Research Cluster at CREST
Software Security Intelligence

Software Security Intelligence Research Cluster

Empowering Developers to Deliver Secure Software.

overview


According to a recent report, organisations witnessed over 20k newly reported vulnerabilities in 2021 alone. Also, in the last 2 years, more than 60% of the security breaches are due to unpatched vulnerabilities, suggesting that developers of such systems were not aware of the ever-increasing vulnerabilities to fix them in time.

The vision of the Software Security Intelligence (SSI) cluster is to have an all-in-one smart security intelligence platform that gives early warnings and up-to-date information about the latest security vulnerabilities in software systems as well as provides in-time support to mitigate those vulnerabilities for both expert and non-expert users.

To achieve that vision, our research focuses on developing automated techniques to gather, detect, assess and mitigate security vulnerabilities using state-of-the-art Artificial Intelligence enabled technologies like Machine Learning, Deep Learning and Natural Language Processing. All of these developed techniques will be integrated into our unified platform to provide all-in-one security solutions for tackling vulnerabilities.

Such a platform will enhance the cybersecurity for both Australian and worldwide organisations in various industries such as business, defense, mining and space that are using open-source software or developing in-house systems, which in turn reduces the security risks for millions of users using these systems.

Projects

Areas for our groundbreaking research.

Just-in-time Software Vulnerability Detection and Assessment

Application

Data Quality for Software Vulnerability Intelligence

Knowledge

Large-Scale Automatic Security Knowledge Retrieval and Analysis

Knowledge

Automated Security Configuration and Compliance of Containerized Infrastructure

Application

Adversarial Machine Learning against ML-based Phishing Detectors

Application

Publications

Scientific Articles and Technical Reports.

  1. An empirical study of developers’ discussions about security challenges of different programming languages. 2022. EMSE [Link] [Presentation]
  2. Noisy Label Learning for Security Defects. 2022. MSR [Link]
  3. LineVD: Statement-level Vulnerability Detection using Graph Neural Networks. 2022. MSR [Link]
  4. On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models. 2022. MSR [Link]
  5. An Investigation into Inconsistency of Software Vulnerability Severity across Data Sources. 2022. SANER [Link] [Presentation]
  6. Well Begun is Half Done: An Empirical Study of Exploitability & Impact of Base-Image Vulnerabilities. 2022. SANER [Link] [Presentation]
  7. KGSecConfig: A Knowledge Graph Based Approach for Secured Container Orchestrator Configuration. 2022. SANER [Link] [Presentation]
  8. A Large-scale Study of Security Vulnerability Support on Developer Q&A Websites. 2021. EASE [Link] [Presentation]
  9. A Survey on Data-driven Software Vulnerability Assessment and Prioritization. 2021. CSUR [Link]
  10. DeepCVA: Automated Commit-level Vulnerability Assessment with Deep Multi-task Learning. 2021. ASE [Link] [Presentation]
  11. Automated Security Assessment for the Internet of Things. 2021. Preprint [Link]
  12. ReinforceBug: A Framework to Generate Adversarial Textual Examples. 2021. NAACL [Link] [Presentation]
  13. An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing. 2021. ESEM [Link] [Presentation]
  14. Data Preparation for Software Vulnerability Prediction: A Systematic Literature Review. 2021. TSE [Link]
  15. Deep Learning for Source Code Modeling and Generation: Models, Applications and Challenges. 2020. CSUR [Link]
  16. PUMiner: Mining Security Posts from Developer Question and Answer Websites with PU Learning. 2020. MSR [Link] [Presentation]
  17. Challenges in Docker Development: A Large-scale Study Using Stack Overflow. 2020. ESEM [Link] [Presentation]
  18. An Evasion Attack against ML-based Phishing URL Detectors. 2020. Preprint [Link]
  19. Automated software vulnerability assessment with concept drift. 2019. MSR [Link]
-->

Our Amazing Team

Researchers and Engineers who make it happen.

Prof. M. Ali Babar

CREST Director

Triet Le

Post-Doctorate

Roland Croft

PhD. Student

Yongzheng (Craig) Xie

PhD. Student

Mubin Ul Haque

PhD. Student

Bushra Sabir

PhD. Student

Mehdi Kholoosi

PhD. Student

Ali Kazemi Arani

PhD. Student