Speaker: João Rafael Henriques

Date: 14th of February, 2024

Time: 4:00pm

Place: Room G4.1

Presentation title: "Automated Software Vulnerability Collection for a Database with Static Information"

Short bio:

My name is João Rafael Henriques, and I am a master's student in the Computer Engineering course in the Software Engineering field. I finished my degree last year, the same year I started working in the area of vulnerabilities. Since then, I have been working on automating processes with the aim of maintaining an updated database with important information about vulnerabilities, allowing the obtained dataset to be useful for researchers and developers in the area.

Abstract:

Software vulnerabilities are present in most software applications. They leave the applications prone to attacks, which can cause severe consequences e.g., damage to the operation, and unauthorized access), leading to legal and financial implications. There are techniques to detect such vulnerabilities, but they suffer from the same issues: reporting items that are not actual vulnerabilities or not detecting all of them. There are datasets to support the development of new vulnerability detection techniques. Nevertheless, their data are usually frozen and must be frequently updated with the newly disclosed vulnerabilities.

Hence, we propose an automated solution to mine vulnerability and code repositories. An up-to-date database can support studies reflecting the most recent vulnerabilities and threats. To do that, we use a known vulnerability database with static information about open-source C/C++ projects (Linux Kernel, Mozilla, Xen, Apache httpd, and Glibc). Results show that the field responsible for identifying the project has more changes in the vulnerabilities from the database. Additional 3,882 vulnerabilities have been collected since the release of the database.

__________________________________________________________________

Speaker: Rodrigo Machado

Date: 14th of February, 2024

Time: 4:00pm

Place: Room G4.1

Presentation title: "Adversarial Techniques for the Evaluation And Improvement of Intrusion Detection Systems"

Short bio:

Rodrigo Machado received a Bachelor's degree in Informatics Engineering in 2022 at the University of Coimbra. He now pursues a Master's degree on the Intelligent Systems path. In his first year, and under advisory of Prof. João Campos, he researched how autocorrelation in sequential data might be leveraged for predicting system failures using Machine Learning.
Now in his second-year, he is writing his dissertation under supervision of Prof. João Campos.

Abstract:

Recent research into Anomaly-based Intrusion Detection Systems lead to the proposal of Machine Learning as a viable classification method in these systems, with some works delivering promising results.
However, given the hostile environment where these systems operate, adversaries can aim to attack and bypass these IDSs, in order to harm the underlying system.

This MSc. thesis aims to understand how sensitive the proposed classifiers are to Adversarial Machine Learning techniques, which an attacker could leverage to bypass a classifier trained in this task.