Selected Publications - QRST GROUP

• H. Shahriar and M. Zulkernine, “Mitigating Program Security Vulnerabilities: Approaches and Challenges,” ACM Computing Surveys, ACM, to appear, 2012.
• H. Shahriar and M. Zulkernine, “Trustworthiness Testing of Phishing Websites: A Behavior Model-based Approach,” Special Issue on Trusting Software Behavior, Future Generation Computer System (FGCS), Elsevier Science, to appear, 2012.
• M. Atef and M. Zulkernine, “A Control Flow Representation for Component-Based Software Reliability Analysis,” Proc. of the 6th IEEE International Conference on Software Security and Reliability (SERE), to appear, Washington DC, USA, June 2012. (Acceptance rate 30%)
• A. Mohsina and M. Zulkernine, “DESERVE: A Framework for Detecting Program Security Vulnerability Exploitations,” Proc. of the 6th IEEE International Conference on Software Security and Reliability (SERE), to appear, Washington DC, USA, June 2012. (Acceptance rate 30%)
• A Barua, H. Shahriar, and M. Zulkernine, “Server Side Detection of Content Sniffing Attacks,” Proc. of the 22nd IEEE International Symposium on Software Reliability Engineering (ISSRE), pp. 20-29, Hiroshima, Japan, November 2011. (Acceptance rate 25%)
• H. Shahriar and M. Zulkernine, “A Fuzzy Logic-based Buffer Overflow Vulnerability Auditor,” Proc. of the 9th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2011), pp. 137-144, Sydney, Australia, December 2011. (Acceptance rate 35%, Best Paper Award)
• H. Shahriar and M. Zulkernine, “S2XS2: A Server Side Approach to Automatically Detect XSS Attacks,” Proc. of the 9th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2011), pp. 7-14, Sydney, Australia, December 2011. (Acceptance rate 35%)
• M. Atef and M. Zulkernine, “A Connection-Based Signature Approach for Control Flow Error Detection,” Proc. of the 9th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2011), pp. 129-136, Sydney, Australia, December 2011. (Acceptance rate 35%)
• A. Alvi and M. Zulkernine, “A Natural Classification Scheme for Software Security Patterns,” Proc. of the 9th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2011), pp. 113-119, Sydney, Australia, December 2011. (Acceptance rate 35%)
• X. Young and M. Zulkernine, “Security Monitoring of Components Using Aspects and Contracts in Wrappers,” Proc. of the 35th Annual International Computer Software and Applications Conference (COMPSAC), pp. 566-575, IEEE CS, Munich, Germany, July 2011. (Acceptance rate 20%)
• H. Shahriar and M. Zulkernine, “Information Source-based Classification of Automatic Phishing Website Detectors,” Proc. of the 11th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), pp. 190-195, IEEE CS, Munich, Germany, July 2011.
• H. Shahriar and M. Zulkernine, “Injecting Comments to Detect JavaScript Code Injection Attacks,” Proc. of the 6th IEEE International Workshop on Security, Trust, and Privacy for Software Applications (STPSA), pp. 104-109,  IEEE CS, Munich, Germany, July 2011.
• U. Khan and M. Zulkernine, "Building Components with Embedded Security Monitors," Proceedings of the 2nd ACM SigSoft International Symposium on Architecting Critical Systems (ISARCS), Boulder, Colorado, USA, ACM Press, pp. 133-142, June 2011.
• I. Chowdhury and M. Zulkernine, “Using Complexity, Coupling, and Cohesion Metrics as Early Indicators of Vulnerabilities," Special Issue on "Security and Dependability Assurance of Software Architectures," Journal of Systems Architecture, vol. 57, issue 3, pp. 294-313, Elsevier Science, March 2011.
• H. Shahriar and M. Zulkernine, “Taxonomy and Classification of Automatic Monitoring of Program Security Vulnerability Exploitations,” Journal of Systems and Software, vol.84, issue 2, pp. 250-269, Elsevier Science, February 2011.
• H. Shahriar and M. Zulkernine, “Client-Side Detection of Cross-Site Request Forgery Attacks,” Proc. of the 21st IEEE International Symposium on Software Reliability Engineering (ISSRE), pp. 358-367, San Jose, CA, USA, November 2010. (Acceptance rate 32%)
• H. Shahriar and M. Zulkernine, “Monitoring Buffer Overflow Attacks: A Perennial Task,” International Journal of Secure Software Engineering (IJSSE), IGI Global, Vol. 1, Issue 3, pp. 18-40, July-September 2010.
• M. Atef and M. Zulkernine, “The Level of Decomposition Impact on Component Fault Tolerance,” Proc. of the Fifth Workshop on Quality Oriented Reuse of Software (QUROS), pp. 57-62, EEE CS Press, Seoul, Korea, July 2010.
• H. Shahriar and M. Zulkernine, “PhishTester: Automatic Testing of Phishing Attacks,” Proc. of the 4th IEEE International Conference on Secure System Integration and Reliability Improvement (SSIRI), pp. 198-207, IEEE CS Press, Singapore, June 2010. (Acceptance rate 33%)
• M. Atef and M. Zulkernine, “Architectural Design Decisions for Achieving Reliable Software Systems,” Proc. of the International Symposium on Architecting Critical Systems (ISARCS), Lecture Notes in Computer Science, vol. 6150, pp. 19-32, Prague, Czech Republic, June 2010.
• M. Atef and M. Zulkernine, “Failure Type-Aware Reliability Assessment with Component Failure Dependency,” Proc. of the 4th IEEE International Conference on Secure System Integration and Reliability Improvement (SSIRI), pp. 98-105, IEEE CS Press, Singapore, June 2010. (Acceptance rate 33%)
• H. Shahriar and M. Zulkernine, “Classification of Static Analysis-Based Buffer Overflow Detectors,” Proc. of the 1st International Workshop on Modeling Secure and Reliable Systems, pp. 94-101, IEEE CS Press, Singapore, June 2010.
• M. Atef and M. Zulkernine, “A Taxonomy of Software Architecture-Based Reliability Efforts,” Proc. of the Fifth ICSE Workshop on SHAring and Reusing architectural Knowledge (SHARK), pp. 44-51, ACM, Cape Town, South Africa, May 2010. (Acceptance rate 53%)
• I. Chowdhury and M. Zulkernine, “Can Complexity, Coupling, and Cohesion Metrics be Used as Early Indicators of Vulnerabilities?” Proc. of the 25th Annual ACM Symposium on Applied Computing (SAC): Computer Security Track, pp. 1963-1969, Sierre, Switzerland, March 2010.(Acceptance rate 15%)
• H. Shahriar and M. Zulkernine, “Classification of Automatic Monitors for Buffer Overflow Vulnerabilities,” Proc. of the 4th International Workshop on Secure Software Engineering (SecSE), pp. 519-524, IEEE CS Press, Krakow, Poland, February 2010.
•  H. Shahriar and M. Zulkernine, “Assessing Test Suites for Buffer Overflow Vulnerabilities,” International Journal of Software Engineering and Knowledge Engineering (IJSEKE), Special Issue on Security Engineering Practices & Methodology based on Software & Knowledge Engineering, vol. 20, issue 1, pp. 73-101, World Scientific. February, 2010.
• M. Zulkernine, M. Raihan, and M. Uddin, “Towards Model-Based Automatic Testing of Attack Scenarios,” Proc. of the 28th International Conference on Computer Safety, Reliability and Security (SAFECOMP), Lecture Notes in Computer Science, vol. 5775, pp. 229-242, Springer, Hamburg, Germany, September 2009. (Acceptance rate 34%)
• M. Atef and M. Zulkernine, “Quantifying Safety in Software Architectural Designs,” Proc. of the International Workshop on Design of Dependable Critical Systems (DDCS), pp. 68-75, Hamburg, Germany, September 2009.
• M. Uddin and M. Zulkernine, “A Trust Monitoring Architecture for Service-Based Software,” in J. Dong, R. Paul, and L. Zhang (editors), High Assurance Service Computing, pp. 45-64, Springer, 2009.
• U. Khan and M. Zulkernine, “Activity and Artifact Views of a Secure Software Development Process,” Proc. of the International Workshop on Software Security Process (SSP), pp. 399-404, IEEE, Vancouver, Canada, August 2009.
• X. Yang and M. Zulkernine, “Secure Method Calls by Instrumenting Bytecode with Aspects,” Proc. of the 23rd Annual IFIP WG Working Conference on Data and Applications Security, (DBSec ’09), Lecture Notes in Computer Science, vol. 5645, pp. 126-141, Springer, Montreal, Canada, July 2009. (Acceptance rate 26%)
• H. Shahriar and M. Zulkernine, “Automatic Testing of Program Security Vulnerabilities," Proc. of the 1st IEEE International Workshop on Test Automation, pp. 550-555, IEEE CS Press, Seattle, USA, July 2009.
• U. Khan and M. Zulkernine, “On Selecting Appropriate Development Processes and Requirements Engineering Methods for Secure Software,” Proc. of the 4th IEEE International Workshop on Privacy, Security, and Trust for Software Applications, pp. 353-358, IEEE CS Press, Seattle, USA, July 2009.
• H. Shahriar and M. Zulkernine, “MUTEC: Mutation-based Testing of Cross Site Scripting,” Proc. of the Fifth ICSE International Workshop on Software Engineering for Secure Systems (SESS), pp. 47-53, IEEE, Vancouver, Canada, May 2009. (Acceptance ratio 10/23)
• Z. Zhu and M. Zulkernine, “A Model-Based Aspect-Oriented Framework for Building Intrusion-Aware Software Systems,” Special Issue on Model Based Development for Secure Information Systems, Information and Software Technology Journal, vol. 51, issue 5, pp. 865-875, Elsevier Science, May 2009.
• M. Uddin and M. Zulkernine, “ATM: An Automatic Trust Monitoring Algorithm for Service Software,” Proc. of the 24th Annual ACM Symposium on Applied Computing (SAC): Dependable and Adaptive Distributed Systems, pp. 1040-1044, Hawaii, USA, March 2009. (Acceptance rate 29%)
• M. Uddin, M. Zulkernine, and S. Ahamed, “Collaboration Through Computation: Incorporating Trust Model into Service-Based Software Systems,” Service Computing and Applications Journal, vol. 3, no. 1, pp. 47-63, Springer, March 2009.
• M. Atef and M. Zulkernine “At What Level of Granularity Should We be Componentizing for Software Reliability?” Proc. of the 11th IEEE International Symposium on High Assurance System Engineering (HASE), pp. 273-282, IEEE CS Press, Nanjing, China, December 2008. (Acceptance rate 20%)
• H. Shahriar and M. Zulkernine, “Mutation-Based Testing of Format String Bugs,” Proc. of the 11th IEEE International Symposium on High Assurance System Engineering (HASE), pp. 229-238, IEEE CS Press, Nanjing, China, December 2008. (Acceptance rate 20%)
• J. Zhang, M. Zulkernine, and A. Haque, “Random Forest-Based Network Intrusion Detection Systems,” IEEE Transactions on Systems, Man, and Cybernetics – Part C: Applications and Reviews, vol. 38, no. 5, pp. 648-658, September 2008.
• H. Shahriar and M. Zulkernine, “MUSIC: Mutation-based SQL Injection Vulnerability Checking,” Proc. of the 8th International Conference on Quality Software (QSIC), pp. 77-86, IEEE CS Press, Oxford, UK, August 2008. (Acceptance. rate 30%)
• M. Atef and M. Zulkernine, “On Failure Propagation in Component-Based Software Systems,” Proc. of the 8th International Conference on Quality Software (QSIC), pp. 402-411, IEEE CS Press, Oxford, UK, August 2008. (Acceptance rate 30%)
• U. Khan and M. Zulkernine, “Quantifying Security Vulnerabilities in Secure Software Development,” Proc. of the Second IEEE International Workshop on Security in Software Engineering, pp. 955-960, IEEE CS Press, Turku, Finland, July 2008.
• H. Shahriar and M. Zulkernine, “Mutation-Based Testing of Buffer Overflow Vulnerabilities,” Proc. of the Second IEEE International Workshop on Security in Software Engineering, pp. 979-984, IEEE CS Press, Turku, Finland, July 2008.
•  I. Chowdhury, B. Chan, and M. Zulkernine, “Security Metrics for Source Code Structures,” Proc. of the Fourth ICSE International Workshop on Software Engineering for Secure Systems (SESS), ACM, pp. 57-64, Leipzig, Germany, May 2008.
•  M. Uddin and M. Zulkernine, “UMLtrust: Towards Developing Trust-Aware Software,” Proc. of the 23rd Annual ACM Symposium on Applied Computing (SAC), pp. 831-836, Fortaleza Brazil, March 2008. (Acceptance rate 29%)
•  M. Uddin, M. Zulkernine, and S. Ahamed*, “CAT: A Context-Aware Trust Model for Open and Dynamic Systems,” Proc. of the 23rd Annual ACM Symposium on Applied Computing (SAC), pp. 2024-2029, Fortaleza, Brazil, March 2008. (Acceptance rate 29%)
•  L. Kuang and M. Zulkernine, “An Anomaly Intrusion Detection Method Using the CSI-KNN Algorithm,” Proc. of the 23rd Annual ACM Symposium on Applied Computing (SAC), pp. 921-926, Fortaleza, Brazil, March 2008. (Acceptance rate 29%)
•  Y. You, M. Zulkernine, and A. Haque, “A Distributed Defense Framework for Flooding-Based DDoS Attacks,” Proc. of the International Conference on Availability, Reliability and Security (AReS), pp. 245-252, IEEE CS Press, Barcelona, Spain, March 2008. (Acceptance rate 22%)
•  L. Kuang and M. Zulkernine, “An Intrusion-Tolerant Mechanism for Intrusion Detection Systems,” Proc. of the International Conference on Availability, Reliability and Security (AReS), pp. 921-926, IEEE CS Press, Barcelona, Spain, March 2008. (Acceptance rate 22%)
• M. Atef and M. Zulkernine, “Improving Reliability and Safety by Trading Off Software Failure Criticalities,” Proc. of the 10th IEEE International Symposium on High Assurance System Engineering (HASE), pp. 267-274, Dallas, Texas, USA, November 2007. (Acceptance rate 30%)
• P. Kannadiga, M. Zulkernine, and A. Haque, “E-NIPS: An Event-Based Network Intrusion Prediction System,” Proc. of the 10th Information Security Conference (ISC), Lecture Notes in Computer Science, vol. 4779, pp.37-52, Springer Verlag, Chile, October 2007. (Acceptance rate 25%)
• S. Ahamed, M. Zulkernine, and S. Wolfe, “A Software-Based Trust Management System for Distributed Industrial Management Systems,” Journal of Systems and Software, vol. 80, issue 10, pp. 1621-1630, Elsevier Science, October 2007.
• M. Zulkernine, M. Graves, and U. Khan, “Integrating Software Specifications into Intrusion Detection,” International Journal of Information Security (IJIS), pp. 345-357, Springer, September, 2007.
• M. Hussein, M. Raihan, and M. Zulkernine, “Classification and Extension of Software Specification and Attack Description Languages,” in D. Khadraoui and F. Herrmann (editors), Advances in Enterprise IT Security, pp. 285-301, Idea Group, 2007.
• M. Uddin, H. Shahriar, and M. Zulkernine, “ACIR: An Aspect-Connector for Intrusion Response,” Proc. of the First IEEE International Workshop on Security in Software Engineering, pp. 249-254, IEEE CS Press, Beijing, China, July 2007.
• M. Al-Subaie and M. Zulkernine, “The Power of Recurrent Neural Networks in Anomaly Intrusion Detection,” Proc. of the IEEE Symposium on Computer and Communications Network Security – ICC '07, pp. 1391-1398, Glasgow, Scotland, June 2007. (Acceptance rate 39%)
• Y. You, M. Zulkernine, and A. Haque, “Detecting Flooding-Based DDoS Attacks,” Proc. of the IEEE Symposium on Computer and Communications Network Security – ICC '07, pp. 1239-1234, Glasgow, Scotland, June 2007. (Acceptance rate 39%)
• M. Hussein and M. Zulkernine, “Intrusion Detection Aware Component-Based Systems: A Specification-Based Approach,” Journal of Systems and Software, vol. 80, issue 5, pp. 700-710, Elsevier Science, May 2007.
• M. Raihan and M. Zulkernine, “AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification,” Proc. of the IEEE International Conference on Availability, Reliability and Security (AReS), IEEE CS Press, pp. 775-782, Vienna, Austria, April 2007.(Acceptance rate 28%)
• M. Graves and M. Zulkernine, “Bridging the Gap: Software Specification Meets Intrusion Detector,” Proc. of the Fourth Annual Conference on Privacy, Security and Trust (PST), pp. 265-274, Toronto, Canada, McGraw Hill Press, October 2006.
• M. Al-Subaie and M. Zulkernine, “Efficacy of Hidden Markov Models Over Neural Networks in Anomaly Intrusion Detection,” Proc. of the 30th Annual International Computer Software and Applications Conference (COMPSAC), pp. 325-332, IEEE CS Press, Chicago, USA, September 2006. (Acceptance rate 29%)
• J. Zhang and M. Zulkernine, “Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection,” Symposium on Network Security and Information Assurance – Proc. of the IEEE International Conference on Communications (ICC), pp. 2388-2393, Istanbul, Turkey, June 2006. (Acceptance rate 39%)
• J. Zhang and M. Zulkernine, “A Hybrid Network Intrusion Detection Technique Using Random Forests,” Proc. of the International Conference on Availability, Reliability and Security (AReS), IEEE CS Press, pp. 262-269, Vienna, Austria, April 2006. (Acceptance rate 36%)
•  M. Hussein and M. Zulkernine, “UMLintr: A UML Profile for Specifying Intrusions,” Proc. of the 13th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS), pp. 279-286, IEEE CS Press, Potsdam, Germany, March 2006.
• J. Zhang and M. Zulkernine, “Network Intrusion Detection Using Random Forests,” Proc. of the third Annual Conference on Privacy, Security and Trust (PST), pp. 53-61, St. Andrews, New Brunswick, Canada, October 2005. (Acceptance rate 38%)
• M. Raihan and M. Zulkernine, “Detecting Intrusions Specified in a Software Specification Language,” Proc. of the 29th Annual International Computer Software and Applications Conference (COMPSAC), pp. 143-148, IEEE CS Press, Edinburgh, Scotland, July 2005. (Acceptance rate 25%)
• P. Kannadiga and M. Zulkernine, “DIDMA: A Distributed Intrusion Detection System Using Mobile Agents,” Proc. of the ACIS 6th International Conference on Software Engineering, Networking and Parallel/Distributed Computing (SNPD), pp. 238-245, IEEE CS Press, Maryland, USA, May 2005.