14th of February at 16h00, João Rafael Henriques and Rodrigo Machado will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1
João Rafael Henriques – “Automated Software Vulnerability Collection for a Database with Static Information”
Bio
My name is João Rafael Henriques and I am a master’s student in the Computer Engineering course in the Software Engineering field. I finished my degree last year, the same year I started working in the area of vulnerabilities. Since then I have been working on automating processes with the aim of maintaining an updated database with important information about vulnerabilities, allowing the obtained dataset to be useful for researchers and developers in the area.
Abstract
Software vulnerabilities are present in most software applications. They leave the applications prone to attacks, which can cause severe consequences e.g., damage to the operation, and unauthorized access), leading to legal and financial implications. There are techniques to detect such vulnerabilities, but they suffer from the same issues: reporting items that are not actual vulnerabilities or not detecting all of them. There are datasets to support the development of new vulnerability detection techniques. Nevertheless, their data are usually frozen and must be frequently updated with the newly disclosed vulnerabilities.
Hence, we propose an automated solution to mine vulnerability and code repositories. An up-to-date database can support studies reflecting the most recent vulnerabilities and threats. To do that, we use a known vulnerability database with static information about open-source C/C++ projects (Linux Kernel, Mozilla, Xen, Apache httpd, and Glibc). Results show that the field responsible for identifying the project has more changes in the vulnerabilities from the database. Additional 3,882 vulnerabilities have been collected since the release of the database.
Rodrigo Machado – “Adversarial Techniques for the Evaluation And Improvement of Intrusion Detection Systems”
Bio
Rodrigo Machado received a Bachelor’s degree in Informatics Engineering in 2022 at the University of Coimbra. He now pursues a Master’s degree on the Intelligent Systems path. In his first year, and under advisory of Prof. João Campos, he researched how autocorrelation in sequential data might be leveraged for predicting system failures using Machine Learning.Now in his second-year, he is writing his dissertation under supervision of Prof. João Campos.
Abstract
Recent research into Anomaly-based Intrusion Detection Systems lead to the proposal of Machine Learning as a viable classification method in these systems, with some works delivering promising results.However, given the hostile environment where these systems operate, adversaries can aim to attack and bypass these IDSs, in order to harm the underlying system.This MSc. thesis aims to understand how sensitive the proposed classifiers are to Adversarial Machine Learning techniques, which an attacker could leverage to bypass a classifier trained in this task.
