• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.967-985
• /
• 2019

Bug report processing is a key element of bug fixing in modern software maintenance. Bug reports are not processed immediately after submission and involve several processes such as bug report deduplication and bug report triage before bug fixing is initiated; however, this method of bug fixing is very inefficient because all these processes are performed manually. Software engineers have persistently highlighted the need to automate these processes, and as a result, many automation techniques have been proposed for bug report processing; however, the accuracy of the existing methods is not satisfactory. Therefore, this study focuses on surveying to improve the accuracy of existing techniques for bug report processing. Reviews of each method proposed in this study consist of a description, used techniques, experiments, and comparison results. The results of this study indicate that research in the field of bug deduplication still lacks and therefore requires numerous studies that integrate clustering and natural language processing. This study further indicates that although all studies in the field of triage are based on machine learning, results of studies on deep learning are still insufficient.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.911-917
• /
• 2021

As software gets an increasing amount of patches, lots of software bugs are increasingly caused by such software patches, collectively known as regression bugs. To proactively detect the regressions bugs, both industry and academia are actively searching for a way to augment fuzz testing, one of the most popular automatic bug detection techniques. In this paper, we investigate the status quo of the studies on augmenting fuzz testing for regression bug detection and, based on the limitations of current proposals, provide an outlook of the relevant research.

• Journal of KIISE
• /
• v.43 no.6
• /
• pp.692-699
• /
• 2016

C compilers for 8-bit MCUs used in washing machines and refrigerators often do not follow the C standard to improve runtime performance. Developers who are unaware of the difference between C compilers following the C standard and the C compilers for 8-bit MCU can cause bugs that do not appear in the standard C environment but appear in the embedded systems using 8-bit MCUs. It is difficult for bug detectors that assume the standard C environment to detect such bugs. In this paper, we introduce integer promotion bugs caused by the different integer promotion rules of the C compilers for 8-bit MCU from the C standard and propose 5 bug patterns where the integer promotion bugs occur. We have developed an integer promotion bug detection tool and applied it to the washing machine control software developed by the LG electronics. The integer promotion bug detection tool successfully detected 27 integer promotion bugs in the washing machine control software.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1013-1017
• /
• 2014

A variety of applications that are accessible through app markets provide useful features and functions. However, those applications can present many GUI bugs due to the deficiency of testing processes. Even though various approaches have been developed for mobile app testing, GUI bugs in applications are still difficult to be identified due to the absence of efficiency, lack of automation, and necessity of access to the source code. In this paper, we propose an automated black-box testing method for efficient GUI bug detection. Our experimental results show that the proposed method achieves better code coverage and uncovers GUI bugs when compared with existing black-box testing called Monkey.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.973-980
• /
• 2024

Fuzzing is an automated testing technique that generates a lot of testcases and monitors for exceptions to test a program. Recently, fuzzing research using machine learning has been actively proposed to solve various problems in the fuzzing process, but a comprehensive evaluation of fuzzing research using machine learning is lacking. In this paper, we analyze recent research that applies machine learning to scheduling techniques for fuzzing, categorizing them into reinforcement learning-based and supervised learning-based fuzzers. We evaluated the coverage performance of the analyzed machine learning-based fuzzers against real-world programs with four different file formats and bug detection performance against the LAVA-M dataset. The results showed that AFL-HIER, which applied seed clustering and seed scheduling with reinforcement learning outperformed in coverage and bug detection. In the case of supervised learning, it showed high coverage on tcpdumps with high code complexity, and its superior bug detection performance when applied to hybrid fuzzing. This research shows that performance of machine learning-based fuzzer is better when both machine learning and additional fuzzing techniques are used to optimize the fuzzing process. Future research is needed on practical and robust machine learning-based fuzzing techniques that can be effectively applied to programs that handle various input formats.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.10
• /
• pp.559-570
• /
• 2003

Automation of programming-error detection is an important part of intelligent programming language tutoring systems. In this paper, a new programming error detection approach for novice programmers is proposed by plan matching and program execution. Program execution result is used to resolve the restricted programming plan representation and to provide a confirming evidence for the plan matching differences. By checking the values of shared variable between the related plans, we can detect the cause-effect relationship between the plans. With this relationship and the test data, we can explain the program's unexpected behaviors according to the bug's cause and resulting effects.

• Journal of KIISE:Software and Applications
• /
• v.36 no.7
• /
• pp.523-530
• /
• 2009

Despite the growing need for customized operating system kernels for embedded devices, kernel development continues to suffer from insufficient reliability and high testing cost for several reasons such as the high complexity of the kernel code. To alleviate these difficulties, this study proposes the MOdel-based KERnel Testing (MOKERT) framework for detection of concurrency bugs in the kernel. MOKERT translates a given C program into a corresponding Promela model, and then tries to find a counter example with regard to a given requirement property, If found, MOKERT executes that counter example on the real kernel code to check whether the counter example is a false alarm or not, The MOKERT framework was applied to the Linux proc file system and confirmed that the bug reported in a ChangeLog actually caused a data race problem, In addition, a new data race bug in the Linux proc file system was found, which causes kernel panic.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.2 s.40
• /
• pp.351-360
• /
• 2006

Proposed security system attacks it, and detect it, and a filter generation, a business to be prompt of interception filtering dates at attack information public information. inner IPS to attack detour setting and a traffic band security, different connection security system, and be attack packet interceptions and service and port interception setting. Exchange new security rule and packet filtering for switch type implementation through dynamic reset memory by real time, and deal with a packet. The attack detection about DDoS, SQL Stammer, Bug bear, Opeserv worm etc. of the 2.5 Gbs which was an attack of a hacker consisted in network performance experiment by real time. Packet by attacks of a hacker was cut off, and ensured the normal inside and external network resources besides the packets which were normal by the results of active renewal.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.222-225
• /
• 2024

전통적 프로그래밍 언어인 C/C++는 시스템 프로그래밍 언어로 널리 사용되고 있으며, 이는 저수준 메모리 제어와 하드웨어 상호작용 등의 특성 때문이다. 하지만 C/C++가 가지고 있는 특성중 하나인 저수준 메모리 제어는 프로그래머가 직접 메모리를 관리해야한다. 다양한 메모리 버그들중에서 특히 Use-after-free버그는 오래전부터 현재까지 해결되지 않은 버그로써 존재하고 있으며, 이는 프로그래머가 수동으로 메모리를 관리함으로써 발생한다. 이 버그를 예방 및 감지하기 위한 연구가 현재까지도 활발하게 진행되고 있다. 이 버그를 차단 및 감지하는 연구들의 동향을 분석하여 앞으로의 관련 연구의 지속적인 필요성을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.949-959
• /
• 2024

Recently, as enterprises utilize the cloud and artificial intelligence, it is becoming increasingly difficult to protect exposed interfaces with existing perimeter security methods. Accordingly, zero trust-based comprehensive risk management is becoming necessary. Most enterprises use vulnerability inspection and bug bounty (security vulnerability reporting system) as basic risk management methods, but it is difficult to effectively respond to unpredictable problems such as zero-day attacks or open source vulnerabilities with these methods alone. Therefore, in this paper, we propose a risk response technique for the entire enterprise that links external OSINT (open source information) and CTI of national government agencies to detect threats through CTI (cyber threat intelligence) and collects the enterprise's own CTI. As a result of comparing the method of threat detection and blocking that collects the enterprise's own CTI by configuring a honeypot for effective threat detection and links it to the CTI of an external government agency, the proposed technique showed a 65.8% higher performance improvement in detection accuracy and verified the effect of reducing the number of attackers in the organization through this method