Modelling and Analytics of Software and Systems
Building secure, efficient, and usable applications, systems, and networks
Building secure, efficient, and usable applications, systems, and networks
The Laboratory for Modelling and Analytics of Software and Systems (MASS Lab) is Professor Hui Chen’s research group at the City University of New York. The group is investigating a multi-pronged approach for engineering large and complex software and networked systems.
The group welcomes collaborations with industry and with motivated graduate and undergraduate students. Please contact Professor Hui Chen if you are interested in joining the research group.
Cheng Ning
Kevin J. Lewis
Yunhua Zhao
Jack Choinski
Ureka Chambugong
Daniel Romanowski
Thomas Raczkowski
Ariel Zablozki
John Doros
Wesley Liang
Recent years have experienced sustained focus in research on software defect prediction (SDP) that aims to predict the likelihood of software defects. The primary objective is to investigate Just-in-Time Software Defect Prediction (JIT-SDP), a variant of SDP focusing on predicting whether each incremental software change is defective. The increased interest and widely spread practice of continuous deployment highlights the importance of this research direction.
@article{DBLP:journals/corr/abs-2310-12289,
author = {Zhao, Yunhua and Chen, Hui},
title = {Deep Incremental Learning of Imbalanced Data for Just-In-Time Software Defect Prediction},
journal = {CoRR},
volume = {abs/2310.12289},
year = {2023},
url = {https://doi.org/10.48550/arXiv.2310.12289},
doi = {10.48550/ARXIV.2310.12289},
eprinttype = {arXiv},
eprint = {2310.12289},
timestamp = {Fri, 27 Oct 2023 12:21:19 +0200},
biburl = {https://dblp.org/rec/journals/corr/abs-2310-12289.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
Recent years have experienced sustained focus in research on software defect prediction that aims to predict the likelihood of software defects. Moreover, with the increased interest in continuous deployment, a variant of software defect prediction called Just-in-Time Software Defect Prediction (JIT-SDP) focuses on predicting whether each incremental software change is defective. JIT-SDP is unique in that it consists of two interconnected data streams, one consisting of the arrivals of software changes stemming from design and implementation, and the other the (defective or clean) labels of software changes resulting from quality assurance processes.We present a systematic survey of 67 JIT-SDP studies with the objective to help researchers advance the state of the art in JIT-SDP and to help practitioners become familiar with recent progress. We summarize best practices in each phase of the JIT-SDP workflow, carry out a meta-analysis of prior studies, and suggest future research directions. Our meta-analysis of JIT-SDP studies indicates, among other findings, that the predictive performance correlates with change defect ratio, suggesting that JIT-SDP is most performant in projects that experience relatively high defect ratios. Future research directions for JIT-SDP include situating each technique into its application domain, reliability-aware JIT-SDP, and user-centered JIT-SDP.
@article{zhao2022systematic,
author = {Zhao, Yunhua and Damevski, Kostadin and Chen, Hui},
title = {A Systematic Survey of Just-in-Time Software Defect Prediction},
month = feb,
year = {2023},
issue_date = {October 2023},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {55},
number = {10},
pages = {201:1-201:35},
issn = {0360-0300},
url = {https://dl.acm.org/doi/10.1145/3567550},
doi = {10.1145/3567550},
journal = {ACM Computing Surveys},
articleno = {201},
numpages = {35},
keywords = {software change metrics, release software defect prediction, machine learning, searching-based algorithms, Software defect prediction, just-in-time software defect prediction, change defect density, change-level software defect prediction}
}
@article{zhao2022systematicsuppl,
author = {Zhao, Yunhua and Damevski, Kostadin and Chen, Hui},
title = {Supplementary Material for:
A Systematic Survey of Just-in-time Software Defect
Prediction},
year = {2023},
issue_date = {October 2023},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {55},
number = {10},
pages = {201:1-201:25},
issn = {0360-0300},
url = {https://dl.acm.org/action/downloadSupplement?doi=10.1145%2F3567550&file=3567550-supp.pdf},
note = {Online only: \url{https://dl.acm.org/action/downloadSupplement?doi=10.1145%2F3567550&file=3567550-supp.pdf}},
journal = {ACM Computing Surveys},
month = feb,
numpages = {25}
}
The primary objective is to automatically identify risk of software vulnerabilities and the types of software vulnerabilities.
@article{uq2024,
title = {Improving Data Curation of Software Vulnerability Patches through Uncertainty Quantification},
author = {Chen, Hui and Zhao, Yunhua and Damevski, Kostadin},
year = {2024},
journal = {CoRR},
volume = {abs/2411.11659},
url = {https://arxiv.org/abs/2411.11659},
doi = {10.48550/arXiv.2411.11659},
eprinttype = {arXiv},
eprint = {2411.11659}
}
The primary objective is to develop systems that can automatically identify possibility of network-based Internet censorship.
Internet censorship is a phenomenon of societal importance and attracts investigation from multiple disciplines. Several research groups, such as Censored Planet, have deployed large scale Internet measurement platforms to collect network reachability data. However, existing studies generally rely on manually designed rules (i.e., using censorship fingerprints) to detect network-based Internet censorship from the data. While this rule-based approach yields a high true positive detection rate, it suffers from several challenges: it requires human expertise, is laborious, and cannot detect any censorship not captured by the rules. Seeking to overcome these challenges, we design and evaluate a classification model based on latent feature representation learning and an image-based classification model to detect network-based Internet censorship. To infer latent feature representations from network reachability data, we propose a sequence-to-sequence autoencoder to capture the structure and the order of data elements in the data. To estimate the probability of censorship events from the inferred latent features, we rely on a densely connected multi-layer neural network model. Our image-based classification model encodes a network reachability data record as a gray-scale image and classifies the image as censored or not using a dense convolutional neural network. We compare and evaluate both approaches using data sets from Censored Planet via a hold-out evaluation. Both classification models are capable of detecting network-based Internet censorship as we were able to identify instances of censorship not detected by the known fingerprints. Latent feature representations likely encode more nuances in the data since the latent feature learning approach discovers a greater quantity, and a more diverse set, of new censorship instances.
@article{duncan2022detecting,
title = {Detecting network-based internet censorship via latent feature representation learning},
journal = {Computers \& Security},
volume = {128},
number = {103138},
pages = {103138:1-103138:13},
numpages = {13},
year = {2023},
issn = {0167-4048},
doi = {https://doi.org/10.1016/j.cose.2023.103138},
url = {https://www.sciencedirect.com/science/article/pii/S0167404823000482},
author = {Duncan, Shawn P. and Chen, Hui},
keywords = {Internet censorship, Internet censorship detection, Network-based internet censorship detection, Deep neural network, Feature representation learning}
}
This is to design networked sensor systems and applications, such as for agriculture and environment protection.
Soils are a complex ecosystem that provides critical services, such as growing food, supplying antibiotics, filtering wastes, and maintaining biodiversity; hence monitoring soil health and domestication is required for sustainable human development. Low-cost and high-resolution soil monitoring systems are challenging to design and build. Compounded by the sheer size of the monitoring area of interest and the variety of biological, chemical, and physical parameters to monitor, naive approaches to adding or scheduling more sensors will suffer from cost and scalability problems. We investigate a multi-robot sensing system integrated with an active learning-based predictive modeling technique. Taking advantage of advances in machine learning, the predictive model allows us to interpolate and predict soil attributes of interest from the data collected by sensors and soil surveys. The system provides high-resolution prediction when the modeling output is calibrated with static land-based sensors. The active learning modeling technique allows our system to be adaptive in data collection strategy for time-varying data fields, utilizing aerial and land robots for new sensor data. We evaluated our approach using numerical experiments with a soil dataset focusing on heavy metal concentration in a flooded area. The experimental results demonstrate that our algorithms can reduce sensor deployment costs via optimized sensing locations and paths while providing high-fidelity data prediction and interpolation. More importantly, the results verify the adapting behavior of the system to the spatial and temporal variations of soil conditions.
@article{s23052365,
author = {Chen, Hui and Wang, Ju},
title = {Active Learning for Efficient Soil Monitoring in Large Terrain with Heterogeneous Sensor Network},
journal = {Sensors},
volume = {23},
year = {2023},
number = {5},
pages = {2365:1-2365:25},
numpages = {25},
article-number = {2365},
url = {https://www.mdpi.com/1424-8220/23/5/2365},
issn = {1424-8220},
doi = {10.3390/s23052365}
}
@article{Wang201575,
title = {Sensor data modeling and validating for wireless soil sensor network },
journal = {Computers and Electronics in Agriculture },
volume = {112},
number = {0},
pages = {75 - 82},
month = mar,
year = {2015},
note = {Special Issue in Precision Agriculture },
issn = {0168-1699},
doi = {http://dx.doi.org/10.1016/j.compag.2014.12.016},
url = {http://www.sciencedirect.com/science/article/pii/S0168169914003263},
author = {Wang, Ju and Damevski, Kostadin and Chen, Hui},
keywords = {High-tunnel greenhouse }
}
The object is to improve computing education in software security, software engineering, programming, and a few related areas.
This research paper describes a study of using real-world vulnerabilities to motivate computer science students to- wards learning secure programming. Given the rise in cybersecurity incidents due to programming errors, there is a pressing need to improve programmers’ secure programming skills. Despite educators’ numerous efforts towards this goal, communicating the importance of this training to students remains a challenge. Grounding on the theory of intrinsic motivation, we propose that exposing students to authentic, relatable vulnerabilities can significantly enhance their learning orientation towards secure programming. Our approach involves selecting vulnerabilities from the National Vulnerability Database that are both relatable to students and understandable without extensive external context. These vulnerabilities are transformed into comprehensive course modules, each featuring a demonstrative video, source code snippets of the vulnerability and its patch, and associated developer communications about the vulnerability. We assess the impact of one of our course modules on students’ learning disposition through a study conducted in two universities in an identical setting. The study results indicate that students appreciate seeing real-world vulnerabilities in detail, especially the video we recorded reproducing the vulnerability, and that they gain in self-efficacy after completing the module.
@inproceedings{fie2024,
author = {Daniels, Denise and Lee, Joon Suk and Chen, Hui and Damevski, Kostadin},
title = {Utilizing Real-World Software Vulnerabilities to Enhance Secure Programming Education},
booktitle = {2024 IEEE Frontiers in Education Conference (FIE)},
volume = {},
number = {},
pages = {DLCD:1--DLCD:8},
year = {2024},
organization = {IEEE},
keywords = {Training;Surveys;Databases;Grounding;Source coding;Pressing;Software;Computer security;Programming profession;5.b.vii. Computer science;8.c. Computing skills;8.u. Student perception;12.d.iii. Mixed methods research},
preprint = {preprint/fie2024vul.pdf},
doi = {10.1109/FIE61694.2024.10893584}
}
@inproceedings{Chen_2019_UAP_3304221_3319731,
author = {Chen, Hui and Ciborowska, Agnieszka and Damevski, Kostadin},
title = {Using Automated Prompts for Student Reflection on Computer Security Concepts},
booktitle = {Proceedings of the 2019 ACM Conference on Innovation and Technology in Computer Science Education},
series = {ITiCSE '19},
year = {2019},
isbn = {978-1-4503-6301-3},
location = {Aberdeen, Scotland Uk},
pages = {506--512},
numpages = {7},
url = {http://doi.acm.org/10.1145/3304221.3319731},
doi = {10.1145/3304221.3319731},
acmid = {3319731},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {automated reflection, reflection, reflection prompt}
}
The primary objective is to provide usage contexts for software faults manifested as software exceptions. The modelling tools are unsupervised probabilistic graphical models. The datasets of interest are the combination of interaction traces and software crash reports. The output of the models includes a tree or a hierarchy of usage contexts and the probabilistic association of software exceptions to the tree of contexts, which contributes to a debugging methodology called “debugging in the large”, a postmortem analysis of large amount of usage data to recognize patterns of bugs.
Traces of user interactions with a software system, captured in production, are commonly used as an input source for user experience testing. In this paper, we present an alternative use, introducing a novel approach of modeling user interaction traces enriched with another type of data gathered in production—software fault reports consisting of software exceptions and stack traces. The model described in this paper aims to improve developers’ comprehension of the circumstances surrounding a specific software exception and can highlight specific user behaviors that lead to a high frequency of software faults. Modeling the combination of interaction traces and software crash reports to form an interpretable and useful model is challenging due to the complexity and variance in the combined data source. Therefore, we propose a probabilistic unsupervised learning approach, adapting the nested hierarchical Dirichlet process, which is a Bayesian non-parametric hierarchical topic model originally applied to natural language data. This model infers a tree of topics, each of whom describes a set of commonly co-occurring commands and exceptions. The topic tree can be interpreted hierarchically to aid in categorizing the numerous types of exceptions and interactions. We apply the proposed approach to large scale datasets collected from the ABB RobotStudio software application, and evaluate it both numerically and with a small survey of the RobotStudio developers.
@article{chen2019modeling,
author = {Chen, Hui and Damevski, Kostadin and Shepherd, David and Kraft, Nicholas A.},
title = {Modeling hierarchical usage context for software exceptions based on interaction data},
journal = {Automated Software Engineering},
year = {2019},
month = aug,
day = {13},
issn = {1573-7535},
doi = {10.1007/s10515-019-00265-3},
url = {https://doi.org/10.1007/s10515-019-00265-3}
}
The growing crow-sourced online software development documentation and the advancement in Web searches have changed how we learn to develop software. How do we preserve this valuable software documentation? How do we integrate the documentation with our day-to-day software development process, tools, and ecosystem? How do we use the knowledge in the documentation to build better software, system and networks? The primary objective is to retrieve knowledge from the crowd-sourced informational software documentation and to use the knowledge to help improve software development tools and ecosystems.
Developers rely on online Q&A forums to look up technical solutions, to pose questions on implementation problems, and to enhance their community profile by contributing answers. Many popular developer communication platforms, such as the Stack Overflow Q&A forum, require threads of discussion to be tagged by their contributors for easier lookup in both asking and answering questions. In this paper, we propose to leverage Stack Overflow’s tags to create a hierarchical organization of concepts discussed on this platform. The resulting concept hierarchy couples tags with a model of their relevancy to prospective questions and answers. For this purpose, we configure and apply a supervised multi-label hierarchical topic model to Stack Overflow questions and demonstrate the quality of the model in several ways: by identifying tag synonyms, by tagging previously unseen Stack Overflow posts, and by exploring how the hierarchy could aid exploratory searches of the corpus. The results suggest that when traversing the inferred hierarchical concept model of Stack Overflow the questions become more specific as one explores down the hierarchy and more diverse as one jumps to different branches. The results also indicate that the model is an improvement over the baseline for the detection of tag synonyms and that the model could enhance existing ensemble methods for suggesting tags for new questions. The paper indicates that the concept hierarchy as a modeling imperative can create a useful representation of the Stack Overflow corpus. This hierarchy can be in turn integrated into development tools which rely on information retrieval and natural language processing, and thereby help developers more efficiently navigate crowd-sourced online documentation.
@article{CHEN2019283,
title = {Modeling stack overflow tags and topics as a hierarchy of concepts},
journal = {Journal of Systems and Software},
volume = {156},
pages = {283 - 299},
year = {2019},
issn = {0164-1212},
doi = {https://doi.org/10.1016/j.jss.2019.07.033},
url = {http://www.sciencedirect.com/science/article/pii/S0164121219301499},
author = {Chen, Hui and Coogle, John and Damevski, Kostadin},
keywords = {Concept hierarchy, Hierarchical topic model, Stack overflow, Tag synonym identification, Tag prediction, Entropy-based search evaluation}
}
The primary objective is integrate developer activity modeling into recommendation systems for software developers. Software development is a complex cognitive task. We can reduce software developers’ cognitive load by providing effective tools. These tools should be capable of recognizing developers’ activities and thereby make recommendations, such as, best IDE commands or plugins to choose from and situated learning of best practices.
@inproceedings{Chen2019UAP_3304221_3319731,
author = {Chen, Hui and Ciborowska, Agnieszka and Damevski, Kostadin},
title = {Using Automated Prompts for Student Reflection on Computer Security Concepts},
booktitle = {Proceedings of the 2019 ACM Conference on Innovation and Technology in Computer Science Education},
series = {ITiCSE '19},
year = {2019},
isbn = {978-1-4503-6301-3},
location = {Aberdeen, Scotland Uk},
pages = {506--512},
numpages = {7},
url = {http://doi.acm.org/10.1145/3304221.3319731},
doi = {10.1145/3304221.3319731},
acmid = {3319731},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {automated reflection, reflection, reflection prompt}
}
@article{DAMEVSKI_8024001,
author = {Damevski, Kostadin and Chen, Hui and Shepherd, David C. and Kraft, Nicholas A. and Pollock, Lori},
journal = {IEEE Transactions on Software Engineering},
title = {Predicting Future Developer Behavior in the IDE Using Topic Models},
year = {2018},
volume = {44},
number = {11},
pages = {1100-1111},
keywords = {program debugging;recommender systems;software engineering;future developer behavior;early software command recommender systems;negative user reaction;unusually complex applications;command recommendations;recommendation generation;user experience;command recommenders;future task context;debug OR;future development commands;software development interaction data;predicting future IDE commands;empirically-interpretable observations;Natural languages;Data models;Analytical models;Predictive models;Visualization;Adaptation models;Data analysis;Command recommendation systems;IDE interaction data},
doi = {10.1109/TSE.2017.2748134},
url = {https://dx.doi.org/10.1109/TSE.2017.2748134},
issn = {0098-5589},
month = nov
}
@inproceedings{Damevski_2016_IED_2901739_2901741,
author = {Damevski, Kostadin and Chen, Hui and Shepherd, David and Pollock, Lori},
title = {Interactive Exploration of Developer Interaction Traces Using a
Hidden Markov Model},
booktitle = {Proceedings of the 13th International Workshop on Mining
Software Repositories},
series = {MSR '16},
year = {2016},
isbn = {978-1-4503-4186-8},
location = {Austin, Texas},
pages = {126--136},
numpages = {11},
url = {http://doi.acm.org/10.1145/2901739.2901741},
doi = {10.1145/2901739.2901741},
acmid = {2901741},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {IDE usage data, field studies, hidden-markov model}
}
Preventative countermeasures and accountability are two complementary approaches to address computer security. Preventative countermeasures have been the primary approach in practice and in research. Real-world experiences from dealing with security indicate that accountability is not only complement to preventative countermeasures, but also necessary, in particular, when online privacy becomes a growing concern to individuals and societies at the advent of sophisticated cross-site referencing tools and algorithms. The primary object is thus to build accountable systems and networks to address real-word computer security.
@article{8813093,
author = {Xiao, Yang and Zeng, Lei and Chen, Hui and Li, Tieshan},
journal = {IEEE Access},
title = {Prototyping Flow-net Logging for Accountability Management in Linux Operating Systems for IoTs},
year = {2019},
volume = {},
number = {},
pages = {1-1},
keywords = {Linux;Access control;Kernel;Internet of Things;Computer security;Computer Security;Accountability;Logging;Auditing;Flow-net;IoT},
doi = {10.1109/ACCESS.2019.2937637},
issn = {2169-3536},
month = {}
}
@article{FU2018167,
title = {{FNF}: Flow-net based fingerprinting and its applications},
journal = {Computers \& Security},
volume = {75},
pages = {167 - 181},
month = jun,
year = {2018},
issn = {0167-4048},
doi = {https://doi.org/10.1016/j.cose.2018.02.005},
url = {http://www.sciencedirect.com/science/article/pii/S0167404818300877},
author = {Fu, Bo and Xiao, Yang and Chen, Hui},
keywords = {Flow-net, Logging, Fingerprint, Intrusion detection, Computer networks, Computer systems}
}
@article{zeng2017accountable,
author = {Zeng, Lei and Chen, Hui and Xiao, Yang},
title = {Accountable Administration in Operating Systems},
journal = {International Journal of Information and Computer Security},
year = {2017},
volume = {9},
no = {3},
pages = {157--179},
doi = {10.1504/IJICS.2017.10005900},
url = {https://dx.doi.org/10.1504/IJICS.2017.10005900},
publisher = {Indersciene}
}
@article{ZENG_SEC1677,
author = {Zeng, Lei and Xiao, Yang and Chen, Hui and Sun, Bo and Han, Wenlin},
title = {Computer operating system logging and security issues: a survey},
journal = {Security and Communication Networks},
volume = {9},
number = {17},
issn = {1939-0122},
url = {https://dx.doi.org/10.1002/sec.1677},
doi = {10.1002/sec.1677},
pages = {4804--4821},
keywords = {logging, operating system, Linux, Unix, security},
year = {2016}
}
@article{ZENG_SEC1277,
author = {Zeng, Lei and Xiao, Yang and Chen, Hui},
title = {Auditing overhead, auditing adaptation, and benchmark evaluation in {Linux}},
journal = {Security and Communication Networks},
volume = {8},
number = {18},
issn = {1939-0122},
url = {https://dx.doi.org/10.1002/sec.1277},
doi = {10.1002/sec.1277},
pages = {3523--3534},
keywords = {logging, overhead, Linux, auditing},
year = {2015}
}
@article{Xiaozf2014,
title = {An Accountable Framework for Sensing-oriented Mobile Cloud Computing},
author = {Xiao, Zhifeng and Xiao, Yang and Chen, Hui},
journal = {Journal of Internet technology},
volume = {15},
number = {5},
pages = {813 - 822},
month = sep,
year = {2014},
url = {https://dx.doi.org/10.6138\%2fJIT.2014.15.5.11}
}
The MASS Lab has been supported by
NSF
PSC-CUNY