Mohammad El-ramly - Academia.edu (original) (raw)
Papers by Mohammad El-ramly
Scientific Reports
Internet of Things (IoT) 's devices are ubiquitous and operate in a heterogonous environment ... more Internet of Things (IoT) 's devices are ubiquitous and operate in a heterogonous environment with potential security breaches. IoT Operating Systems (IoT OSs) are the backbone software for running such devices. If IoT OSs are vulnerable to security breaches, higher-level security measures may not help. This paper aims to use Machine Learning (ML) to create a tool called iDetect for detecting vulnerabilities in C/C++ source code of IoT OSs. The source code for 16 releases of IoT OSs (RIOT, Contiki, FreeRTOS, Amazon FreeRTOS) and the Software Assurance Reference Dataset (SARD) were used to create a labeled dataset of vulnerable and benign code with the reference being the Common Weakness Enumeration (CWE) vulnerabilities present in IoT OSs. Studies showed that only a subset of CWEs is present in the C/C++ source code of low-end IoT OSs.The labeled dataset was used to train three ML models for vulnerability detection: Random Forest (RF), Convolutional Neural Network (CNN), and Recu...
2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)
The presence of software vulnerabilities is a serious threat to any software project. Exploiting ... more The presence of software vulnerabilities is a serious threat to any software project. Exploiting them can compromise system availability, data integrity, and confidentiality. Unfortunately, many open source projects go for years with undetected ready-to-exploit critical vulnerabilities. In this study, we investigate the presence of software vulnerabilities in open source projects and the factors that influence this presence. We analyzed the top 100 open source PHP applications in GitHub using a static analysis vulnerability scanner to examine how common software vulnerabilities are. We also discussed which vulnerabilities are most present and what factors contribute to their presence. We found that 27% of these projects are insecure, with a median number of 3 vulnerabilities per vulnerable project. We found that the most common type is injection vulnerabilities, which made 58% of all detected vulnerabilities. Out of these, cross-site scripting (XSS) was the most common and made 43.5% of all vulnerabilities found. Statistical analysis revealed that project activities like branching, pulling, and committing have a moderate positive correlation with the number of vulnerabilities in the project. Other factors like project popularity, number of releases, and number of issues had almost no influence on the number of vulnerabilities. We recommend that open source project owners should set secure code development guidelines for their project members and establish secure code reviews as part of the project's development process.
Legacy system user-interface reengineering is an increasingly popular area in research and practi... more Legacy system user-interface reengineering is an increasingly popular area in research and practice. Many legacy user-interfaces get reengineered to reproduce them in modern graphical user-interfaces, integrate them with other systems' front-ends, or most important, open them for Web-access. Often, it is desired to reengineer the user-interface without changing the legacy system code because the system performance is satisfactory and/or due to the prohibitive cost or risk. In such cases, lightweight non-invasive reengineering methods are needed. This thesis presents a novel method for reverse engineering legacy character-based user-interfaces using traces of interaction between the legacy system and its users, as the only input. This “interaction reverse engineering” method produces a behavioral model of the legacy user-interface and discovers important usage scenarios of the legacy system services, represented by the frequent patterns of interaction with its user-interface. Then, a complementary forward engineering method uses the model and patterns to build a new task-centered front-end. Our method consists of three steps and is implemented in a prototype tool called the Legacy Navigation Domain Identifier (LeNDI). First, the system-user dialog is recorded in the form of interaction traces using a specially instrumented emulator. These traces capture the screen snapshots forwarded to the user terminal and the user keyboard actions in return. Second, LeNDI builds a behavioral state-transition model for the legacy user-interface, whose states represent the legacy user-interface screens and whose transitions represent the permissible user actions on each screen. To build the model, LeNDI extracts a vector of features for every snapshot, clusters similar snapshots together, and finally induces a classifier that can classify new snapshots to one of the existing clusters. Third, LeNDI uses one of its two novel interaction pattern mining algorithms, IPM and IPM2, to mine the interaction traces for patterns of user activity. Associated with these steps, is a process of user feedback and revision to verify the results. Our interaction reverse engineering method is code-independent and utilizes a novel easy-to-collect input, the interaction traces. Currently, it can reverse engineer block-mode data transfer protocols, e.g., IBM 3270. It is lightweight in terms of the time, cost and skills required. It supersedes the current manual labor-intensive time-consuming industrial practices. Several case studies were conducting to reverse engineer the user interaction with a number of real legacy systems, with very encouraging results.
2021 Tenth International Conference on Intelligent Computing and Information Systems (ICICIS), 2021
Android is an open source operating system for mobile devices that has become very popular in the... more Android is an open source operating system for mobile devices that has become very popular in the global market. This opens the door for various possible attacks with malicious programs, including surveillance attacks. In surveillance attacks, the target person is put under surveillance using his or her own mobile device. In this paper, we have designed a framework called NoSurv that protects the average user from surveillance attacks that could be conducted with newly installed applications by a third-party who is either trusted by the user or got a hold of the device with or without user's consensus. NoSurv is integrated with Android operating system and modifies its way of handling new installations. NoSurv analyzes the permissions required in the manifest file of the new application. If the application requests permissions that could be used for conducting a surveillance attack, NoSurv first checks the trustworthiness of the app in a local copy of a globally maintained whitelist of trusted apps that have shown not to conduct such attacks. This list is formed by crowdsourcing after the application has been installed on a pre-specified number of mobile devices that run NoSurv and have been monitored and proven to be safe. If the application is not in the list, NoSurv reserves that new application in a special zone called untrusted zone while preventing the application from obtaining dangerous permissions for a pre-specified period of time. After this period, NoSurv informs the user that s/he has a surveillance application and gives him/her the ability to move the application to a zone called trusted zone with all permissions requested or uninstall the application.
2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA), 2019
Many software projects are shipped to customers containing defects. Defective software cost money... more Many software projects are shipped to customers containing defects. Defective software cost money, time, and lives. To reduce this harm, software companies allocate testing and quality assurance budgets. The enormous sizes of modern software pose challenges to traditional testing approaches due to the need for scalability. Defect prediction models have been used to direct testing efforts to probable causes of defects in the software. Early approaches for software defect prediction relied on statistical approaches to classify software modules and decide whether each module is a defect-prone module or not. Lately, many researchers used machine learning techniques to train a model that can classify software modules to defect-prone modules and not defect-prone modules. Starting from the new millennium, neural networks and deep learning won many competitions in machine learning applications. However, the use of deep learning to build a software defect prediction model was not investigated thoroughly. In this paper, we used a deep neural network to build a software defect prediction model and compared our proposed model with other machine learning algorithms like random forests, decision trees, and naive Bayesian networks. The result shows small improvement over the other learning models in most of the comparisons. These results prove the value of using deep learning for defect prediction and open the door for more experiments.
Proceedings of the 14th international conference on Software engineering and knowledge engineering - SEKE '02, 2002
As software systems age, the requirements that motivated their original development get lost. Req... more As software systems age, the requirements that motivated their original development get lost. Requirements documentation is usually unavailable, obsolete, poor or incomplete. Recapturing these requirements is critical for software reengineering activities. In our CelLEST process we adopt a data-mining approach to this problem and attempt to discover patterns of frequent similar episodes in the sequential run-time traces of the legacy user-interface behavior. These patterns constitute operational models of the application's functional requirements, from the enduser perspective. We have developed an algorithm, IPM, for interaction-pattern discovery. This algorithm discovers patterns that meet a user-specified criterion and may have insertion errors, caused by user mistakes while using the application or by the availability of alternative scenarios for the same user task. The algorithm initially constructs a set of short patterns by exhaustively inspecting the traces and then iteratively extends them to construct larger ones, using a matrix data structure to reduce the number of pattern extensions explored, during each iteration.
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02, 2002
A key challenge facing IT organizations today is their evolution towards adopting e-business prac... more A key challenge facing IT organizations today is their evolution towards adopting e-business practices that gives rise to the need for reengineering their underlying software systems. Any reengineering effort has to be aware of the functional requirements of the subject system, in order not to violate the integrity of its intended uses. However, as software systems get regularly maintained throughout their lifecycle, the documentation of their requirements often become obsolete or get lost. To address this problem of "software requirements loss", we have developed an interaction-pattern mining method for the recovery of functional requirements as usage scenarios. Our method analyzes traces of the run-time system-user interaction to discover frequently recurring patterns; these patterns correspond to the functionality currently exercised by the system users, represented as usage scenarios. The discovered scenarios provide the basis for reengineering the software system into web-accessible components, each one supporting one of the discovered scenarios. In this paper, we describe IPM2, our interaction-pattern discovery algorithm, we illustrate it with a case study from a real application and we give an overview of the reengineering process in the context of which it is employed.
Proceedings 10th International Workshop on Program Comprehension
International Conference on Software Maintenance, 2002. Proceedings.
Abstract In the context of the CelLEST project, we have been investigating the problem of reengin... more Abstract In the context of the CelLEST project, we have been investigating the problem of reengineering and reusing the services provided by legacy applications, running on mainframe hosts. This work has resulted in a suite of methods, based on understanding and modeling the users' interaction with the legacy-application interface. These methods aim at (a) modeling the behavior of the legacy user interface as a state-transition diagram,(b) recovering specifications for the application's functions by discovering the users' tasks as ...
Sixth Working Conference on Reverse Engineering (Cat. No.PR00303)
Cyber-physical systems consist of many hardware and software components. Over the life-cycle of t... more Cyber-physical systems consist of many hardware and software components. Over the life-cycle of these systems, components are replaced or updated. To avoid integration problems, good interface descriptions are crucial for component-based development of these systems. For new components, a Domain Specific Language (DSL) called Component Modeling & Analysis (ComMA) can be used to formally define the interface of such a component in terms of its signature, state and timing behavior. Having interfaces described in a model-based approach enables the generation of artifacts, for instance, to generate a monitor that can check interface conformance of components based on a trace of observed interface interactions during execution. The benefit of having formal interface descriptions also holds for legacy system components. Interfaces of legacy components can be reverse engineered manually. In order to reduce the manual effort, we present an automated learner. The learner can reverse engineer state and timing behavior of a legacy interface by examining event traces of the component in operation. The learner will then generate a ComMA model.
Automated Software Engineering, 2003
Legacy systems constitute valuable assets to the organizations that own them, and today, there is... more Legacy systems constitute valuable assets to the organizations that own them, and today, there is an increased demand to make them accessible through the World Wide Web to support e-commerce activities. As a result, the problem of legacy-interface migration is becoming very important. In the context of the CELLEST project, we have developed a new process for migrating legacy user
Journal of Software Maintenance and Evolution: Research and Practice, 2004
The number of Web users and the diversity of their interests increase continuously; Web-content p... more The number of Web users and the diversity of their interests increase continuously; Web-content providers seek to infer these interests and to adapt their Web sites to improve accessibility of the offered content. Usage-pattern mining is a promising approach in support of this goal. Assuming that past navigation behavior is an indicator of the users' interests, then, Web-server logs can be mined to infer what the users are interested in. On that basis, the Web site may be reorganized to make the interesting content more easily accessible or recommendations can be dynamically generated to help new visitors find information of interest faster. In this paper, we discuss a case study examining the effectiveness of sequential-pattern mining for understanding the users' navigation behavior in focused Web sites. This study examines the Web site of an undergraduate course, as an example of a focused Web site that offers information intrinsically related to a process and closely reflects the workflow of this underlying process. We found that in such focused sites, indeed, visitor behavior reflects the process supported by the Web site and that sequential-pattern mining can effectively predict Web-usage behavior in these sites.
ieeexplore.ieee.org
Elliot Chikofsky, Engineering Management & Integration, USA ... Andrea De Lucia, Università di Sa... more Elliot Chikofsky, Engineering Management & Integration, USA ... Andrea De Lucia, Università di Salerno, Italy Susan Elliott Sim, University of California, Irvine, USA ... Giuliano Antoniol, University of Sannio, Italy Michael Blaha, OMT Associates, USA Liz Burd, University of Durham, UK Jonathan Cook, New Mexico State University, USA Jim Cordy, Queen's University, Canada Giuseppe Di Lucca, University of Sannio, Italy Massimiliano Di Penta, University of Sannio, Italy Stephane Ducasse, University of Berne, Switzerland Mohammad El Ramly, University of Leicester, ...
Legacy systems constitute valuable assets to the organizations that own them. However, there is a... more Legacy systems constitute valuable assets to the organizations that own them. However, there is an increased demand to make them accessible through the World-Wide-Web mostly due to e-commerce related activities, and consequently the problem of legacy-interface migration is becoming extremely important. In the context of the CELLEST project, we have developed a novel approach to legacy interface migration. Its novelty lies in that it models the system's dynamic behavior based on traces of the users interaction with the ...
Many software systems collect or can be instrumented to collect data about how users use them. Th... more Many software systems collect or can be instrumented to collect data about how users use them. The type of data collected depends on the system. Other than logging purposes, such data can be used for different purposes. For example, sequential data mining can be applied to discover interesting patterns of user activities. We developed a process for discovering a special type of sequential patterns, called interaction patterns. These are sequences of events with randomly distributed noise, in the form of spurious ...
Proceedings Eighth Working Conference on Reverse Engineering, 2001
Little attention is given to teaching the theory and practice of software evolution and change in... more Little attention is given to teaching the theory and practice of software evolution and change in software engineering curricula. Program transformation is no exception. This paper presents the author's experience in teaching program transformation as a unit in a postgraduate module on software systems reengineering. It describes the teaching context of this unit and two different offerings of it, one using Turing eXtender Language (TXL) and the other using Legacy Computer Aided Reengineering Environment (Legacy-CARE or L-CARE) from ATX Software. From this experience, it was found that selecting the suitable material (that balances theory and practice) and the right tool(s) for the level of students and depth of coverage required is a non-trivial task. It was also found that teaching using toy exercises and assignments does not convey well the practical aspects of the subject. While, teaching with real, even small size, exercises and assignments, is almost non-feasible. Finding ...
Scientific Reports
Internet of Things (IoT) 's devices are ubiquitous and operate in a heterogonous environment ... more Internet of Things (IoT) 's devices are ubiquitous and operate in a heterogonous environment with potential security breaches. IoT Operating Systems (IoT OSs) are the backbone software for running such devices. If IoT OSs are vulnerable to security breaches, higher-level security measures may not help. This paper aims to use Machine Learning (ML) to create a tool called iDetect for detecting vulnerabilities in C/C++ source code of IoT OSs. The source code for 16 releases of IoT OSs (RIOT, Contiki, FreeRTOS, Amazon FreeRTOS) and the Software Assurance Reference Dataset (SARD) were used to create a labeled dataset of vulnerable and benign code with the reference being the Common Weakness Enumeration (CWE) vulnerabilities present in IoT OSs. Studies showed that only a subset of CWEs is present in the C/C++ source code of low-end IoT OSs.The labeled dataset was used to train three ML models for vulnerability detection: Random Forest (RF), Convolutional Neural Network (CNN), and Recu...
2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)
The presence of software vulnerabilities is a serious threat to any software project. Exploiting ... more The presence of software vulnerabilities is a serious threat to any software project. Exploiting them can compromise system availability, data integrity, and confidentiality. Unfortunately, many open source projects go for years with undetected ready-to-exploit critical vulnerabilities. In this study, we investigate the presence of software vulnerabilities in open source projects and the factors that influence this presence. We analyzed the top 100 open source PHP applications in GitHub using a static analysis vulnerability scanner to examine how common software vulnerabilities are. We also discussed which vulnerabilities are most present and what factors contribute to their presence. We found that 27% of these projects are insecure, with a median number of 3 vulnerabilities per vulnerable project. We found that the most common type is injection vulnerabilities, which made 58% of all detected vulnerabilities. Out of these, cross-site scripting (XSS) was the most common and made 43.5% of all vulnerabilities found. Statistical analysis revealed that project activities like branching, pulling, and committing have a moderate positive correlation with the number of vulnerabilities in the project. Other factors like project popularity, number of releases, and number of issues had almost no influence on the number of vulnerabilities. We recommend that open source project owners should set secure code development guidelines for their project members and establish secure code reviews as part of the project's development process.
Legacy system user-interface reengineering is an increasingly popular area in research and practi... more Legacy system user-interface reengineering is an increasingly popular area in research and practice. Many legacy user-interfaces get reengineered to reproduce them in modern graphical user-interfaces, integrate them with other systems' front-ends, or most important, open them for Web-access. Often, it is desired to reengineer the user-interface without changing the legacy system code because the system performance is satisfactory and/or due to the prohibitive cost or risk. In such cases, lightweight non-invasive reengineering methods are needed. This thesis presents a novel method for reverse engineering legacy character-based user-interfaces using traces of interaction between the legacy system and its users, as the only input. This “interaction reverse engineering” method produces a behavioral model of the legacy user-interface and discovers important usage scenarios of the legacy system services, represented by the frequent patterns of interaction with its user-interface. Then, a complementary forward engineering method uses the model and patterns to build a new task-centered front-end. Our method consists of three steps and is implemented in a prototype tool called the Legacy Navigation Domain Identifier (LeNDI). First, the system-user dialog is recorded in the form of interaction traces using a specially instrumented emulator. These traces capture the screen snapshots forwarded to the user terminal and the user keyboard actions in return. Second, LeNDI builds a behavioral state-transition model for the legacy user-interface, whose states represent the legacy user-interface screens and whose transitions represent the permissible user actions on each screen. To build the model, LeNDI extracts a vector of features for every snapshot, clusters similar snapshots together, and finally induces a classifier that can classify new snapshots to one of the existing clusters. Third, LeNDI uses one of its two novel interaction pattern mining algorithms, IPM and IPM2, to mine the interaction traces for patterns of user activity. Associated with these steps, is a process of user feedback and revision to verify the results. Our interaction reverse engineering method is code-independent and utilizes a novel easy-to-collect input, the interaction traces. Currently, it can reverse engineer block-mode data transfer protocols, e.g., IBM 3270. It is lightweight in terms of the time, cost and skills required. It supersedes the current manual labor-intensive time-consuming industrial practices. Several case studies were conducting to reverse engineer the user interaction with a number of real legacy systems, with very encouraging results.
2021 Tenth International Conference on Intelligent Computing and Information Systems (ICICIS), 2021
Android is an open source operating system for mobile devices that has become very popular in the... more Android is an open source operating system for mobile devices that has become very popular in the global market. This opens the door for various possible attacks with malicious programs, including surveillance attacks. In surveillance attacks, the target person is put under surveillance using his or her own mobile device. In this paper, we have designed a framework called NoSurv that protects the average user from surveillance attacks that could be conducted with newly installed applications by a third-party who is either trusted by the user or got a hold of the device with or without user's consensus. NoSurv is integrated with Android operating system and modifies its way of handling new installations. NoSurv analyzes the permissions required in the manifest file of the new application. If the application requests permissions that could be used for conducting a surveillance attack, NoSurv first checks the trustworthiness of the app in a local copy of a globally maintained whitelist of trusted apps that have shown not to conduct such attacks. This list is formed by crowdsourcing after the application has been installed on a pre-specified number of mobile devices that run NoSurv and have been monitored and proven to be safe. If the application is not in the list, NoSurv reserves that new application in a special zone called untrusted zone while preventing the application from obtaining dangerous permissions for a pre-specified period of time. After this period, NoSurv informs the user that s/he has a surveillance application and gives him/her the ability to move the application to a zone called trusted zone with all permissions requested or uninstall the application.
2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA), 2019
Many software projects are shipped to customers containing defects. Defective software cost money... more Many software projects are shipped to customers containing defects. Defective software cost money, time, and lives. To reduce this harm, software companies allocate testing and quality assurance budgets. The enormous sizes of modern software pose challenges to traditional testing approaches due to the need for scalability. Defect prediction models have been used to direct testing efforts to probable causes of defects in the software. Early approaches for software defect prediction relied on statistical approaches to classify software modules and decide whether each module is a defect-prone module or not. Lately, many researchers used machine learning techniques to train a model that can classify software modules to defect-prone modules and not defect-prone modules. Starting from the new millennium, neural networks and deep learning won many competitions in machine learning applications. However, the use of deep learning to build a software defect prediction model was not investigated thoroughly. In this paper, we used a deep neural network to build a software defect prediction model and compared our proposed model with other machine learning algorithms like random forests, decision trees, and naive Bayesian networks. The result shows small improvement over the other learning models in most of the comparisons. These results prove the value of using deep learning for defect prediction and open the door for more experiments.
Proceedings of the 14th international conference on Software engineering and knowledge engineering - SEKE '02, 2002
As software systems age, the requirements that motivated their original development get lost. Req... more As software systems age, the requirements that motivated their original development get lost. Requirements documentation is usually unavailable, obsolete, poor or incomplete. Recapturing these requirements is critical for software reengineering activities. In our CelLEST process we adopt a data-mining approach to this problem and attempt to discover patterns of frequent similar episodes in the sequential run-time traces of the legacy user-interface behavior. These patterns constitute operational models of the application's functional requirements, from the enduser perspective. We have developed an algorithm, IPM, for interaction-pattern discovery. This algorithm discovers patterns that meet a user-specified criterion and may have insertion errors, caused by user mistakes while using the application or by the availability of alternative scenarios for the same user task. The algorithm initially constructs a set of short patterns by exhaustively inspecting the traces and then iteratively extends them to construct larger ones, using a matrix data structure to reduce the number of pattern extensions explored, during each iteration.
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02, 2002
A key challenge facing IT organizations today is their evolution towards adopting e-business prac... more A key challenge facing IT organizations today is their evolution towards adopting e-business practices that gives rise to the need for reengineering their underlying software systems. Any reengineering effort has to be aware of the functional requirements of the subject system, in order not to violate the integrity of its intended uses. However, as software systems get regularly maintained throughout their lifecycle, the documentation of their requirements often become obsolete or get lost. To address this problem of "software requirements loss", we have developed an interaction-pattern mining method for the recovery of functional requirements as usage scenarios. Our method analyzes traces of the run-time system-user interaction to discover frequently recurring patterns; these patterns correspond to the functionality currently exercised by the system users, represented as usage scenarios. The discovered scenarios provide the basis for reengineering the software system into web-accessible components, each one supporting one of the discovered scenarios. In this paper, we describe IPM2, our interaction-pattern discovery algorithm, we illustrate it with a case study from a real application and we give an overview of the reengineering process in the context of which it is employed.
Proceedings 10th International Workshop on Program Comprehension
International Conference on Software Maintenance, 2002. Proceedings.
Abstract In the context of the CelLEST project, we have been investigating the problem of reengin... more Abstract In the context of the CelLEST project, we have been investigating the problem of reengineering and reusing the services provided by legacy applications, running on mainframe hosts. This work has resulted in a suite of methods, based on understanding and modeling the users' interaction with the legacy-application interface. These methods aim at (a) modeling the behavior of the legacy user interface as a state-transition diagram,(b) recovering specifications for the application's functions by discovering the users' tasks as ...
Sixth Working Conference on Reverse Engineering (Cat. No.PR00303)
Cyber-physical systems consist of many hardware and software components. Over the life-cycle of t... more Cyber-physical systems consist of many hardware and software components. Over the life-cycle of these systems, components are replaced or updated. To avoid integration problems, good interface descriptions are crucial for component-based development of these systems. For new components, a Domain Specific Language (DSL) called Component Modeling & Analysis (ComMA) can be used to formally define the interface of such a component in terms of its signature, state and timing behavior. Having interfaces described in a model-based approach enables the generation of artifacts, for instance, to generate a monitor that can check interface conformance of components based on a trace of observed interface interactions during execution. The benefit of having formal interface descriptions also holds for legacy system components. Interfaces of legacy components can be reverse engineered manually. In order to reduce the manual effort, we present an automated learner. The learner can reverse engineer state and timing behavior of a legacy interface by examining event traces of the component in operation. The learner will then generate a ComMA model.
Automated Software Engineering, 2003
Legacy systems constitute valuable assets to the organizations that own them, and today, there is... more Legacy systems constitute valuable assets to the organizations that own them, and today, there is an increased demand to make them accessible through the World Wide Web to support e-commerce activities. As a result, the problem of legacy-interface migration is becoming very important. In the context of the CELLEST project, we have developed a new process for migrating legacy user
Journal of Software Maintenance and Evolution: Research and Practice, 2004
The number of Web users and the diversity of their interests increase continuously; Web-content p... more The number of Web users and the diversity of their interests increase continuously; Web-content providers seek to infer these interests and to adapt their Web sites to improve accessibility of the offered content. Usage-pattern mining is a promising approach in support of this goal. Assuming that past navigation behavior is an indicator of the users' interests, then, Web-server logs can be mined to infer what the users are interested in. On that basis, the Web site may be reorganized to make the interesting content more easily accessible or recommendations can be dynamically generated to help new visitors find information of interest faster. In this paper, we discuss a case study examining the effectiveness of sequential-pattern mining for understanding the users' navigation behavior in focused Web sites. This study examines the Web site of an undergraduate course, as an example of a focused Web site that offers information intrinsically related to a process and closely reflects the workflow of this underlying process. We found that in such focused sites, indeed, visitor behavior reflects the process supported by the Web site and that sequential-pattern mining can effectively predict Web-usage behavior in these sites.
ieeexplore.ieee.org
Elliot Chikofsky, Engineering Management & Integration, USA ... Andrea De Lucia, Università di Sa... more Elliot Chikofsky, Engineering Management & Integration, USA ... Andrea De Lucia, Università di Salerno, Italy Susan Elliott Sim, University of California, Irvine, USA ... Giuliano Antoniol, University of Sannio, Italy Michael Blaha, OMT Associates, USA Liz Burd, University of Durham, UK Jonathan Cook, New Mexico State University, USA Jim Cordy, Queen's University, Canada Giuseppe Di Lucca, University of Sannio, Italy Massimiliano Di Penta, University of Sannio, Italy Stephane Ducasse, University of Berne, Switzerland Mohammad El Ramly, University of Leicester, ...
Legacy systems constitute valuable assets to the organizations that own them. However, there is a... more Legacy systems constitute valuable assets to the organizations that own them. However, there is an increased demand to make them accessible through the World-Wide-Web mostly due to e-commerce related activities, and consequently the problem of legacy-interface migration is becoming extremely important. In the context of the CELLEST project, we have developed a novel approach to legacy interface migration. Its novelty lies in that it models the system's dynamic behavior based on traces of the users interaction with the ...
Many software systems collect or can be instrumented to collect data about how users use them. Th... more Many software systems collect or can be instrumented to collect data about how users use them. The type of data collected depends on the system. Other than logging purposes, such data can be used for different purposes. For example, sequential data mining can be applied to discover interesting patterns of user activities. We developed a process for discovering a special type of sequential patterns, called interaction patterns. These are sequences of events with randomly distributed noise, in the form of spurious ...
Proceedings Eighth Working Conference on Reverse Engineering, 2001
Little attention is given to teaching the theory and practice of software evolution and change in... more Little attention is given to teaching the theory and practice of software evolution and change in software engineering curricula. Program transformation is no exception. This paper presents the author's experience in teaching program transformation as a unit in a postgraduate module on software systems reengineering. It describes the teaching context of this unit and two different offerings of it, one using Turing eXtender Language (TXL) and the other using Legacy Computer Aided Reengineering Environment (Legacy-CARE or L-CARE) from ATX Software. From this experience, it was found that selecting the suitable material (that balances theory and practice) and the right tool(s) for the level of students and depth of coverage required is a non-trivial task. It was also found that teaching using toy exercises and assignments does not convey well the practical aspects of the subject. While, teaching with real, even small size, exercises and assignments, is almost non-feasible. Finding ...