers on Virtual Machines (VMs) and Docker Containers with official web server images from Docker Hub. A sandbox environment was created with both containerized and non-containerized versions of the web servers, and their performance was analyzed using line graphs. The results showed differences in performance between VMs and Docker Containers, with some variation from previous research due to the virtualization being done locally rather than on the cloud. This study would be advantageous for organizations with on-premises infrastructure due to security or governing regulations.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115992028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197800
Jonathan Elkobi, Bernd Gruner, Tim Sonnekalb, C. Brust
Type inference methods based on deep learning are becoming increasingly popular as they aim to compensate for the drawbacks of static and dynamic analysis approaches, such as high uncertainty. However, their practical application is still debatable due to several intrinsic issues such as code from different software domains will involve data types that are unknown to the type inference system.In order to overcome these problems and gain high-confidence predictions, we thus present TIPICAL, a method that combines deep similarity learning with novelty detection. We show that our method can better predict data types in high confidence by successfully filtering out unknown and inaccurate predicted data types and achieving higher F1 scores to the state-of-the-art type inference method Type4Py. Additionally, we investigate how different software domains and data type frequencies may affect the results of our method.
{"title":"TIPICAL - Type Inference for Python In Critical Accuracy Level","authors":"Jonathan Elkobi, Bernd Gruner, Tim Sonnekalb, C. Brust","doi":"10.1109/SERA57763.2023.10197800","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197800","url":null,"abstract":"Type inference methods based on deep learning are becoming increasingly popular as they aim to compensate for the drawbacks of static and dynamic analysis approaches, such as high uncertainty. However, their practical application is still debatable due to several intrinsic issues such as code from different software domains will involve data types that are unknown to the type inference system.In order to overcome these problems and gain high-confidence predictions, we thus present TIPICAL, a method that combines deep similarity learning with novelty detection. We show that our method can better predict data types in high confidence by successfully filtering out unknown and inaccurate predicted data types and achieving higher F1 scores to the state-of-the-art type inference method Type4Py. Additionally, we investigate how different software domains and data type frequencies may affect the results of our method.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126282412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197790
Mohammed Adib Khan, Naser Ezzati-Jivan
Troubleshooting system performance issues is a challenging task that requires a deep understanding of various factors that may impact system performance. This process involves analyzing trace logs from the kernel and user space using tools such as ftrace, strace, DTrace, or LTTng. However, pre-set tracing instrumentation can lead to missing important data where not enough components of the system include observability coverage. Also, having too much coverage may result in unnecessary noise in the data, making it extremely difficult to debug. This paper proposes an adaptive instrumentation technique for execution tracing, which dynamically makes decisions not only for which components to trace but also when to trace, thus reducing the risk of missing important data related to the performance problem and increasing the accuracy of debugging by reducing unwanted noises. Our case study results show that the proposed method is capable of handling tracing instrumentation dynamically for both kernel and application levels while maintaining a low overhead.
{"title":"Multi-level Adaptive Execution Tracing for Efficient Performance Analysis","authors":"Mohammed Adib Khan, Naser Ezzati-Jivan","doi":"10.1109/SERA57763.2023.10197790","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197790","url":null,"abstract":"Troubleshooting system performance issues is a challenging task that requires a deep understanding of various factors that may impact system performance. This process involves analyzing trace logs from the kernel and user space using tools such as ftrace, strace, DTrace, or LTTng. However, pre-set tracing instrumentation can lead to missing important data where not enough components of the system include observability coverage. Also, having too much coverage may result in unnecessary noise in the data, making it extremely difficult to debug. This paper proposes an adaptive instrumentation technique for execution tracing, which dynamically makes decisions not only for which components to trace but also when to trace, thus reducing the risk of missing important data related to the performance problem and increasing the accuracy of debugging by reducing unwanted noises. Our case study results show that the proposed method is capable of handling tracing instrumentation dynamically for both kernel and application levels while maintaining a low overhead.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121742684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197673
Anes Abdennebi, Alp Tunçay, Cemal Yilmaz, Anil Koyuncu, Oktay Gungor
Organizations and companies that collect data generated by sales, transactions, client/server communications, IoT nodes, devices, engines, or any other data generating/exchanging source, need to analyze this data to reveal insights about the running activities on their systems. Since streaming data has multivariate variables bearing dependencies among each other that extend temporally (to previous time steps).Long-Short Term Memory (LSTM) is a variant of the Recurrent Neural Networks capable of learning long-term dependencies using previous timesteps of sequence-shape data. The LSTM model is a valid option to apply to our data for offline anomaly detection and help foresee future system incidents. Anything that negatively affects the system and the services provided via this system is considered an incident.Moreover, the raw input data might be noisy and improper for the model, leading to misleading predictions. A wiser choice is to use an LSTM Autoencoder (LSTM-AE) specialized for extracting meaningful features of the examined data and looking back several steps to preserve temporal dependencies.In our work, we developed two LSTM-AE models. We evaluated them in an industrial setup at Koçfinans (a finance company operating in Turkey), where they have a distributed system of several nodes running dozens of microservices. The outcome of this study shows that our trained LSTM-AE models succeeded in identifying the atypical behavior of offline data with high accuracies. Furthermore, after deploying the models, we identified the system failing at the exact times for the previous two reported failures. While after deployment, it launched cautions preceding the actual failure by a week, proving efficiency on online data. Our models achieved 99.7% accuracy and 89.1% as F1-score. Moreover, it shows potential in finding the proper LSTM-AE model architecture when time series data with temporal dependency property is fed to the model.
{"title":"LSTM-AE for Anomaly Detection on Multivariate Telemetry Data","authors":"Anes Abdennebi, Alp Tunçay, Cemal Yilmaz, Anil Koyuncu, Oktay Gungor","doi":"10.1109/SERA57763.2023.10197673","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197673","url":null,"abstract":"Organizations and companies that collect data generated by sales, transactions, client/server communications, IoT nodes, devices, engines, or any other data generating/exchanging source, need to analyze this data to reveal insights about the running activities on their systems. Since streaming data has multivariate variables bearing dependencies among each other that extend temporally (to previous time steps).Long-Short Term Memory (LSTM) is a variant of the Recurrent Neural Networks capable of learning long-term dependencies using previous timesteps of sequence-shape data. The LSTM model is a valid option to apply to our data for offline anomaly detection and help foresee future system incidents. Anything that negatively affects the system and the services provided via this system is considered an incident.Moreover, the raw input data might be noisy and improper for the model, leading to misleading predictions. A wiser choice is to use an LSTM Autoencoder (LSTM-AE) specialized for extracting meaningful features of the examined data and looking back several steps to preserve temporal dependencies.In our work, we developed two LSTM-AE models. We evaluated them in an industrial setup at Koçfinans (a finance company operating in Turkey), where they have a distributed system of several nodes running dozens of microservices. The outcome of this study shows that our trained LSTM-AE models succeeded in identifying the atypical behavior of offline data with high accuracies. Furthermore, after deploying the models, we identified the system failing at the exact times for the previous two reported failures. While after deployment, it launched cautions preceding the actual failure by a week, proving efficiency on online data. Our models achieved 99.7% accuracy and 89.1% as F1-score. Moreover, it shows potential in finding the proper LSTM-AE model architecture when time series data with temporal dependency property is fed to the model.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121952596","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197736
J. Alves-Foss, Aditi Pokharel, Ronisha Shigdel, Jia Song
Computer science experimentation, whether it be for safety, reliability or cybersecurity, is an important part of scientific advancement. Evaluation of relative merits of various experiments typically requires well-calibrated benchmarks that can be used to measure the experimental results. This paper reviews current trends in using benchmarks in fuzzing experimental research for cybersecurity, specifically with metrics related to coverage analysis. Strengths and weaknesses of the current techniques are evaluated and suggestions for improving the current approaches are proposed. The end goal is to convince researchers that benchmarks for experimentation must be well documented, archived and calibrated so that the community knows how well the tools and techniques perform with respect to the possible maximum in the benchmark.
{"title":"Calibrating Cybersecurity Experiments: Evaluating Coverage Analysis for Fuzzing Benchmarks","authors":"J. Alves-Foss, Aditi Pokharel, Ronisha Shigdel, Jia Song","doi":"10.1109/SERA57763.2023.10197736","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197736","url":null,"abstract":"Computer science experimentation, whether it be for safety, reliability or cybersecurity, is an important part of scientific advancement. Evaluation of relative merits of various experiments typically requires well-calibrated benchmarks that can be used to measure the experimental results. This paper reviews current trends in using benchmarks in fuzzing experimental research for cybersecurity, specifically with metrics related to coverage analysis. Strengths and weaknesses of the current techniques are evaluated and suggestions for improving the current approaches are proposed. The end goal is to convince researchers that benchmarks for experimentation must be well documented, archived and calibrated so that the community knows how well the tools and techniques perform with respect to the possible maximum in the benchmark.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127737427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197704
S. Raj, Santanu Roy, Surajit Jana, Soumyadip Roy, Takaaki Goto, S. Sen
Customer segmentation is a separation of a market into multiple distinct groups of consumers who share the similar characteristics. Segmentation of market is an effective way to define and meet Customer needs and also to identify the future business plan. Unsupervised machine learning algorithms are suitable to analyze and identify the possible set of customers when the labeled data about the customers are no available. In this research work the spending of different customers who have credit cards are analyzed to segment them into different clusters and also to plan further business improvements based on the different characteristics of these identified clusters.
{"title":"Customer Segmentation Using Credit Card Data Analysis","authors":"S. Raj, Santanu Roy, Surajit Jana, Soumyadip Roy, Takaaki Goto, S. Sen","doi":"10.1109/SERA57763.2023.10197704","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197704","url":null,"abstract":"Customer segmentation is a separation of a market into multiple distinct groups of consumers who share the similar characteristics. Segmentation of market is an effective way to define and meet Customer needs and also to identify the future business plan. Unsupervised machine learning algorithms are suitable to analyze and identify the possible set of customers when the labeled data about the customers are no available. In this research work the spending of different customers who have credit cards are analyzed to segment them into different clusters and also to plan further business improvements based on the different characteristics of these identified clusters.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129964775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197730
Fei Zuo, Xin Zhang, Yuqi Song, J. Rhee, Jicheng Fu
As open source software is widely used, the vulnerabilities contained therein are also rapidly propagated to a large number of innocent applications. Even worse, many vulnerabilities in open-source projects are secretly fixed, which leads to affected software being unaware and thus exposed to risks. For the purpose of protecting deployed software, designing an effective patch classification system becomes more of a need than an option. To this end, some researchers take advantage of the recent advancements in natural language processing to learn both commit messages and code changes. However, they often incur high false positive rates. Not only that, existing works cannot yet answer how much the textual description (such as commit messages) alone can influence the final triage. In this paper, we propose a Transformer based patch classifier, which does not use any code changes as inputs. Surprisingly, the extensive experiment shows the proposed approach can significantly outperform other state-of-the-art work with a high precision of 93.0% and low false positive rate. Therefore, our research further confirms the critical importance of well-crafted commit messages for the later software maintenance. Finally, our case study also identifies 48 silent security patches, which can benefit those affected software.
{"title":"Commit Message Can Help: Security Patch Detection in Open Source Software via Transformer","authors":"Fei Zuo, Xin Zhang, Yuqi Song, J. Rhee, Jicheng Fu","doi":"10.1109/SERA57763.2023.10197730","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197730","url":null,"abstract":"As open source software is widely used, the vulnerabilities contained therein are also rapidly propagated to a large number of innocent applications. Even worse, many vulnerabilities in open-source projects are secretly fixed, which leads to affected software being unaware and thus exposed to risks. For the purpose of protecting deployed software, designing an effective patch classification system becomes more of a need than an option. To this end, some researchers take advantage of the recent advancements in natural language processing to learn both commit messages and code changes. However, they often incur high false positive rates. Not only that, existing works cannot yet answer how much the textual description (such as commit messages) alone can influence the final triage. In this paper, we propose a Transformer based patch classifier, which does not use any code changes as inputs. Surprisingly, the extensive experiment shows the proposed approach can significantly outperform other state-of-the-art work with a high precision of 93.0% and low false positive rate. Therefore, our research further confirms the critical importance of well-crafted commit messages for the later software maintenance. Finally, our case study also identifies 48 silent security patches, which can benefit those affected software.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132087638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197799
Y. Geum
This paper proposes an ECSSL(Elliptic Curve Secure Socket Layer) protocol that provides more securities and faster processing speed than an existing SSL(Secure Socket Layer) protocol. An ECSSL protocol consists of ECC(Elliptic Curve Cryptography), ThreeB(Block Byte Bit Cipher) algorithm to prevent from being eavesdropped, HMAC(Hash Message Authentication Code) algorithm to create digital signature using a shared secret key. In particular, as ThreeB uses byte exchange by using random technique. and bit-xor operation, compared with DES using fixed index table, the security and processing time of it are improved much better.
{"title":"3 B (Block Byte Bit) Cipher Algorithm for Secure Socket Layer","authors":"Y. Geum","doi":"10.1109/SERA57763.2023.10197799","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197799","url":null,"abstract":"This paper proposes an ECSSL(Elliptic Curve Secure Socket Layer) protocol that provides more securities and faster processing speed than an existing SSL(Secure Socket Layer) protocol. An ECSSL protocol consists of ECC(Elliptic Curve Cryptography), ThreeB(Block Byte Bit Cipher) algorithm to prevent from being eavesdropped, HMAC(Hash Message Authentication Code) algorithm to create digital signature using a shared secret key. In particular, as ThreeB uses byte exchange by using random technique. and bit-xor operation, compared with DES using fixed index table, the security and processing time of it are improved much better.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125725257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-23DOI: 10.1109/SERA57763.2023.10197716
S. Tanimoto, Sogen Hori, Hiroyuki Sato, Atsushi Kanai
Telework has been on the rise since the advent of COVID-19, and concerns have arisen about issues such as information leakage due to internal fraud. The zero-trust model is attracting attention as a countermeasure. This model reduces risk by constantly performing authentication and authorization, thus leading to improved security levels and safer operation. However, currently less than 40% of the companies in Japan have introduced zero trust into their security policies, mainly due to the lack of specific guidelines for operational management. We have therefore developed a security policy (service authorization conditions) for the software defined perimeter (SDP) zero-trust model as a universal operational management method to promote zero-trust implementation. Specifically, we simplify the time/place/occasion (TPO) conditions of users as T (inside/outside working hours), P (inside/outside the company, telework), and O (with/without visitors), resulting in 12 patterns, and for each of these TPO conditions, we propose detailed new service authorization conditions for SDP. The results of qualitative evaluation demonstrated the effectiveness of the proposed method. Our findings will contribute to the introduction of the zero-trust model and pave the way for safer and more secure corporate networks.
{"title":"Operation Management Method of Software Defined Perimeter for Promoting Zero-Trust Model","authors":"S. Tanimoto, Sogen Hori, Hiroyuki Sato, Atsushi Kanai","doi":"10.1109/SERA57763.2023.10197716","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197716","url":null,"abstract":"Telework has been on the rise since the advent of COVID-19, and concerns have arisen about issues such as information leakage due to internal fraud. The zero-trust model is attracting attention as a countermeasure. This model reduces risk by constantly performing authentication and authorization, thus leading to improved security levels and safer operation. However, currently less than 40% of the companies in Japan have introduced zero trust into their security policies, mainly due to the lack of specific guidelines for operational management. We have therefore developed a security policy (service authorization conditions) for the software defined perimeter (SDP) zero-trust model as a universal operational management method to promote zero-trust implementation. Specifically, we simplify the time/place/occasion (TPO) conditions of users as T (inside/outside working hours), P (inside/outside the company, telework), and O (with/without visitors), resulting in 12 patterns, and for each of these TPO conditions, we propose detailed new service authorization conditions for SDP. The results of qualitative evaluation demonstrated the effectiveness of the proposed method. Our findings will contribute to the introduction of the zero-trust model and pave the way for safer and more secure corporate networks.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122233897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-26DOI: 10.1109/SERA57763.2023.10197739
Jason Duran, M. Sakib, Nasir U. Eisty, Francesca Spezzano
The surge of research on fake news and misinformation in the aftermath of the 2016 election has led to a significant increase in publicly available source code repositories. Our study aims to systematically analyze and evaluate the most relevant repositories and their Python source code in this area to improve awareness, quality, and understanding of these resources within the research community. Additionally, our work aims to measure the quality and complexity metrics of these repositories and identify their fundamental features to aid researchers in advancing the field’s knowledge in understanding and preventing the spread of misinformation on social media. As a result, we found that more popular fake news repositories and associated papers with higher citation counts tend to have more maintainable code measures, more complex code paths, a larger number of lines of code, a higher Halstead effort, and fewer comments. Utilizing these findings to devise efficient research and coding techniques to combat fake news, we can strive towards building a more knowledgeable and well-informed society.
{"title":"Evaluating Code Metrics in GitHub Repositories Related to Fake News and Misinformation","authors":"Jason Duran, M. Sakib, Nasir U. Eisty, Francesca Spezzano","doi":"10.1109/SERA57763.2023.10197739","DOIUrl":"https://doi.org/10.1109/SERA57763.2023.10197739","url":null,"abstract":"The surge of research on fake news and misinformation in the aftermath of the 2016 election has led to a significant increase in publicly available source code repositories. Our study aims to systematically analyze and evaluate the most relevant repositories and their Python source code in this area to improve awareness, quality, and understanding of these resources within the research community. Additionally, our work aims to measure the quality and complexity metrics of these repositories and identify their fundamental features to aid researchers in advancing the field’s knowledge in understanding and preventing the spread of misinformation on social media. As a result, we found that more popular fake news repositories and associated papers with higher citation counts tend to have more maintainable code measures, more complex code paths, a larger number of lines of code, a higher Halstead effort, and fewer comments. Utilizing these findings to devise efficient research and coding techniques to combat fake news, we can strive towards building a more knowledgeable and well-informed society.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127308314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: