Wyniki wyszukiwania - BazTech

1

Semi-automated Algorithm for Complex Test Data Generation for Interface-based Regression Testing of Software Components

Potuzak Tomas, Lipka Richard

Annals of Computer Science and Information Systems

|

2021

|

Vol. 25

501--510

EN

This paper describes in detail the Complex Object Generation (COG) algorithm, which is a semi-automated algorithm for the generation of instances of classes (i.e., objects) with a complex inner structure for Java and similar languages designed for black-box testing (i.e., without available source code). The algorithm was developed and tested as a stand-alone algorithm and can be used as such (e.g., during unit testing). However, we plan to use it to generate the parameter values of generated method invocations, which is a vital part of our interface-based regression testing of software components.

2

Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study

Macák Martin, Bojnak Stefan, Buhnova Barbora

Annals of Computer Science and Information Systems

|

2021

|

Vol. 25

349--356

EN

In our digital era, insider attacks are among the serious underresearched areas of the cybersecurity landscape. A significant type of insider attack is facilitated by employees without malicious intent. They are called unintentional perpetrators. We proposed mitigating these threats using a simulation-game platform to detect the potential attack vectors. This paper introduces and implements a scenario that demonstrates the usability of this approach in a case study. This work also helps to understand players' behavior when they are not told upfront that they will be a target of social engineering attacks. Furthermore, we provide relevant acquired observations for future research.

3

Developing Defense Strategies from Attack Probability Trees in Software Risk Assessment

Esche Marko, Grasso Toro Federico

Annals of Computer Science and Information Systems

|

2020

|

Vol. 21

527--536

EN

Since the introduction of the Measuring Instruments Directive 2014/32/EU, prototypes of measuring instruments subject to legal control in the European Union must be accompanied by a risk assessment, when being submitted for conformity assessment. Taximeters, water meters, electricity meters or fuel pumps form the basis for the economic sector usually known as Legal Metrology, where the development towards cheaper allpurpose hardware combined with more sophisticated software is imminent. Therefore, a risk assessment will always have to include software-related issues. Hitherto, publications about software risk assessment methods lack an efficient means to derive and assess suitable countermeasures for risk mitigation. To this end, attack trees are used in related research fields. In this paper, defense probability trees are derived from attack probability trees, well-suited to the requirements of software risk assessment and used to identify optimal sets of countermeasures. The infamous Meltdown vulnerability is used to highlight the experimental application of the method.

4

Standardized container virtualization approach for collecting host intrusion detection data

Röhling Martin Max, Grimmer Martin, Kreußel Dennis, Hoffmann Jörn, Franczyk Bogdan

Annals of Computer Science and Information Systems

|

2019

|

Vol. 18

459--463

EN

Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios.

5

Medical prescription classification: a NLP-based approach

Carchiolo Vincenza, Longheu Alessandro, Reitano Giuseppa, Zagarella Luca

Annals of Computer Science and Information Systems

|

2019

|

Vol. 18

605--609

EN

The digitization of healthcare data has been consolidated in the last decade as a must to manage the vast amount of data generated by healthcare organizations. Carrying out this process effectively represents an enabling resource that will improve healthcare services provision, as well as on-the-edge related applications, ranging from clinical text mining to predictive modelling, survival analysis, patient similarity, genetic data analysis and many others. The application presented in this work concerns the digitization of medical prescriptions, both to provide authorization for healthcare services or to grant reimbursement for medical expenses. The proposed system first extract text from scanned medical prescription, then Natural Language Processing and machine learning techniques provide effective classification exploiting embedded terms and categories about patient/- doctor personal data, symptoms, pathology, diagnosis and suggested treatments. A REST ful Web Service is introduced, together with results of prescription classification over a set of 800K+ of diagnostic statements.

6

Formalization of software risk assessment results in legal metrology based on ISO/IEC 18045 vulnerability analysis

Esche Marko, Salwiczek Felix, Grasso Toro Federico

Annals of Computer Science and Information Systems

|

2019

|

Vol. 18

443--447

EN

The Measuring Instruments Directive sets down essential requirements for measuring instruments subject to legal control in the EU. It dictates that a risk assessment must be performed before such instruments are put on the market. Because of the increasing importance of software in measuring instruments, a specifically tailored software risk assessment method has been previously developed and published. Related research has been done on graphical representation of threats by attack probability trees. The final stage is to formalize the method to prove its reproducibility and resilience against the complexity of future instruments. To this end, an inter-institutional comparison of the method is currently being conducted across national metrology institutes, while the weighing equipment manufacturers' association CECIP has provided a new measuring instrument concept, as a significant example of complex instruments. Based on the results of the comparison, a template to formalize the software risk assessment method is proposed here.

7

Big data platform for smart grids power consumption anomaly detection

Lipcàk Peter, Macak Martin, Rossi Bruno

Annals of Computer Science and Information Systems

|

2019

|

Vol. 18

771--780

EN

Big data processing in the Smart Grid context has many large-scale applications that require real-time data analysis (e.g., intrusion and data injection attacks detection, electric device health monitoring). In this paper, we present a big data platform for anomaly detection of power consumption data. The platform is based on an ingestion layer with data densification options, Apache Flink as part of the speed layer and HDFS/KairosDB as data storage layers. We showcase the application of the platform to a scenario of power consumption anomaly detection, benchmarking different alternative frameworks used at the speed layer level (Flink, Storm, Spark).

8

A design and experiment of automation management system for platform as a service

Tashkandi Alalaa

Annals of Computer Science and Information Systems

|

2019

|

Vol. 18

711--715

EN

Security [11] and quality [4] of cloud computing services represent significant factors that affect the adoption by consumers. Platform as a Service (PaaS) is one of cloud computing service models [14]. Management of database systems, middleware and application runtime environments is automated in PaaS [2]. PaaS automation management issues and requirements were collected in three rounds from information technology experts using Delphi technique. In this paper, PaaS automation quality and security management system is proposed and evaluated. Evaluation of the management system was based on experiment in a private cloud for an organization undergoing a transformation toward PaaS computing.