Publications | Zhiqiang Wu

2023

JSS

A Systematic Literature Review on Android-specific Code Smells

Wu, Zhiqiang, Chen, Xin, and Lee, Scott Uk-Jin

Journal of Systems & Software 2023

@article{slr,
  title = {A Systematic Literature Review on Android-specific Code Smells},
  author = {Wu, Zhiqiang and Chen, Xin and Lee, Scott Uk-Jin},
  journal = {Journal of Systems & Software},
  vol = {201},
  year = {2023},
}

2022

Software

Analyzing Technical Debt Prioritization Methods and Tools: How Do Practitioners Meet Their Expectations?

Chen, Xin, Wu, Zhiqiang, and Lee, Scott Uk-Jin

IEEE Software 2022

Bib

@article{xin_software,
  title = {Analyzing Technical Debt Prioritization Methods and Tools:
  How Do Practitioners Meet Their Expectations?},
  author = {Chen, Xin and Wu, Zhiqiang and Lee, Scott Uk-Jin},
  journal = {IEEE Software},
  year = {2022},
  note = {Work in progress},
}

Thesis
Analyzing Validity of Permission Usages in Android Apps via App Descriptions

Wu, Zhiqiang

2022

Abs Bib HTML

Application (app) description analysis can be used in various software engineering domains such as requirement recommendation, malware detection, and security maintenance. Besides the inherent challenges from the ambiguity of natural language, sparse permission semantics raise the difficulties of predicting functionalities and permission usages from app descriptions. More specifically, the functionalities common to the app’s category are intentionally abbreviated by developers due to the limited number of characters allowed for app descriptions, and permissions are often being over-claimed. These are the main reasons that cause false positives in predicting permissions from app descriptions. Such unmentioned permissions can only be detected as suspicious in existing studies where effective assistance for developers in refining app descriptions and preventing potential security risks is not provided. In this thesis, we propose the FideDroid, a framework to identify category-based common permissions to predict the unmentioned functionalities in the same category while assessing the fidelity of app descriptions. The existing public dataset contains sparse permission semantics, which highly impacts performance of predicting permissions from app description. In order to overcome this issue, our framework augments the labeled dataset of app descriptions to improve the prediction of permissions. Based on the prediction, FideDroid compares inferred permissions with the used ones to reveal the suspicious and unnecessary permissions. It helps developers to refine app descriptions and maintain permission usages. In our experiments on large number of real-world apps from the Play Store, we analyzed and revealed that the category-based common permissions can predict more unmentioned functionalities rather than considering all possible permissions in the category. In addition, we discovered three factors causing the inconsistency between descriptions and permission usages to be: 1) human interventions in writing descriptions 2) bad practices on permission usages and 3) prolific developers. Consequently, FideDroid helps developers to localize the absences of permission in the app descriptions and refine the app descriptions to protect users‘ right to know. Moreover, it facilitates developers to prevent permission misuses to improve app quality.
@phdthesis{phd, title = {Analyzing Validity of Permission Usages in Android Apps via App Descriptions}, author = {Wu, Zhiqiang}, year = {2022}, school = {Hanyang University} }

2021

Electronics

Wake Lock Leak Detection in Android Apps Using Multi-Layer Perceptron

Khan, Muhammad Umair, Lee, Scott Uk-Jin, Wu, Zhiqiang, and Abbas, Shanza

Electronics 2021

Bib HTML

@article{khan2021wake,
  title = {Wake Lock Leak Detection in Android Apps Using Multi-Layer Perceptron},
  author = {Khan, Muhammad Umair and Lee, Scott Uk-Jin and Wu, Zhiqiang and Abbas, Shanza},
  journal = {Electronics},
  volume = {10},
  number = {18},
  pages = {2211},
  year = {2021},
  publisher = {Multidisciplinary Digital Publishing Institute},
}

ACCESS
Enhancing Fidelity of Description in Android Apps With Category-Based Common Permissions

Wu, Zhiqiang, Chen, Xin, Khan, Muhammad Umair, and Lee, Scott Uk-Jin

IEEE ACCESS 2021

Abs Bib HTML

Application description analysis is applied for various purposes in software engineering domains. Besides the inherent challenges from the ambiguity of natural language, sparse permission semantics raise the difficulties of predicting functionalities and permission usages from app descriptions. More specifically, the functionalities common to the app’s category are intentionally abbreviated by developers due to the limited number of characters, and the permissions are often over-claimed. These are the main reasons that cause false positives in predicting permissions from app descriptions. Such unmentioned permissions can only be detected as suspicious in previous studies where effective assistance for developers in refining app descriptions and preventing potential security risks is not provided. In this paper, we propose the FideDroid, a framework to identify category-based common permissions to offset those essential functionalities while assessing the fidelity of app descriptions. Our framework augments the labeled dataset of app descriptions to improve the prediction of permissions. FideDroid compares inferred permissions with used ones to reveal the suspicious and unnecessary permissions based on the prediction. It helps developers to refine app descriptions and maintain permission usages. In our experiments on large real-world apps, we analyzed and revealed that the category-based common permissions may cover more unmentioned functionalities without considering all possible permissions during app description analysis. In addition, we discovered three factors causing the inconsistency between descriptions and permission usages to be: 1) human interventions in writing description; 2) bad practices on permission usages; and 3) prolific developers. These findings will facilitate developers to refine app descriptions and optimize permission usages in the apps.
@article{fidedroid, title = {Enhancing Fidelity of Description in Android Apps With Category-Based Common Permissions}, author = {Wu, Zhiqiang and Chen, Xin and Khan, Muhammad Umair and Lee, Scott Uk-Jin}, journal = {IEEE ACCESS}, year = {2021}, }
ACCESS
FCDP: Fidelity Calculation of Description-to-Permissions in Android Apps

Wu, Zhiqiang, Chen, Xin, and Lee, Scott Uk-Jin

IEEE ACCESS 2021

Abs Bib HTML

Mobile app descriptions have been widely used in app markets to deliver various types of information to end-users. Even though this information may implicitly expose the dangerous permissions that allow access to sensitive data, most users cannot correctly identify and interpret the corresponding textual sentences owing to insufficient knowledge regarding Android permissions and the semantics of app descriptions. It is therefore important to assist users in understanding whether an app description accurately reflects whether the app may request dangerous permissions. To this end, we propose an approach named Fidelity Calculation for Description-to-Permissions (FCDP). It is aimed at assisting app-market auditors in assessing whether an app description indicates all information related to dangerous permissions using a quantified fidelity for providing a high-quality description to mobile users. Furthermore, we experimentally investigate the effect of different factors on FCDP, and we demonstrate that FCDP outperforms the state-of-the-art method by over 3.65% in predicting description-to-permissions. By using 64,265 Android descriptions crawled from Google Play, our in-depth analysis further indicates that most app descriptions do not entirely disclose the semantics of dangerous permissions for mobile users in the wild. It is therefore quite urgent to assist app-market auditors in regulating description writing in this regard.
@article{description1, title = {FCDP: Fidelity Calculation of Description-to-Permissions in Android Apps}, author = {Wu, Zhiqiang and Chen, Xin and Lee, Scott Uk-Jin}, journal = {IEEE ACCESS}, year = {2021}, }

2020

ICISCA

Duplicate Code Detection Based on Geometric Center for IoT Application

Chen, Xin, Wu, Zhiqiang, and Lee, Scott Uk-Jin

In Proceedig of International Conference on Information System and Convergence Applications 2020

Abs

Internet of Things (IoT) is emerging as a force to be reckoned with on the internet and in the economy overall. Its applications developed in either Android OS or iOS for remotely operating IoT devices. Currently, since software engineers suffer from the lack of programming experience or deadline pressure, some snippets of code directly copied and pasted to other places for similar functionalities, which called duplicate code. Duplicate code is an essential code smell and leads to several adverse impacts of duplicate code in traditional software. Moreover, duplicate code may occupy more system resources in IoT applications that are unable to be afforded by IoT devices. In this paper, we propose a novel methodology to detect duplicate code based on the geometric center. The monotonicity of geometric center utilized to determine whether any pair-wise methods are duplicate, which gives the multiformity for detecting different types of duplicate code. This methodology not only effectively detects the duplicate code but also outperforms the result of prior research on coverage and time consumption.

2019

KSC

Permissions Smells Detection for IoT Applications on Android Platform

Wu, Zhiqiang, Chen, Xin, and Lee, Scott Uk-Jin

In Proceedings of Korea Software Congress 2019

Abs PDF

With the rapid development of the Internet of Things (IoT), the end-users may remotely control their IoT devices via their Android devices. The developers may request some unnecessary permissions and request sensitive permission access every time without checking the granted status, which leads to the risk of over privilege and privacy leakage. In this paper, we propose a methodology used to detect two kinds of permission smells on Android devices by similarity coefficient and depth-first search algorithm to assist the developers in detecting the Android-specific smells during development.
ICCST

Web Attack Detection Based on ResNet and RNN

Chen, Xin, Wu, Zhiqiang, and Lee, Scott Uk-Jin

In Proceedings of International Conference on Computational Sciences and Technologies 2019

Abs PDF

Web attack detection is an important part of web security. As our society already depends heavily on web technologies, web attacks can actually cause serious problems such as economic losses, data leakage, business interruption and even attacks on Internet of Thing devices that affect personal and social security. In order to prevent such disasters, we propose a web attack detection approach based on ResNet and Gate Recurrent Unit (GRU). In this approach, Word2vec is used to extract features of HTTP request URL with which detection model is trained using ResNet and GRU. As a result, our approach can greatly improve model training speed and web attack detection accuracy and recall.
ICISCA

Identifying Latent Android Malware from Application’s Description using LSTM

Wu, Zhiqiang, Chen, Xin, and Lee, Scott Uk-Jin

In Proceedings of 6th International Conference on Information, System and Convergence Applications 2019

Abs PDF

Android is the most popular mobile system in the world where many applications provide convenient and diverse functions on top of it for our daily lives. However, a new Android malware is revealed every 10 seconds and the official application markets still consists of malicious and undetected applications due to the limitation of the existing malware detection techniques. In this paper, we propose an approach to identify the latent Android malware from application’s description using Long Short-Term Memory (LSTM) technique. The actual permissions requested by source code and permissions predicted from the description using semantics analysis to are compared to verify the consistency. If an application requests a permission undeclared in the description or homogeneous applications, it will be considered as a latent Android malware. This approach can surely provide more secure environment for the end-users before they install the applications.
KSCI

Permissions based Automatic Android Malware Repair using Long Short-Term Memory

Wu, Zhiqiang, Chen, Xin, and Lee, Scott Uk-Jin

In Proceedings of Korean Society of Computer Information Conference 2019

Abs PDF

As malicious apps vary significantly across Android malware, it is challenging to prevent that the end-users download apps from unsecured app markets. In this paper, we propose an approach to classify the malicious methods based on permissions using Long Short-Term Memory (LSTM) that is used to embed the semantics among Intent and permissions. Then the malicious method that is an unsecured method will be removed and re-uploaded to official market. This approach may induce that the end-users download apps from official markets in order to reduce the risk of attacks.

2018

JATIT

Classification of Concurrent Anomalies for IoT Software based Support Vector Machine

Wu, Zhiqiang, Abbas, Asad, Chen, Xin, and Lee, Scott Uk-Jin

Journal of Theatrical and Applied Information Technology Feb 2018

Abs PDF

Internet of Thing (IoT) can connect anyone with anything at any point in any place. Currently, growing number of IoT devices have become a major role of daily life owing to their convenience. The IoT devices usually controlled by Web applications and mobile applications, which will process lots of events from user’s controller to devices. Hence, such software is a kind of concurrent program in IoT environment because the software is unable to simultaneously process these events, which may cause the concurrent issue. There is event-drive model in either Web application or mobile applications, which is unable to easily detect the concurrent anomaly by existing approaches due to the non-determined of execution and hardly reproduced by the same sequence. The previous techniques of concurrent detection are excessive limitations that only used for one of concurrent anomaly with the large number of false positive. In this paper, we describe a novel methodology to dynamically classify two types of concurrent anomalies for IoT software. According to the executable sequence graph, we generate the training and test examples for classification. The vectorization features are classified by Support Vector Machine (SVM) with Gaussian kernel. The SVM will predict the concurrent state of current executable example. As a result, the optimal true positive of simulation is 80% in our experiment which is a higher accuracy than others.

2017

IWCIT

Testing and Evaluation of Free/Open Source Web Vulnerability Scanners for IoT Web Applications

Chen, Xin, Wu, Zhiqiang, and Lee, Scott Uk-Jin

In Proceedings of International Workshop on Convergence Information Technology Feb 2017
Thesis

Support Vector Machine Based Concurrency Anomaly Classification for Mobile Applications

Wu, Zhiqiang

Aug 2017

Abs HTML

Mobile applications became integral part of our daily life as they provide excellent portability and convenience. Growing number of features in mobile applications enables diverse user actions, sensors data and information to be inputted using various operations. Since mobile applications are event-driven programs, it is very difficult to detect concurrency anomaly with existing methodologies and tool supports due to the non-deterministic executions and difficulties in reproducing execution sequences for testing. The existing techniques of concurrent anomaly detection are very limited as they are often focused on detecting a specific concurrent anomaly without providing a generic approach. Furthermore, they produce large number of false positive in their detection results. Therefore, we propose a novel technique to dynamically classify concurrent anomalies for event-driven applications. According to control flow graph and vector clocks, we manually generate the training and test examples for classification using support vector machine with Gaussian kernel. The support vector machine will effectively predict whether the application under test is anomaly or not. We also have conducted experiments to determined accuracy of the proposed methodology. As result, the accuracy of proposed prediction methodology reached 80% with 20% of false positive rate. When compared with other related works, the proposed methodologies with machine learning technique is proven to be more efficient and effective.
ICCCA

Multiple Concurrency Anomalies Classification for Mobile Applications using Support Vector Machine

Wu, Zhiqiang, Abbas, Asad, and Lee, Scott Uk-Jin

In Proceedings of International Conference on Computing Convergence and Applications Aug 2017

Abs PDF

Mobile applications are integral part of daily life due to their portability and convenience. In recent research, mobile applications are facing the uniqueness of approach for specific anomaly and large number of false positive. In this study, we propose Support Vector Machine (SVM) based concurrency anomaly classification approach to dynamically to classify multiple concurrency anomaly with vector clocks. We proposed anomalies classification for mobile applications to detect the potential exception and reduce the false positive in runtime.
ICCCA

Contextual Variability Management for Multi-Software Product Line

Abbas, Asad, Siddiqui, Isma Farah, Wu, Zhiqiang, Siddiqui, Mohsin Javaid, and Lee, Scott Uk-Jin

In Proceedings of International Conference on Computing Convergence and Applications Aug 2017

Abs PDF

Software Product Line (SPL) is used for the development of multiple products from same domain with reusability of existing resources. Feature model is used to manage the existing resources of SPL with predefined notations and relationships such as mandatory and variable features. Multiple SPLs that have common features with own contextual presence in domain repository needs to be managed efficiently to increase the reusability and development process. In this paper, we have proposed effective approach for the composition of multiple SPLs that have common resources in repository. Our proposed composition process follows the three steps procedure. The impact of composition on application development is less cost and time, and increase the reusability.

2016

KCC

The Application of Banker’s Algorithm in Order Scheduling Management for Deadlock Avoidance

Wu, Zhiqiang, and Lee, Scott Uk-Jin

In Proceedings of 2016 Korea Computer Comprehensive Congress Aug 2016

Abs PDF

Order Scheduling in product supply chain is an important activity to adequately manage cash flow for supplier. However, in current order scheduling, deadlock may appear when managing multiple supply chain flows simultaneously. This paper proposes a deadlock avoidance method for order scheduling in product supply chain system by adopting Banker’s algorithm which is a commonly used in operating systems for deadlock avoidance. After thorough analysis and comparisons, Banker’s algorithm is utilized to manage order scheduling in product supply chain instead of managing memories in operating systems. As a result, order scheduling can be managed effectively with dramatically less chances of deadlock when handling multiple orders. To verify the proposed method, SPIN is used to simulate and verify the correctness.
ICISCA

Challenges of Multi-Objective Optimization in Feature Model of Software Product Line

Abbas, Asad, Wu, Zhiqiang, Siddiqui, Isma Farah, and Lee, Scott Uk-Jin

In Proceedings of 3rd International Conference on Information, System and Convergence Applications Aug 2016

Abs PDF

Development of specific product with high reusability of existing resources, Software Product Line (SPL) is vastly used. Feature model is used to maintain the features of SPL in systematic way with common and variable features. Variable features differentiate the products of SPL domain. Optimization is required to find all possible combination of features for specific product under constraints and requirement of stakeholder. Multiple requirements and objectives from stakeholder make it hard to select best feature selection. Different multiobjective optimization algorithms are used in industry to get best optimized feature selection from feature model. In this paper we identify challenges and issues after systematic review of popular algorithms and their optimized results in large and small scale feature models.
IJST

An Approach for Optimized Feature Selection in Software Product Line using Union-Find and Genetic Algorithms

Abbas, Asad, Wu, Zhiqiang, Siddiqui, Isma Farah, and Lee, Scott Uk-Jin

Indian Journal of Science and Technology May 2016

Abs PDF

In a complete theory there is an element corresponding to each element of reality. A sufficient condition for the reality of a physical quantity is the possibility of predicting it with certainty, without disturbing the system. In quantum mechanics in the case of two physical quantities described by non-commuting operators, the knowledge of one precludes the knowledge of the other. Then either (1) the description of reality given by the wave function in quantum mechanics is not complete or (2) these two quantities cannot have simultaneous reality. Consideration of the problem of making predictions concerning a system on the basis of measurements made on another system that had previously interacted with it leads to the result that if (1) is false then (2) is also false. One is thus led to conclude that the description of reality as given by a wave function is not complete.
ICICTS

Optimized Feature selection with Crosscutting Concerns in Software Product Line Feature Model

Abbas, Asad, Wu, Zhiqiang, Siddiqui, Isma Farah, and Lee, Scott Uk-Jin

In Proceedings of 2nd International Conference on Information and Convergence Technology for Smart Society May 2016

Abs PDF

Software Product Line Engineering (SPLE) is best paradigm to build new products with high reusability from existing resources. Feature model is commonly used for resource management with variable and common features under product line. Key idea of feature model is to manage commonalities and variabilities of resources with mandatory, alternative and optional features. Crosscutting concerns are tangled and scattered in overall system which reduce the reusability of resources because of dependency with other features. At modeling level, the identification of these features is an important task to construct them as a separate aspect module. As a result, the addition or deletion of these aspects do not affect the system. In this paper we present: (1) an approach to find crosscutting concerns by using union-find algorithm, (2) genetic algorithm for optimized feature selection with resource constraints and crosscutting concerns.

2015

KCC

An Effect Attendance Management System Based on Browser/Server Technique

Wu, Zhiqiang, Kim, Seonwoong, Ariffin, Abdul Rahim Mohamed, and Lee, Scott Uk-Jin

In Proceedings of 18nd Korea Computer Congress May 2015

Abs PDF

This paper proposes a convenient and efficient attendance system using Browser/Server(B/S) technique. The system enables the management of attendance records through the use of Hyper Text Markup Language (HTML) 5 and Radio Frequency Identification (RFID). The existing attendance systems lacks efficiency as they require students to manually sign the attendance list. As a result, students often skip lectures after signing the list causing false attendance to be recorded. Therefore, this system proposes automatic capture of student’s photo with web-camera when students check their card at RFID reader. Such system provides great help to the lecturers to keep track of students’ attendance records correctly.