Hirohisa Aman

A Model for Detecting Cost-Prone Classes Based on Mahalanobis-Taguchi Method

In software development, comprehensive software reviews and testings are important activities to preserve high quality and to control maintenance cost. However it would be actually difficult to perform comprehensive software reviews and testings because of a lot of components, a lack of manpower and other realistic restrictions. To improve performances of reviews and testings in object-oriented software, this paper proposes a novel model for detecting cost-prone classes; the model is based on Mahalanobis-Taguchi method---an extended statistical discriminant method merging with a pattern recognition approach. Experimental results using a lot of Java software are provided to statistically demonstrate that the proposed model has a high ability for detecting cost-prone classes.

Empirical Analysis of Change-Proneness in Methods Having Local Variables with Long Names and Comments

This paper focuses on the local variable names and comments that are major artifacts reflecting the programmers preference. It conducts an empirical analysis on the usefulness of those artifacts in assessing the software quality from the perspective of change-proneness in Java methods developed in six popular open source software products. The empirical results show: (1) a method having a longer named local variable is more change-prone, and (2) the presence of comments inside the method body strengthens the suspicions to be modified after the release. The above artifacts are worthy to find methods which can survive unscathed after the release.

An Empirical Analysis on Fault-Proneness of Well-Commented Modules

Comment statements are useful to enhance the readability and/or understandability of software modules. However, some comments may adjust the readability/understandability of code fragments that are too complicated and hard to understand-a kind of code smell. Consequently, some well-written comments may be signs of poorquality modules. This paper focuses on the lines of comments written in modules, and performs an empirical analysis with three major open source software and their fault data. The empirical results show that the risk of being faulty in wellcommented modules is about 2 to 8 times greater than noncommented modules.

Behavior analysis of self-evolving botnets

Machine learning techniques have been achieving significant performance improvements in various kinds of tasks, and they are getting applied in many research fields. While we benefit from such techniques in many ways, they can be a serious security threat to the Internet if malicious attackers become able to utilize them to detect software vulnerabilities. This paper introduces a new concept of self-evolving botnets, where computing resources of infected hosts are exploited to discover unknown vulnerabilities in non-infected hosts. We propose a stochastic epidemic model that incorporates such a feature of botnets, and show its behaviors through numerical experiments and simulations.

Application of the 0-1 Programming Model for Cost-Effective Regression Test

This paper reports an application of the 0-1 programming model to the regression testing plan for an industrial software. The key idea is to formulate a testing plan as a 0-1 programming problem (Knapsack problem). The empirical study shows that the 0-1 programming method can produce a cost-effective testing plan in which all potential regressions are found at only 22% of the cost of running all test cases.

Multistage Growth Model for Code Change Events in Open Source Software Development: An Example Using Development of Nagios

In recent years, many open source software (OSS) products have become popular and widely used in the information technology (IT) business. To successfully run IT business, it is important to properly understand the OSS development status. Having a proper understanding of development status is necessary to evaluate and predict the product quality. However, the OSS development status is not easy to understand, because it is often concurrently developed by many distributed contributors, and its developmental structure is complicated. To aid the understanding of the development status, there is an approach that models the trend of source code change events (evolution) with a growth curve. Although an application of growth curves seems to be a promising approach, there has been a big issue that a single growth curve is often unsuitable for modeling the whole evolution because of its complex evolutionary behavior. This paper proposes a multistage model that divides the whole development period into some stages, and applies a different growth curve to a different stage. The empirical investigation in this paper shows that the switching points of stages have meaningful associations with the release dates.

Application of Mahalanobis-Taguchi Method and 0-1 Programming Method to Cost-Effective Regression Testing

To enhance the cost effectiveness of regression testing, this paper proposes a method for prioritizing test cases. In general, a test case can be evaluated from various different points of view, therefore whether it is worth it to re-run should be discussed using multi criteria. This paper shows that the Mahalanobis-Taguchi (MT) method is a useful way to successfully integrate different evaluations of a test case. Moreover, this paper proposes to use the 0-1 programming method together with the MT method in order to take into account not only the priority of a test case but also its cost to run. The empirical study with 300 test cases for an industrial software system shows that the combination of the MT method and the 0-1 programming method is more cost-effective than other conventional methods.

A Proposal of NHPP-Based Method for Predicting Code Change in Open Source Development

This paper proposes a novel method for predicting the amount of source code changes (changed lines of code: changed-LOC) in the open source development (OSD). While the software evolution can be observed through the public code repository in OSD, it is not easy to understand and predict the state of the whole development because of the huge amount of less-organized information.The method proposed in the paper predicts the code changes by using only data freely available from the code repository the code-change time stamp and the changed-LOC.The method consists of two steps: 1) to predict the number of occurrences of code changes by using a non-homogeneous Poisson process (NHPP)-based model, and 2) to predict the amount of code changes by using the outcome of the step-1 and the previously changed-LOC.The empirical work shows that the proposed method has an ability to predict the changed-LOC in the next 12 months with less than 10\% error.

A Simple Predictive Method for Discriminating Costly Classes Using Class Size Metric

Larger object classes often become more costly classes in the maintenance phase of object-oriented software. Consequently class would have to be constructed in a medium or small size. In order to discuss such desirable size, this paper proposes a simple method for predictively discriminating costly classes in version-upgrades, using a class size metric, Stmts. Concretely, a threshold value of class size (in Stmts) is provided through empirical studies using many Java classes. The threshold value succeeded as a predictive discriminator for about 73% of the sample Java classes.

Security Flaw in SAS-2 Protocol

SAS-2 is an alternative of a one-time password authentication protocol SAS, and is developed in order to reduce overhead due to the use of hash functions. The idea of both algorithms is sharing a similar secret number called the verifier that allows a client to be authenticated and that is changed for each new session. However, some of the combinations proposed in [1] to transmit the verifier may contain a security flaw, and the insecure combination results in vulnerability to impersonation attacks.