Research Cluster at CREST
Software Security Intelligence

Software Security Intelligence Research Cluster

Empowering Developers to Deliver Secure Software.


According to a recent report, organisations witnessed over 20k newly reported vulnerabilities in 2021 alone. Also, in the last 2 years, more than 60% of the security breaches are due to unpatched vulnerabilities, suggesting that developers of such systems were not aware of the ever-increasing vulnerabilities to fix them in time.

The vision of the Software Security Intelligence (SSI) cluster is to have an all-in-one smart security intelligence platform that gives early warnings and up-to-date information about the latest security vulnerabilities in software systems as well as provides in-time support to mitigate those vulnerabilities for both expert and non-expert users.

To achieve that vision, our research focuses on developing automated techniques to gather, detect, assess and mitigate security vulnerabilities using state-of-the-art Artificial Intelligence enabled technologies like Machine Learning, Deep Learning and Natural Language Processing. All of these developed techniques will be integrated into our unified platform to provide all-in-one security solutions for tackling vulnerabilities.

Such a platform will enhance the cybersecurity for both Australian and worldwide organisations in various industries such as business, defense, mining and space that are using open-source software or developing in-house systems, which in turn reduces the security risks for millions of users using these systems.


Areas for our groundbreaking research.

Just-in-time Software Vulnerability Detection and Assessment


Data Quality for Software Vulnerability Intelligence


Large-Scale Automatic Security Knowledge Retrieval and Analysis


Automated Security Configuration and Compliance of Containerized Infrastructure


Adversarial Machine Learning against ML-based Phishing Detectors



Scientific Articles and Technical Reports.

  1. An empirical study of developers’ discussions about security challenges of different programming languages. 2022. EMSE [Link] [Presentation]
  2. Noisy Label Learning for Security Defects. 2022. MSR [Link]
  3. LineVD: Statement-level Vulnerability Detection using Graph Neural Networks. 2022. MSR [Link]
  4. On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models. 2022. MSR [Link]
  5. An Investigation into Inconsistency of Software Vulnerability Severity across Data Sources. 2022. SANER [Link] [Presentation]
  6. Well Begun is Half Done: An Empirical Study of Exploitability & Impact of Base-Image Vulnerabilities. 2022. SANER [Link] [Presentation]
  7. KGSecConfig: A Knowledge Graph Based Approach for Secured Container Orchestrator Configuration. 2022. SANER [Link] [Presentation]
  8. A Large-scale Study of Security Vulnerability Support on Developer Q&A Websites. 2021. EASE [Link] [Presentation]
  9. A Survey on Data-driven Software Vulnerability Assessment and Prioritization. 2021. CSUR [Link]
  10. DeepCVA: Automated Commit-level Vulnerability Assessment with Deep Multi-task Learning. 2021. ASE [Link] [Presentation]
  11. Automated Security Assessment for the Internet of Things. 2021. Preprint [Link]
  12. ReinforceBug: A Framework to Generate Adversarial Textual Examples. 2021. NAACL [Link] [Presentation]
  13. An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing. 2021. ESEM [Link] [Presentation]
  14. Data Preparation for Software Vulnerability Prediction: A Systematic Literature Review. 2021. TSE [Link]
  15. Deep Learning for Source Code Modeling and Generation: Models, Applications and Challenges. 2020. CSUR [Link]
  16. PUMiner: Mining Security Posts from Developer Question and Answer Websites with PU Learning. 2020. MSR [Link] [Presentation]
  17. Challenges in Docker Development: A Large-scale Study Using Stack Overflow. 2020. ESEM [Link] [Presentation]
  18. An Evasion Attack against ML-based Phishing URL Detectors. 2020. Preprint [Link]
  19. Automated software vulnerability assessment with concept drift. 2019. MSR [Link]

Our Amazing Team

Researchers and Engineers who make it happen.

Prof. M. Ali Babar

CREST Director

Triet Le


Roland Croft

PhD. Student

Yongzheng (Craig) Xie

PhD. Student

Mubin Ul Haque

PhD. Student

Bushra Sabir

PhD. Student

Mehdi Kholoosi

PhD. Student

Ali Kazemi Arani

PhD. Student