Refine
Year of publication
- 2022 (3) (remove)
Document Type
- Conference Proceeding (2)
- Doctoral Thesis (1)
Language
- English (3) (remove)
Has Fulltext
- no (3)
Keywords
- Biomedical signals (1)
- Cross Site Scripting (1)
- Machine learning (1)
- Medical systems (1)
- PHP (1)
- SQL Injection (1)
- Signal acquisition (1)
- Signal processing (1)
- Static Code Analysis (1)
- Test Suite (1)
Institute
- Fakultät Informatik (3) (remove)
Systematic Generation of XSS and SQLi Vulnerabilities in PHP as Test Cases for Static Code Analysis
(2022)
Synthetic static code analysis test suites are important to test the basic functionality of tools. We present a framework that uses different source code patterns to generate Cross Site Scripting and SQL injection test cases. A decision tree is used to determine if the test cases are vulnerable. The test cases are split into two test suites. The first test suite contains 258,432 test cases that have influence on the decision trees. The second test suite contains 20 vulnerable test cases with different data flow patterns. The test cases are scanned with two commercial static code analysis tools to show that they can be used to benchmark and identify problems of static code analysis tools. Expert interviews confirm that the decision tree is a solid way to determine the vulnerable test cases and that the test suites are relevant.
The influence of sleep on human life, including physiological, psychological, and mental aspects, is remarkable. Therefore, it is essential to apply appropriate therapy in the case of sleep disorders. For this, however, the irregularities must first be recognised, preferably conveniently for the person concerned. This dissertation, structured as a composition of research articles, presents the development of mathematically based algorithmic principles for a sleep analysis system. The particular focus is on the classification of sleep stages with a minimal set of physiological parameters. In addition, the aspects of using the sleep analysis system as part of the more complex healthcare systems are explored. Design of hardware for non-obtrusive measurement of relevant physiological parameters and the use of such systems to detect other sleep disorders, such as sleep apnoea, are also referred to. Multinomial logistic regression was selected as the basis for development resulting from the investigations carried out. By following a methodical procedure, the number of physiological parameters necessary for the classification of sleep stages was successively reduced to two: Respiratory and Movement signals. These signals might be measured in a contactless way. A prototype implementation of the developed algorithms was performed to validate the proposed method, and the evaluation of 19324 sleep epochs was carried out. The results, with the achieved accuracy of 73% in the classification of Wake/NREM/REM stages and Cohen's kappa of 0.44, outperform the state of the art and demonstrate the appropriateness of the selected approach. In the future, this method could enable convenient, cost-effective, and accurate sleep analysis, leading to the detection of sleep disorders at an early stage so that therapy can be initiated as soon as possible, thus improving the general population's health status and quality of life.
Dynamic Real-Time Range Queries (DRRQ) are a common means to handle mobile clients in high-density areas where both, clients requested by the query and the inquirers, are mobile. In contrast to the very well-known continuous range queries, only a few approaches, such as Adaptive Quad Streaming (AQS), address the mandatory scalability and real-time requirements of these so-called ad-hoc mobility challenges. In this paper we present the highly decentralized solution Adaptive Quad Streaming Flexible (AQSflex) as an extension of the already existing more theoretical AQS approach. Beside a highly distributed cell structure without data structures and a lightweight streaming communication, we use a multi-cell-assignment on limited pool resources instead of an idealistic unlimited cell-per-server assignment. The described experimental results show the potential of our local capacity balancing scheme for cell handover in a strongly decentralized setting. Leafs of a cell hierarchy define a kind of self-optimizing fuzzy edge for the processing resources in high-density systems without any centralized controlling or cloud component.