Md Rayhanur Rahman

College of Engineering

Works (6)

Updated: June 12th, 2024 05:02

2024 journal article

A Survey on Software Vulnerability Exploitability Assessment

ACM COMPUTING SURVEYS, 56(8).

By: S. Elder n, M. Rahman n, G. Fringer n, K. Kapoor n & L. Williams n

author keywords: Exploitability; software vulnerability
Source: Web Of Science
Added: June 11, 2024

2023 journal article

What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey

ACM COMPUTING SURVEYS, 55(12).

By: M. Rahman n, R. Hezaveh n & L. Williams n

author keywords: Cyberthreat intelligence; CTI extraction; CTI mining; IoC extraction; TTPs; extraction; attack pattern extraction; threat reports; tactical threat intelligence; technical threat intelligence
TL;DR: The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature, finding 11 types of extraction purposes and 7 types of textual sources for CTI extraction. (via Semantic Scholar)
Source: Web Of Science
Added: April 24, 2023

2022 journal article

Why secret detection tools are not enough: It's not just about false positives-An industrial case study

EMPIRICAL SOFTWARE ENGINEERING, 27(3).

By: M. Rahman n, N. Imtiaz n, M. Storey* & L. Williams n

author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
TL;DR: It is found that, despite developers classified 50% of the warning as false positive, developers also bypassed the warning due to time constraints, working with non-shipping projects, technical challenges of eliminating secrets completely from the version control history, technical debts, and perceptions that check-ins are low risk. (via Semantic Scholar)
Source: Web Of Science
Added: April 4, 2022

2021 journal article

Security Smells in Ansible and Chef Scripts: A Replication Study

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 30(1).

By: A. Rahman*, M. Rahman n, C. Parnin n & L. Williams n

TL;DR: This article identifies two security smells not reported in prior work: missing default in case statement and no integrity check and recommends practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using code review, and static analysis tools. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: March 8, 2021

2020 article

A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts

20TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW 2020), pp. 516–525.

By: M. Rahman n, R. Mahdavi-Hezaveh n & L. Williams n

TL;DR: It is found that the most prominent sources of unstructured threat data are the threat reports, Twitter feeds, and posts from hackers and security experts, and natural language processing (NLP) based approaches: topic classification; keyword identification; and semantic relationship extraction among the keywords are mostly availed in the selected studies to mine CTI information from un Structured threat sources. (via Semantic Scholar)
Source: Web Of Science
Added: July 12, 2021

2019 article

Share, But Be Aware: Security Smells in Python Gists

2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019), pp. 536–540.

By: M. Rahman n, A. Rahman* & L. Williams n

author keywords: GitHub; Gist; Python; Security; Security Smell; Static Analysis; Software Security
TL;DR: This paper finds 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists and finds no significance relation between the presence of these security smells and the reputation of the Gist author. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: April 14, 2020

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.