المؤلفون: Mastropaolo, Antonio, Nardone, Vittoria, Bavota, Gabriele, Di Penta, Massimiliano

مصطلحات موضوعية: Computer Science - Software Engineering

الوصف: Generative deep learning (DL) models have been successfully adopted for vulnerability patching. However, such models require the availability of a large dataset of patches to learn from. To overcome this issue, researchers have proposed to start from models pre-trained with general knowledge, either on the programming language or on similar tasks such as bug fixing. Despite the efforts in the area of automated vulnerability patching, there is a lack of systematic studies on how these different training procedures impact the performance of DL models for such a task. This paper provides a manyfold contribution to bridge this gap, by (i) comparing existing solutions of self-supervised and supervised pre-training for vulnerability patching; and (ii) for the first time, experimenting with different kinds of prompt-tuning for this task. The study required to train/test 23 DL models. We found that a supervised pre-training focused on bug-fixing, while expensive in terms of data collection, substantially improves DL-based vulnerability patching. When applying prompt-tuning on top of this supervised pre-trained model, there is no significant gain in performance. Instead, prompt-tuning is an effective and cheap solution to substantially boost the performance of self-supervised pre-trained models, i.e., those not relying on the bug-fixing pre-training.

الوصول الحر: http://arxiv.org/abs/2404.17896Test

المؤلفون: Varriano, Giulia, Nardone, Vittoria, Correra, Simona, Mercaldo, Francesco, Santone, Antonella

المصدر: Comput Med Imaging Graph ; ISSN:1879-0771 ; Volume:116

مصطلحات موضوعية: COVID-19, DICOM, Formal methods, Localization, Radiomics

الوصف: Radiomics is an innovative field in Personalized Medicine to help medical specialists in diagnosis and prognosis. Mainly, the application of Radiomics to medical images requires the definition and delimitation of the Region Of Interest (ROI) on the medical image to extract radiomic features. The aim of this preliminary study is to define an approach that automatically detects the specific areas indicative of a particular disease and examines them to minimize diagnostic errors associated with false positives and false negatives. This approach aims to create a nxn grid on the DICOM image sequence and each cell in the matrix is associated with a region from which radiomic features can be extracted. The proposed procedure uses the Model Checking technique and produces as output the medical diagnosis of the patient, i.e., whether the patient under analysis is affected or not by a specific disease. Furthermore, the matrix-based method also localizes where appears the disease marks. To evaluate the performance of the proposed methodology, a case study on COVID-19 disease is used. Both results on disease identification and localization seem very promising. Furthermore, this proposed approach yields better results compared to methods based on the extraction of features using the whole image as a single ROI, as evidenced by improvements in Accuracy and especially Recall. Our approach supports the advancement of knowledge, interoperability and trust in the software tool, fostering collaboration among doctors, staff and Radiomics.

العلاقة: https://doi.org/10.1016/j.compmedimag.2024.102411Test; https://pubmed.ncbi.nlm.nih.gov/38924800Test

الإتاحة: https://doi.org/10.1016/j.compmedimag.2024.102411Test
https://pubmed.ncbi.nlm.nih.gov/38924800Test

المؤلفون: Bosco, Matteo, Cavoto, Pasquale, Ungolo, Augusto, Muse, Biruk Asmare, Khomh, Foutse, Nardone, Vittoria, Di Penta, Massimiliano

المصدر: 2023 IEEE/ACM 31st International Conference on Program Comprehension (ICPC)

الإتاحة: https://doi.org/10.1109/icpc58990.2023.00033Test
http://xplorestaging.ieee.org/ielx7/10173929/10173943/10174134.pdf?arnumber=10174134Test

المؤلفون: Bernardeschi, Cinzia, Mercaldo, Francesco, Nardone, Vittoria, Santone, Antonella

المساهمون: Bernardeschi, Cinzia, Mercaldo, Francesco, Nardone, Vittoria, Santone, Antonella

مصطلحات موضوعية: malware, botnet, Android, model checking, formal methods, temporal logic, security

الوصف: Android malware is increasing from the point of view of the complexity and the harmful actions. As a matter fact, malware writers are developing sophisticated techniques to infect mobile devices very closed to their counterpart for personal computers. One of these threats is represented by the possibility to control the infected devices from the attacker i.e., the so-called botnet. In this paper a method able to identify botnet in Android environment through model checking is proposed. Starting from the malicious payload definition, the proposed method is able to detect and to localize the code related to the malicious botnet. We experiment real-world botnet based Android malware, obtaining encouraging results.

وصف الملف: ELETTRONICO

العلاقة: info:eu-repo/semantics/altIdentifier/wos/WOS:000571151500099; volume:159; firstpage:963; lastpage:972; numberofpages:10; journal:PROCEDIA COMPUTER SCIENCE; http://hdl.handle.net/11568/1016574Test; info:eu-repo/semantics/altIdentifier/scopus/2-s2.0-85076259247; https://www.sciencedirect.com/science/article/pii/S1877050919314590Test

الإتاحة: https://doi.org/10.1016/j.procs.2019.09.263Test
http://hdl.handle.net/11568/1016574Test
https://www.sciencedirect.com/science/article/pii/S1877050919314590Test

المؤلفون: Martinelli, Fabio, Mercaldo, Francesco, Nardone, Vittoria, Orlando, Albina, Santone, Antonella

مصطلحات موضوعية: EC, H2020, European Training Networks, European Commission

الوصف: n/a

العلاقة: url:https://www.openaccessrepository.it/communities/itmirrorTest; https://www.openaccessrepository.it/record/69930Test

الإتاحة: https://doi.org/10.5220/0006633403670372Test
https://www.openaccessrepository.it/record/69930Test

المؤلفون: Nardone, Vittoria, Muse, Biruk Asmare, Abidi, Mouna, Khomh, Foutse, Di Penta, Massimiliano

العلاقة: Nardone, V., Muse, B. A., Abidi, M., Khomh, F., & Di Penta, M. (2023). Video Game Bad Smells: What They Are and How Developers Perceive Them. ACM Transactions on Software Engineering and Methodology, 32(4), 1-35.

الإتاحة: https://doi.org/10.1145/3563214Test
https://publications.polymtl.ca/54833Test/

المؤلفون: Martinelli, Fabio, Mercaldo, Francesco, Nardone, Vittoria, Orlando, Albina, Santone, Antonella, Vaglini, Gigliola

المصدر: Information Technology and Control ; Vol. 48 No. 2 (2019); 278-298 ; 2335-884X ; 1392-124X

الوصف: Process mining is the set of techniques to retrieve a process model starting from available logging data. The discovered process model has to be analyzed to verify it respects the defined properties, i.e., the so-called compliance checking. Our aim is to use a model checking based approach to verify compliance. First, we propose an integrated-tool approach using existing tools as ProM (a framework supporting process mining techniques) and CADP (a formal verification environment). More precisely, the execution traces from a software system are extracted. Then, using the “Mine Transition System” plugin in ProM, we obtain a labelled transition system, that can be easily used to verify formal properties trough CADP. However, this choice presents the “state explosion” problem, i.e., models discovered through the classical process mining techniques tend to be large and complex. In order to solve this problem, another custom-made approach is shown, which accomplishes a pre- processing on the traces to obtain abstract traces, where abstraction is based on the set of temporal logic formulae specifying the system properties. Then, from the set of abstracted traces, we discover a system described in Lotos, a process algebra specification language; in this way we do not build an operational model for the system, but we produce only a language description from which a model checking environment will automatically obtain the reduced corresponding transition system. Real systems have been used as case studies to evaluate the proposed methodologies.

وصف الملف: application/pdf

العلاقة: https://itc.ktu.lt/index.php/ITC/article/view/21724/12638Test; https://itc.ktu.lt/index.php/ITC/article/view/21724Test

الإتاحة: https://itc.ktu.lt/index.php/ITC/article/view/21724Test

المؤلفون: Zampetti, Fiorella, Nardone, Vittoria, Di Penta, Massimiliano

المساهمون: European Commission

المصدر: Proceedings of the 19th International Conference on Mining Software Repositories

الإتاحة: https://doi.org/10.1145/3524842.3527948Test

المؤلفون: Mercaldo, Francesco, Nardone, Vittoria, Santone, Antonella, Visaggio, Corrado

المساهمون: University of Sannio Benevento, Elvira Albert, Ivan Lanese, TC 6, WG 6.1

المصدر: Lecture Notes in Computer Science ; 36th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE) ; https://hal.inria.fr/hal-01432919Test ; 36th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE), Jun 2016, Heraklion, Greece. pp.212-221, ⟨10.1007/978-3-319-39570-8_14⟩

مصطلحات موضوعية: Malware, Android, Security, Formal methods, Temporal logic, [INFO]Computer Science [cs], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI]

جغرافية الموضوع: Heraklion, Greece

الوصف: International audience ; Ransomware is a recent type of malware which makes inaccessible the files or the device of the victim. The only way to unlock the infected device or to have the keys for decrypting the files is to pay a ransom to the attacker. Commercial solutions for removing ransomware and restoring the infected devices and files are ineffective, since this malware uses a very robust form of asymmetric cryptography and erases shadow copies and recovery points of the operating system. Literature does not count many solutions for effectively detecting and blocking ransomware and, at the best knowledge of the authors, formal methods were never applied to identify ransomware. In this paper we propose a methodology based on formal methods that is able to detect the ransomware and to identify in the malware’s code the instructions that implement the characteristic instructions of the ransomware. The results of the experimentation are strongly encouraging and suggest that the proposed methodology could be the right way to follow for developing commercial solutions that could successful intercept the ransomware and blocking the infections it provokes.

العلاقة: hal-01432919; https://hal.inria.fr/hal-01432919Test; https://hal.inria.fr/hal-01432919/documentTest; https://hal.inria.fr/hal-01432919/file/426757_1_En_14_Chapter.pdfTest

الإتاحة: https://doi.org/10.1007/978-3-319-39570-8_14Test
https://hal.inria.fr/hal-01432919Test
https://hal.inria.fr/hal-01432919/documentTest
https://hal.inria.fr/hal-01432919/file/426757_1_En_14_Chapter.pdfTest

المؤلفون: Mercaldo, Francesco, Nardone, Vittoria, Santone, Antonella

الوصف: Medical studies demonstrated that diabetes pathology is increasing in last decades and the trend do not tends to stop. In order to help and to accelerate the diagnosis of diabetes in this paper we propose a method able to classify patients affected by diabetes using a set of characteristic selected in according to World Health Organization criteria. Evaluating real-world data using state of the art machine learning algorithms, we obtain a precision value equal to 0.770 and a recall equal to 0.775 using the HoeffdingTree algorithm.

العلاقة: url:https://www.openaccessrepository.it/communities/itmirrorTest; https://www.openaccessrepository.it/record/38648Test

الإتاحة: https://doi.org/10.1016/j.procs.2017.08.193Test
https://www.openaccessrepository.it/record/38648Test