CPS and RDNS meetup: Adriano Mão de Ferro & Rafael Ramires

Speakers: Adriano Mão de Ferro (LASIGE, DI/FCUL) & Rafael Ramires (LASIGE, DI/FCUL)

Date: May 17, 2023, 12h00

Where: C6.3.27

Talk 1: Neuro evolution-based data quality framework for regularly sampled sensor data
Abstract: The growing use of sensors and the proliferation of applications and systems continuously (possibly in real-time) extracting insights from sensor data require high data quality to allow efficient and safe operation and functionality. Previous work enumerates problems related to sensor data quality in the internet-of-things and cyber-physical systems contexts, proposing frameworks to overcome such issues. However, they are generally limited to particular applications or systems, not diving deeper into the general case of continuous operation and dependence on regularly sampled sensor data. This thesis will study data quality requirements for a class of systems that operate continuously on regularly sampled sensor data, propose a data quality framework for such systems, and design and implement a generic, scalable, and configurable platform for continuous data quality assessment for the class of systems considered.

Talk 2: Detect Web Vulnerabilities Using Knowledge Graphs
Abstract: The web’s increasing use has led to a growth of attacks exploring software vulnerabilities, such as Cross-site Scripting (XSS) and SQL injection (SQLi), causing significant harm to companies. We present a new static analysis approach for assessing and evaluating web applications against web vulnerabilities through a Knowledge-based Agent-system Vulnerability-detector called KAVe.

KAVe resorts to a multi-agent system that performs taint analysis over specially designed knowledge graphs to detect potential security weaknesses more efficiently. These knowledge graphs aggregate different code property graphs representing the lexical and semantic features of the applications source code, as well as their data and control flows.

The study objectives include code parsing, graph construction, knowledge graph creation, graph pruning, multi-agent navigation, vulnerability detection, validation, and comparison with existing tools.

Preliminary results of KAVe showed that the tool employs an effective and efficient method to detect vulnerabilities in web applications, finding 169 vulnerabilities with an accuracy of 98.81% over 12 open-source PHP web applications.