Speakers: Adriano Mão de Ferro (LASIGE, DI/FCUL) & Rafael Ramires (LASIGE, DI/FCUL)

Date: May 17, 2023, 12h00

Where: C6.3.27

Talk 1: Neuro evolution-based data quality framework for regularly sampled sensor data

Abstract: The growing use of sensors and the proliferation of applications and systems continuously (possibly in real-time) extracting insights from sensor data require high data quality to allow efficient and safe operation and functionality. Previous work enumerates problems related to sensor data quality in the internet-of-things and cyber-physical systems contexts, proposing frameworks to overcome such issues. However, they are generally limited to particular applications or systems, not diving deeper into the general case of continuous operation and dependence on regularly sampled sensor data. This thesis will study data quality requirements for a class of systems that operate continuously on regularly sampled sensor data, propose a data quality framework for such systems, and design and implement a generic, scalable, and configurable platform for continuous data quality assessment for the class of systems considered.

Talk 2: Detect Web Vulnerabilities Using Knowledge Graphs

Abstract: The web’s increasing use has led to a growth of attacks exploring software vulnerabilities, such as Cross-site Scripting (XSS) and SQL injection (SQLi), causing significant harm to companies. We present a new static analysis approach for assessing and evaluating web applications against web vulnerabilities through a Knowledge-based Agent-system Vulnerability-detector called KAVe.

KAVe resorts to a multi-agent system that performs taint analysis over specially designed knowledge graphs to detect potential security weaknesses more efficiently. These knowledge graphs aggregate different code property graphs representing the lexical and semantic features of the applications source code, as well as their data and control flows.

The study objectives include code parsing, graph construction, knowledge graph creation, graph pruning, multi-agent navigation, vulnerability detection, validation, and comparison with existing tools.

Preliminary results of KAVe showed that the tool employs an effective and efficient method to detect vulnerabilities in web applications, finding 169 vulnerabilities with an accuracy of 98.81% over 12 open-source PHP web applications.

Short-bios:

Adriano Mão de Ferro is a Ph.D. student in Informatics, currently working on his thesis under the supervision of Professor Pedro Ferreira and Professor António Casimiro.

Rafael Ramires just recently obtained his Master’s Degree in Informatics Engineering from the University of Lisbon – Faculty of Science, where he is also currently a Professor. He also spent part of his Master’s at the University of Luxembourg through an Erasmus program.

His thesis research was associated with the XIVT under the supervision of Professor Ibéria Medeiros and Professor Ana Respício, focusing on vulnerability detection on PHP web applications taking advantage of static analysis, code property graphs and multi-agent systems.