• 期刊
• OpenAccess

An Educational Card Game Approach to Motivating the Learning of Software Engineering

With the rapid expansion of the software sector in recent decades, companies' standards for new employees become more stringent as well. Specifically, they are often unsatisfied with the insufficient competence of students in handling complex assignments in the software development process. To address these issues as well as to help students become acquainted with the actual development process in software engineering, we developed a card game that simulates concepts, roles, and tasks of the actual scenarios for software engineering education. To test the effectiveness of the game, we experimented with two groups of 42 students and measure the results using a post-test and a post-questionnaire. Experimental results show that our approach increased students' learning motivation and help students better understand knowledge in software engineering lessons. These potential results make a call for the use of game-based learning in software engineering education to increase students' learning engagement and outcomes.

• 期刊
• OpenAccess

The Evaluation of Aspect-Based Refactoring Method With Design Patterns Through GQM

Aspect-oriented programming (AOP) provides better flexibility and maintainability of a system by separating the cross-cutting concerns from the system and weaving them in at a later stage. However, the actual benefit of adopting AOP is hard to evaluate. Therefore, how to effectively assess the quality of applying aspect-related techniques become an issue that needs further attention. Our previous research, called ABRIDP, proposed to deal with the problem when developers overlook some quality requirements, such as flexibility and scalability, by weaving design patterns into source code through aspects at the implementation stage. In this paper, as a continuation of our previous work, we propose using GQM (goal, question, and metric) to evaluate the improvement that applies ABRIDP to software systems. That is, to evaluate the system with appropriate metrics that positively answer the questions originating from the goal that indicates the system can benefit from applying ABRIDP. To better evaluate the system quality after refactoring, we further normalize the result and estimate the weight of each metric with fuzzy theory and AHP (analytic hierarchy process). Finally, we experiment with the proposed method from three quality perspectives (scalability, flexibility, and readability) to evaluate the improvement after applying ABRIDP.

• 期刊
• OpenAccess

Fuzz Testing Process Visualization

The conventional fuzz testing process consists of an input mutation, an execution to test the program, monitoring, and information collection to discover bugs and security vulnerabilities. However, practical programs have more features and complex logic, and legacy mutation strategies cannot reach a deeper path to find potential bugs. A solution to this problem is to analyze the input seeds and employ test harnesses for the testing flows. This study proposes an interactive visualization tool called FuzzInspector for fuzz testing. We implemented a visualizer mode on AFL++ to generate test data for a binary analysis tool (Qiling framework and Radare2). We then visualized the controlflow graph and execution path information. This method does not require the source code and reduces the performance overhead. We also implemented an interactive user interface for the user to set the breakpoint, seed, register, and memory address and send the request to the Qiling framework for dynamic analysis. Moreover, the seed constraint can assist the fuzzer in generating a formatted seed for exploring a specific execution path. We evaluated the search time using a known approach to common vulnerabilities and exposures (CVE) and found that the search for bugs with constraints is 15 to 20 times faster than that without constraints. Moreover, we introduced a dynamic analysis feature to find controllable data and assist the exploit development process.

• 期刊
• OpenAccess

An Efficient Autoscaling Cross-Browser Testing Cloud Platform based on Selenium Grid, Kubernetes and KEDA

Cross-browser testing not only is one of the most common non-functional testing methods in the field of software testing, but also the testing method that requires large amounts of resources, in terms of hardware and time. Basically, based on Selenium Grid, Kubernetes and KEDA auto-scaler, a cross-browser testing platform can be quickly built. However, through our empirical study of this style of platform, we observed three significant problems in terms of its reliability and efficiency: the Health-Check problem, the Session- Queue problem, and the Cooldown problem. This paper suggests solutions to these problems. The experimental result shows a 2.27 times improvement in reliability and a decrease in execution time for 61.5%. Moreover, the overall execution time is also 54.2% less comparing with Selenium's Dynamic Grid.

• 期刊
• OpenAccess

Syndrome Differentiation for Deficiency Syndromes in Traditional Chinese Medicine Based on Fuzzy Sets

A disease in traditional Chinese medicine is defined as a sequence of syndromes. The diagnosis of syndromes in traditional Chinese medicine is called syndrome differentiation. The construction of a syndrome differentiation system directly from clinical medical records using machine learning is still infeasible due to the lack of standardization of symptoms and syndromes in current clinical medical records. This article proposes a sophisticated approach to developing a syndrome differentiation system for 18 deficiency syndromes according to the knowledge of textbooks. This approach defines the syndrome differentiation problem as a membership problem of fuzzy sets. This approach designs a number of membership functions for fuzzy sets of syndromes based on a symptom grouping scheme and a symptom weighing scheme. Symptoms are grouped according to syndrome location, cause, and mechanism in the symptom grouping scheme. The symptom weighing scheme assigns exponentially decreasing weights to symptoms in each symptom group. An experimental evaluation based on a benchmark of 50 case reports shows that the proposed membership functions are very practical based on three differentiation metrics. This syndrome differentiation system can produce clinical medical records with standard symptoms and syndromes. In the future, these standard clinical medical records can be utilized to construct syndrome differentiation systems using machine learning.

• 期刊
• OpenAccess

Design and Implement an Intelligent System for Stock Investment Decision Making

A machine learning (ML) based software for stock investment decision making is designed and implemented to explore problems of developing the financial software with intelligent capabilities. Two main issues are discussed in this paper: how to integrate the process of software development and ML module development; how to integrate the ML modules into the software. A utility optimization problem is proposed to formulate software design considerations. In the prototype system, three modules are implemented to facilitate the investment decision making process: a fundamental analysis module; a stock chip analysis module; and a technical analysis module. Those modules let the user to sieve candidate stocks for investment and help the user to judge whether or not it's a good timing to invest. For making better user experience, we implement a user interface in a social communication software.

• 期刊
• OpenAccess

Microservices-based DevSecOps Platform using Pipeline and Open Source Software

Continuous integration and continuous deployment (CI/CD) are best practices for automating the software development process. People leverage them to ensure rapid iteration and delivery of product development. The rapid lifecycle makes traditional security management vulnerable to its lack of agility, exposing the urgent need to put security into DevOps processes. Development, security, and operation, quoted as DevSec Ops, advocates shift-left security, promotes people to implant security best practices into all DevOps stages, and builds continuous security analysis, testing, and management with automation. Based on CI/CD, this study defines continuous security practices and applies application security processes on a DevSecOps pipeline to implement shift-left security. The CodeHawk platform, based on the proposed secure pipeline and open source software, is developed to free the development team from testing manually, enable them to focus on development, gain the corresponding security assurance, and lower the operating costs. Experiments show that our DevSecOps pipeline design significantly improves the efficiency of the DevSecOps process.

• 期刊
• OpenAccess

A Feedback-Directed Approach to Crawl Android Apps for Increasing Code Coverage

To automate GUI testing for Android apps, a popular technique is to use a GUI crawler to systematically explore the GUIs of the apps while detecting possible app crashes. However, during GUI exploration, the crawler may get stuck and crawl some GUI states repeatedly, resulting in no increase in code coverage. This can significantly affect the efficiency of the GUI crawler and thus the effectiveness of app crash detection. To relieve this problem, this paper proposes a feedback-directed approach to guide the behavior of the crawler. Specifically, the approach can assess whether the GUI crawler gets trapped based on the feedback from the crawling results, and dynamically adjust the priority of GUI states to visit in order to guide the crawler to improve code coverage. Particularly, to update the priority of GUI states, two feedback-directed strategies, CoverageDirectedStrategy and StateDirectedStrategy, are presented to lead the crawler to exercise more code or explore more GUI states, respectively. To evaluate the proposed approach, we have extended our earlier Android crawler called ACE to support the approach and strategies. The experimental results show that both feedback-directed strategies can effectively detect whether ACE is trapped and guide ACE out of the traps, thereby improving code coverage.

• 期刊
• OpenAccess

Volume Manipulations for Assisting Joint Surgery Diagnoses and Simulations

Volume visualization has widely used to assist medical diagnoses but still not to provide accurate joint pathology diagnoses, because CT or MR slices are usually not taken at the critical position inducing joint morphological pathology. This study proposes a volume manipulation method that segments and reconstructs anatomic structures of a joint and uploads their surface vertices to GPU, respectively. The vertices recorded in GPU are used to multiply with the same matrix for structure reposition, and different matrices for structure deformation manipulations. Real-time visual responses are achieved because time-consuming surface reconstruction and reloading the vertices to GPU are not required. Experimental results shows the surgeons can reposition related structures of a joint to their respective critical positions for accurate diagnoses about the joint morphology pathology, and simulate surgical procedures to confirm if the planned surgery can correct the pathology through the proposed system based on the developed method.

• 期刊
• OpenAccess

Privacy Risk Estimation of Online Social Networks

With the growing risk of privacy breaches in online social networks, privacy protection has become a key issue. To increase users' privacy awareness and protect their data, there is a need for a simple and effective method of quantifying privacy risk. A user with a higher privacy risk score is more likely to face a serious privacy breach. In this paper, we propose an effective and reasonable privacy risk scoring method. Our method takes into account the granularity of the shared profile items, combines sensitivity and visibility, and generates a privacy risk score for each user. The calculation of sensitivity and visibility are conducted over a response matrix(R) where each element r_(i j) indicates the privacy settings level by user i related to profile item j, and uses improved inverse document frequency (IDF) method to calculate the sensitivity values. Most existing work does not consider profile item granularity. In our study, we define the amount of data shared by users as bytes, classify different granularity levels by one-dimensional clustering, and finally obtain the granularity values using the sigmoid function. With the privacy risk score, users can acquire a more intuitive awareness of their privacy status and then defend it by altering privacy settings or lowering the granularity of shared data. In addition, our experiments analyzing real-world and synthetic datasets demonstrate that our method is capable of effectively assessing user privacy risks in online social networks.