Seminar für Diplomand_innen Methods and Paper analysis

Methods in HPC/Distributed Systems

Quantitative

Requirements Engineering

Which parts do we have? Computation component, Communication component
Who are the stakeholders?

City of Vienna
Asfinag

Data Science

Object detection with AI/ML
Data analysis, Mean Squared Error

Software Engineering

Implementation of the prototype
Rapid prototyping
Throw-away-prototyping (used extensivly in particular in research!)

Qualitative

Interviews with the participants

Interview with Asfinag

Discussion:

Data Science
Empirical studies
Machine Learning

Q-Learning

Theoretical Models:

Markov decision processes

Evaluation:

Comparative Studies
theoretical analysis
complexity analysis
Benchmarks

Design Science, Ontology Engineering, SLR (Systematic Literature Review)

Behaviorial Research

Understand how things are

Constructive Research (DS)

Change things as they are by creation

Design Science Method

creates and evaluates IT artifacts intended to solve identified organizational problems as part of a core “Design Cycle”
Problem Solving
Creates new Artifacts (building and evaluation)

Constructs (vocabulary and symbols)
Models (abstractions and representations)
Methods (algorithms and practices)
Instantiations (implemented and prototype systems)

Systematic Literature Review / Systematic Mapping Study

Identify, analyse and interpret all available evidence related to a specific research question
Systematic Literature Review: done in good researched area where there are lots of studies available
Systematic Mapping Study: for booming research areas where you want to known what are the major known things and questions

Ontology:

Formal, explicit specification of a shared conceptualization (= Abstract model of some phenomena in the world

Taxonomy: a controlled vocabulary organized into a hierarchical structure.

Survey, Interview, Focus groups, Cognitive walkthrough, Usability testing, Grounded theory, hypothesis testing, Scales, Physiological parameters

Research Methods
Prototyping

Low-Fi Prototypes: At the beginning, Functionality, early user tests, no final design
High-Fi Prototypes: Look & Feel of final prototype
Wizard of Oz

User-based evaluation of unimplemented technology
Unknown to the user that a human or team is simulating some or particular functionality of the system

Human-centered design

Interface & Interaction Design

Research Questions – Hypothesis – Operationalization of Concepts
User study – Online study
Quantitative Measures

Scales,
Survey
Physiological parameters

Qualitative Measures

Interview
Focus groups
Usability testing
Cognitive walkthrough: A formative analytical evaluation and simulation process that takes a list of questions surveying experts while completing tasks
Grounded theory

Formal Methods, Security and Privacy

Formal vs Applied Research Methods

Formal Methods

Formally prove security
Based on Security definitions, semantic models and verification techniques
Examples: Model checking, Web Protocol Security Enforcer (formalize intended message flow)

Applied (System) Security

Passive / active Measurements
Static Program Analysis
Dynamic Program Analysis
Dynamic Analysis and Differential Testing

Benchmarking

An empirical and holistic perspective to methodology in engineering sciences

Paperanalysis

Paper 1 - Automated Driving System, Male, or Female Driver

Method	Where found	Description
Survey / Questionnaires	PANAS	“State 3 positive and 3 negative aspects on”
RESEARCH QUESTIONS	Page 2
Wizard of Oz	Page 3	Wizard of Oz Prototypes. The course was predefined but people believed it were the actions of their human drivers
Quantitative online Measurement (Stress): Physiological sensing (ECG)	Page 3	“How stressed are passengers with different types of drivers?”
Kruskal-Wallis test^[a]	Page 4
Pattern Recognition	Page 4	From the paper: “In order to reduce data processing load, we extracted a single frame for every second of recorded video and used a C# program to classify the image according to the specification in the API documentation.”
Classification	Page 4	Classified the found results
Survey with Scale	Page 4	Standardized Survey with a 5 point scale from “Very slightly or not at all” to “Extremely”
Post/Pre Test Measurements	Page 5	Circumplex Model
Interviews	Page 6

Paper 2 - Exploring Enterprise Knowledge Graphs: a Use Case in Software Engineering

Method	Where found	Description
Research Questions	Page 2	“RQ1: How to implement exploratory search on EKGs?”, “RQ2: How to identify suitable relatedness metrics?”, “RQ3: Are explanations derived from the EKG helpful?”
Use Case Analysis	Page 3-4
Prototype	Page 3	“we designed, implemented and deployed the Semantic Search for Architectural ^Knowledge (STAR) prototype”
Ontology Engineering	Page 5	“To construct the STAR ontology, in an initial scoping workshop system purpose,”
Requirement Engineering	Page 5	“in an initial scoping workshop system purpose, use cases, and competency questions were clarified” ^[b]
Comparative Evaluation	Page 7	6.1 Comparative Evaluation of Relatedness Metrics We use statistical methods to compare the overall behaviour of the two metrics over the entire EKG
User Based Evaluation (including Survey with Scale)	Page 7-9	6.2 User Based Evaluation “Study task. Participants were shown pattern pairs, their descriptions and (for half of the dataset) an explanation of how their relatedness was derived. They were asked to rank the pairs relatedness on a 5-point scale (1 completely unrelated; 5 very related)
Experimental Evaluation Method	Page 8-9	Evaluation with experiment-data-set and check quality / usefulness of results

Paper 3 - The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle

Appendices not analysed/read

Method	Where found	Description
Research Questions	Page 2	“RQ1: Is IoT malware different than traditional malware? • RQ2: Are current anti-malware techniques effective against IoT malware?”
Empirical studies	Page 2	“This work seeks to investigate this matter by systematically and empirically studying the lifecycle of IoT malware and comparing it with traditional malware that target desktop and mobile platforms. We present a large-scale measurement of more than 166K Linux-based IoT malware samples collected over a year.”
(not sure if applies here) Ontology^[c]^[d]^[e]	Page 2, 3	Second, we use our framework to systematize 25 papers that study traditional malware. We study 25 papers from prior works to qualitatively derive subcategories under each component, which are in Appendix A. For example, we cite the work of Holz et al. [42] to support the use of drive-by downloads in desktop malware and their distribution networks. Moreover, we use the MITRE ATT&CK taxonomy to derive additional subcategories that are not found in prior work but are documented by security companies.
Qualitative Measures: Analyse of Malware/Code	Page 2, 6	For RQ2, we qualitatively evaluate how traditional anti-malware techniques work and judge their efficacy based on empirical observations from the IoT malware ecosystem.
Software Engineering: Code/Framework	Page 2	First, we propose a novel analysis framework that captures the threat lifecycle of IoT malware, which considers the infection vectors, payload properties, persistence methods, capabilities, and C&C infrastructure.
(not sure if legit method) Data Science: Publishing Data	Page 2	Third, we characterize IoT malware by examining more than 166K samples spanning 6 different system architectures collected over a year.
Literature Research	Page 2	Second, we use our framework to systematize 25 papers that study traditional malware.
Baselining	Page 6	“For network artifacts, we collected network traffic from the VM for 72 hours without executing any malware. We then filter out any traffic that matches the baseline or bogon networks”
Quantitative Measures: Statistics (to Malware) (Somewhat in included in Empirical studies	Page 7	However, we were not able to build a VM for M68K architecture due to legacy code incompatibility, therefore, we only considered the M68K samples for static analysis.
Qualitative Measures: DNS Analysis(to Malware)	Page 12	Approximately 50 minutes later, based on pDNS first seen resolution, the domain is detected and reported to URLHaus.

Vowi Questions:

(https://vowi.fsinf.at/wiki/TU_Wien:Seminar_f%C3%BCr_Diplomand_innen_f%C3%BCr_Software_Engineering_%26_Internet_Computing_SE_(Brandic)/Test_WS21)

These questions must be answered with TRUE/FALSE:

All italics are suggestions and I am not 100% sure

Does the paper "Automated Driving System, Male, or Female Driver: Who’d You Prefer? Comparative Analysis of Passengers’ Mental Conditions, Emotional States & Qualitative Feedback" contain "User study" as one of the methodologies?

TRUE

FALSE^[f]^[g]

TRUE

FALSE

TRUE^[h]

Does the paper "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" contain "Differential Analysis" as one of the methodologies?

TRUE

Does the paper "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" contain "Passive Measurements" as one of the methodologies?

TRUE

Does the paper "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" contain "Dynamic Program Analysis" as one of the methodologies?

TRUE

Does the paper "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" contain "Active Measurements" as one of the methodologies?

FALSE^[i]^[j]^[k]^[l]^[m]^[n](?)

Does the paper "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" contain "Model Checking" as one of the methodologies?

FALSE(?)

Does the paper "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" contain "Benchmarking" as one of the methodologies?

FALSE

Does the paper "Exploring Enterprise Knowledge Graphs: A Use Case in Software Engineering" contain "Ontology Engineering" as one of the methodologies?

TRUE

Does the paper "Exploring Enterprise Knowledge Graphs: A Use Case in Software Engineering" contain "Systematic Literature Review" as one of the methodologies?

TRUE^[o]^[p] FALSE

Does the paper "Exploring Enterprise Knowledge Graphs: A Use Case in Software Engineering" contain "design science/relevance" as one of the methodologies?

FALSE^[q]^[r] TRUE

Does the paper "Exploring Enterprise Knowledge Graphs: A Use Case in Software Engineering" contain "design science/rigour" as one of the methodologies?

TRUE^[s]^[t]

Does the paper "Exploring Enterprise Knowledge Graphs: A Use Case in Software Engineering" contain "theorem proving" as one of the methodologies?

FALSE

Does the paper "Exploring Enterprise Knowledge Graphs: A Use Case in Software Engineering" contain "dynamic bayesian networks" as one of the methodologies?

FALSE

[a]ANOVA as well?

[b]Unsure if Requirement Engineering is valid here or it is just Ontology Engineering

[c]More likely a taxonomy because there are no other relations and constraints?

[d]I agree, i think this should be taxonomy or classification

[e]Found this paper explaining the differences of Ontology/Classification/Taxonomy:

https://www.cs.auckland.ac.nz/research/conferences/w78/papers/W78-37.pdf

[f]Is this false because the prototype used does not look/feel like the final product and is therefor a low-fi prototype?

[g]See section LIMITATIONS AND FUTURE WORK:

"Comparedto today’s standards in computer graphics (e. g., computergames), the rendering of the environment shown in thedriver simulator could have been more realistic."-> low-fidelity graphics -> low fidelity prototype

[h]I would opt for False, as I fail to see the authors creating any form of abstract theory that explains what would or would not lead to a preference of female/male/automated.

[i]I would agree with this since data was only collected passively or taken from datasetsand no network devices were scanned or tested for vulnerabilities.

But don't quote me on that.

[j]Assuming the question is about active and passive _network_ measurements as the slides hint at, I would agree with FALSE, as they only record network traffic and don't scan the C&C IPs or similar active reconnaissance

[k]Don't they collect Data with network traces etc. in the Dynamic analysis part of the Paper?

[l]It should have been true, according to their evaluation

[m]I am really unsure about that. From my point of view, executing malware to cause syscalls and network traffic is active.

[n]I would argue that active measurements only concerns real network traffic analysis. In this case this seems to be traffic of a test VM as part of dynamic binary analysis.

[o]Ofc there was literature research done in this paper, but i cannot see "Systematic Literature Review"

[p]Ah yes, I see your point. If this questions would be asked for the paper "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" it would be true, imho.

but yes, here FALSE makes more sense

[q]I would answer TRUE since Siemens is presented as relevant business case

[r]I see it as you: "To refine the ontology, several iterations were performed with Siemens partners to validate the relevance and usefulness of these concepts for the use case"

[s]Could someone explain to me why this is true?

[t]I think because the solution is build up onto something existing and using existing knowledge of architecture

Methods in HPC/Distributed Systems

Quantitative

Qualitative

Discussion:

Design Science, Ontology Engineering, SLR (Systematic Literature Review)

Survey, Interview, Focus groups, Cognitive walkthrough, Usability testing, Grounded theory, hypothesis testing, Scales, Physiological parameters

Formal Methods, Security and Privacy

An empirical and holistic perspective to methodology in engineering sciences

Paperanalysis

Paper 1 - Automated Driving System, Male, or Female Driver

Paper 2 - Exploring Enterprise Knowledge Graphs: a Use Case in Software Engineering

Paper 3 - The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle

Vowi Questions: