https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
Alternative names
Publications (10 of 115) Show all publications
Yasin, A., Fatima, R., Khan, J. A. & Afzal, W. (2024). Behind the Bait: Delving into PhishTank's hidden data. Data in Brief, 52, Article ID 109959.
Open this publication in new window or tab >>Behind the Bait: Delving into PhishTank's hidden data
2024 (English)In: Data in Brief, E-ISSN 2352-3409, Vol. 52, article id 109959Article in journal (Refereed) Published
Abstract [en]

Phishing constitutes a form of social engineering that aims to deceive individuals through email communication. Extensive prior research has underscored phishing as one of the most commonly employed attack vectors for infiltrating organizational networks. A prevalent method involves misleading the target by employing phishing URLs concealed through hyperlink strategies. PhishTank, a website employing the concept of crowd-sourcing, aggregates phishing URLs and subsequently verifies their authenticity. In the course of this study, we leveraged a Python script to extract data from the PhishTank website, amassing a comprehensive dataset comprising over 190,0000 phishing URLs. This dataset is a valuable resource that can be harnessed by both researchers and practitioners for enhancing phish- ing filters, fortifying firewalls, security education, and refining training and testing models, among other applications. 

Place, publisher, year, edition, pages
Elsevier Inc., 2024
Keywords
Artificial intelligence, Computer security, Dataset, Email security, Phished URL, Social engineering, Web security, Application programs, Computer crime, Electronic mail, Hypertext systems, Security of data, Statistical tests, Attack vector, E-mails security, Email communication, Hyperlinks, Organizational network, Phishing, Websites
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-65239 (URN)10.1016/j.dib.2023.109959 (DOI)001142588900001 ()2-s2.0-85180539147 (Scopus ID)
Available from: 2024-01-03 Created: 2024-01-03 Last updated: 2024-01-31Bibliographically approved
Yasin, A., Fatima, R., JiangBin, Z., Afzal, W. & Raza, S. (2024). Can serious gaming tactics bolster spear-phishing and phishing resilience?: Securing the human hacking in Information Security. Information and Software Technology, 170, Article ID 107426.
Open this publication in new window or tab >>Can serious gaming tactics bolster spear-phishing and phishing resilience?: Securing the human hacking in Information Security
Show others...
2024 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 170, article id 107426Article in journal (Refereed) Published
Abstract [en]

Context: In the digital age, there is a notable increase in fraudulent activities perpetrated by social engineers who exploit individuals’ limited knowledge of digital devices. These actors strategically manipulate human psychology, targeting IT devices to gain unauthorized access to sensitive data. Objectives: Our study is centered around two distinct objectives to be accomplished through the utilization of a serious game: (i) The primary objective entails delivering training and educational content to participants with a focus on phishing attacks; (ii) The secondary objective aims to heighten participants’ awareness regarding the perils associated with divulging excessive information online. Methodology: To address these objectives, we have employed the following techniques and methods: (i) A comprehensive literature review was conducted to establish foundational knowledge in areas such as social engineering, game design, learning principles, human interaction, and game-based learning; (ii) We meticulously aligned the game design with the philosophical concept of social engineering attacks; (iii) We devised and crafted an advanced hybrid version of the game, incorporating the use of QR codes to generate game card data; (iv) We conducted an empirical evaluation encompassing surveys, observations, discussions, and URL assessments to assess the effectiveness of the proposed hybrid game version. Results: Quantitative data and qualitative observations suggest the “PhishDefend Quest” game successfully improved players’ comprehension of phishing threats and how to detect them through an interactive learning experience. The results highlight the potential of serious games to educate people about social engineering risks. Conclusion: Through the evaluation, we can readily arrive at the following conclusions: (i) Game-based learning proves to be a viable approach for educating participants about phishing awareness and the associated risks tied to the unnecessary disclosure of sensitive information online; (ii) Furthermore, game-based learning serves as an effective means of disseminating awareness among participants and players concerning prevalent phishing attacks.

Place, publisher, year, edition, pages
Elsevier B.V., 2024
Keywords
Education, Human factor in security, Information security, Phishing attack, Scam, Serious game, Computer crime, Cybersecurity, Digital devices, Ethical technology, Game design, Sensitive data, Digital age, Game-based Learning, Phishing, Phishing attacks, Serious gaming, Social engineering, Spear phishing, Serious games
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-66282 (URN)10.1016/j.infsof.2024.107426 (DOI)2-s2.0-85187177892 (Scopus ID)
Note

Article; Export Date: 20 March 2024; Cited By: 0; Correspondence Address: W. Afzal; School of Innovation, Design and Engineering, Mälardalen University, Västerås, Sweden; email: wasif.afzal@mdu.se; CODEN: ISOTE

Available from: 2024-03-20 Created: 2024-03-20 Last updated: 2024-03-20Bibliographically approved
Zafar, M. N., Afzal, W. & Enoiu, E. P. (2023). An Empirical Evaluation of System-Level Test Effectiveness for Safety-Critical Software. In: International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings: . Paper presented at 18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023, Prague, Czech Republic, 24/4-25/4, 2023 (pp. 293-305). Science and Technology Publications, Lda
Open this publication in new window or tab >>An Empirical Evaluation of System-Level Test Effectiveness for Safety-Critical Software
2023 (English)In: International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings, Science and Technology Publications, Lda , 2023, p. 293-305Conference paper, Published paper (Refereed)
Abstract [en]

Combinatorial Testing (CT) and Model-Based Testing (MBT) are two recognized test generation techniques. The evidence of their fault detection effectiveness and comparison with industrial state-of-the-practice is still scarce, more so at the system level for safety-critical systems, such as those found in trains. We use mutation analysis to perform a comparative evaluation of CT, MBT, and industrial manual testing in terms of their fault detection effectiveness using an industrial case study of the safety-critical train control management system. We examine the fault detection rate per mutant and relationship between the mutation scores and structural coverage using Modified Condition Decision Coverage (MC/DC). Our results show that CT 3-ways, CT 4-ways, and MBT provide higher mutation scores. MBT did not perform better in detecting 'Logic Replacement Operator-Improved' mutants when compared with the other techniques, while manual testing struggled to find 'Logic Block Replacement Operator' mutants. None of the test suites were able to find 'Time Block Replacement Operator' mutants. CT 2-ways was found to be the least effective test technique. MBT-generated test suite achieved the highest MC/DC coverage. We also found a generally consistent positive relationship between MC/DC coverage and mutation scores for all test suites.

Place, publisher, year, edition, pages
Science and Technology Publications, Lda, 2023
Keywords
Fault Detection Effectiveness, Safety-Critical Software, System-Level Tests
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-62926 (URN)10.5220/0011756800003464 (DOI)001119034200025 ()2-s2.0-85160537558 (Scopus ID)9789897586477 (ISBN)
Conference
18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023, Prague, Czech Republic, 24/4-25/4, 2023
Available from: 2023-06-07 Created: 2023-06-07 Last updated: 2024-01-17Bibliographically approved
Salari, M. E., Enoiu, E. P., Afzal, W. & Seceleanu, C. (2023). An Empirical Investigation of Requirements Engineering and Testing Utilizing EARS Notation in PLC Programs. Paper presented at Springer Nature Journal’s Special issue on Topical Issue on Advances inCombinatorial and Model-based Testing 2023. Springer Nature Journal’s Special issue on Topical Issue on Advances in Combinatorial and Model-based Testing 2023
Open this publication in new window or tab >>An Empirical Investigation of Requirements Engineering and Testing Utilizing EARS Notation in PLC Programs
2023 (English)In: Springer Nature Journal’s Special issue on Topical Issue on Advances in Combinatorial and Model-based Testing 2023Article in journal (Refereed) Submitted
Abstract [en]

Regulatory standards for engineering safety-critical systems often demand both traceable requirements and specification-based testing, during development. Requirements are often written in natural language, yet for specification purposes, this may be supplemented by formal or semi-formal descriptions, to increase clarity. However, the choice of notation of the latter is often constrained by the training, skills, and preferences of the designers.

The Easy Approach to Requirements Syntax (EARS) addresses the inherent imprecision of natural language requirements with respect to potential ambiguity and lack of accuracy. This paper investigates requirements specification using EARS, and specification-based testing of embedded software written in the IEC 61131-3 language, a programming standard used for developing Programmable Logic Controllers (PLC). Further, we study, by means of an experiment, how human participants translate natural language requirements into EARS and how they use the latter to test PLC software. We report our observations during the experiments, including the type of EARS patterns participants use to structure natural language requirements and challenges during the specification phase, as well as present the results of testing based on EARS-formalized requirements in real-world industrial settings.

Place, publisher, year, edition, pages
Springer Nature, 2023
Keywords
EARS, Requirement Engineering, PLC, Testing
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-66350 (URN)
Conference
Springer Nature Journal’s Special issue on Topical Issue on Advances inCombinatorial and Model-based Testing 2023
Projects
VeriDevOps, SmartDelta
Available from: 2024-04-02 Created: 2024-04-02 Last updated: 2024-04-04Bibliographically approved
Salari, M. E., Enoiu, E. P., Afzal, W. & Seceleanu, C. (2023). An Experiment in Requirements Engineering and Testing using EARS Notation for PLC Systems. In: Proceedings - 2023 IEEE 16th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023: . Paper presented at 16th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023, Dublin, Ireland, 16 April 2023 through 20 April 2023 (pp. 10-17). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>An Experiment in Requirements Engineering and Testing using EARS Notation for PLC Systems
2023 (English)In: Proceedings - 2023 IEEE 16th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 10-17Conference paper, Published paper (Refereed)
Abstract [en]

Regulatory standards for engineering safety-critical systems often demand both traceable requirements and specification-based testing, during development. Requirements are often written in natural language, yet for specification purposes, this may be supplemented by formal or semi-formal descriptions, to increase clarity. However, the choice of notation of the latter is often constrained by the training, skills, and preferences of the designers.The Easy Approach to Requirements Syntax (EARS) addresses the inherent imprecision of natural language requirements with respect to potential ambiguity and lack of accuracy. This paper investigates requirement formalization using EARS and specification-based testing of embedded software written in the IEC 61131-3 language, a programming standard used for developing Programmable Logic Controllers (PLC). Further, we investigate, by means of an experiment, how human participants translate natural language requirements into EARS and how they use the latter to test PLC software. We report our observations during the experiments, including the type of EARS patterns participants use to structure natural language requirements and challenges during the specification phase, as well as present the results of testing based on EARS-formalized requirements.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
EARS, PLC, Requirement Engineering, Testing, Natural language processing systems, Safety engineering, Safety testing, Software testing, Specifications, Well testing, Controller systems, Easy approach to requirement syntax, Engineering safety, Natural language requirements, Natural languages, Regulatory standards, Safety critical systems, Specification Based Testing, Traceable requirements, Programmable logic controllers
National Category
Software Engineering
Identifiers
urn:nbn:se:mdh:diva-63856 (URN)10.1109/ICSTW58534.2023.00016 (DOI)001009223100002 ()2-s2.0-85163061454 (Scopus ID)9798350333350 (ISBN)
Conference
16th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023, Dublin, Ireland, 16 April 2023 through 20 April 2023
Available from: 2023-07-12 Created: 2023-07-12 Last updated: 2023-08-16Bibliographically approved
Salari, M. E., Enoiu, E. P., Seceleanu, C., Afzal, W. & Sebek, F. (2023). Automating Test Generation of Industrial ControlSoftware through a PLC-to-Python Translation Framework and Pynguin. In: APSEC 2023: 30th Asia-Pacific Software Engineering Conference, Dec 4, 2023 - Dec 7, 2023, Seoul, South Korea: . Paper presented at APSEC 2023: 30th Asia-Pacific Software Engineering Conference, Software Engineering in Practice (SEIP) Track.
Open this publication in new window or tab >>Automating Test Generation of Industrial ControlSoftware through a PLC-to-Python Translation Framework and Pynguin
Show others...
2023 (English)In: APSEC 2023: 30th Asia-Pacific Software Engineering Conference, Dec 4, 2023 - Dec 7, 2023, Seoul, South Korea, 2023Conference paper, Published paper (Refereed)
Abstract [en]

Numerous industrial sectors employ Programmable Logic Controllers (PLC) software to control safety-critical systems. These systems necessitate extensive testing and stringent coverage measurements, which can be facilitated by automated test-generation techniques. Existing such techniques have not been applied to PLC programs, and therefore do not directly support the latter regarding automated test-case generation. To address this deficit, in this work, we introduce PyLC, a tool designed to automate the conversion of PLC programs to Python code, assisted by an existing test generator called Pynguin. Our framework is capable of handling PLC programs written in the Function Block Diagram language. To demonstrate its capabilities, we employ PyLC to transform safety-critical programs from industry and illustrate how our approach can facilitate the manual and automatic creation of tests. Our study highlights the efficacy of leveraging Python as an intermediary language to bridge the gap between PLC development tools, Python-based unit testing, and automated test generation.

Keywords
PyLC, PLC, Python, Testing, Code translation, automated testing
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-66349 (URN)
Conference
APSEC 2023: 30th Asia-Pacific Software Engineering Conference, Software Engineering in Practice (SEIP) Track
Projects
VeriDevOps
Available from: 2024-04-02 Created: 2024-04-02 Last updated: 2024-04-04Bibliographically approved
Arshad, I., Alsamhi, S. H. & Afzal, W. (2023). Big Data Testing Techniques: Taxonomy, Challenges and Future Trends. Computers, Materials and Continua, 74(2), 2739-2770
Open this publication in new window or tab >>Big Data Testing Techniques: Taxonomy, Challenges and Future Trends
2023 (English)In: Computers, Materials and Continua, ISSN 1546-2218, E-ISSN 1546-2226, Vol. 74, no 2, p. 2739-2770Article in journal (Refereed) Published
Abstract [en]

Big Data is reforming many industrial domains by providing decision support through analyzing large data volumes. Big Data testing aims to ensure that Big Data systems run smoothly and error-free while maintaining the performance and quality of data. However, because of the diversity and complexity of data, testing Big Data is challenging. Though numerous research efforts deal with Big Data testing, a comprehensive review to address testing techniques and challenges of Big Data is not available as yet. Therefore, we have systematically reviewed the Big Data testing techniques’ evidence occurring in the period 2010–2021. This paper discusses testing data processing by highlighting the techniques used in every processing phase. Furthermore, we discuss the challenges and future directions. Our findings show that diverse functional, non-functional and combined (functional and non-functional) testing techniques have been used to solve specific problems related to Big Data. At the same time, most of the testing challenges have been faced during the MapReduce validation phase. In addition, the combinatorial testing technique is one of the most applied techniques in combination with other techniques (i.e., random testing, mutation testing, input space partitioning and equivalence testing) to find various functional faults through Big Data testing.

Place, publisher, year, edition, pages
Tech Science Press, 2023
Keywords
Big data, testing process, testing techniques, Data handling, Decision support systems, Equivalence classes, Software testing, Testing, Data systems, Data testing, Decision supports, Future trends, Large data volumes, Non-functional, Performance, Quality of data, Testing technique
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-61063 (URN)10.32604/cmc.2023.030266 (DOI)000961024400026 ()2-s2.0-85141892794 (Scopus ID)
Available from: 2022-11-30 Created: 2022-11-30 Last updated: 2023-05-02Bibliographically approved
Arrieta, A., Sagardui, G., Agirre, A., Afzal, W. & Ali, S. (2023). DevOps for Cyber-Physical Systems: Objectives, Results and Lessons Learned from the Adeptness H2020 Project. In: Proc. - Euromicro Conf. Digit. Syst. Des., DSD: . Paper presented at Proceedings - 2023 26th Euromicro Conference on Digital System Design, DSD 2023 (pp. 184-189). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>DevOps for Cyber-Physical Systems: Objectives, Results and Lessons Learned from the Adeptness H2020 Project
Show others...
2023 (English)In: Proc. - Euromicro Conf. Digit. Syst. Des., DSD, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 184-189Conference paper, Published paper (Refereed)
Abstract [en]

While most large web-based software systems (e.g., Amazon, Google) release a new software version every almost a minute, in the context of Cyber-Physical Systems (CPSs), this is still far. However, the software of CPSs needs to evolve while these are in operation to fix bugs, add new functionalities, carry out refactoring activities and deal with unforeseen situations that were discovered while the CPS was operating. In the last three years, the Adeptness project has been developing in a solution to help speedup the software release of CPSs that are in operation while guaranteeing their reliability. In this paper, we summarize the objectives, results and lessons learned from this H2020 project.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Cyber-Physical Systems, DevOps, Uncertainty, Embedded systems, Program debugging, Software reliability, Cybe-physical systems, Google+, Refactorings, Software release, Software versions, Web-based software system, Cyber Physical System
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-66409 (URN)10.1109/DSD60849.2023.00035 (DOI)001195411200025 ()2-s2.0-85189142410 (Scopus ID)9798350344196 (ISBN)
Conference
Proceedings - 2023 26th Euromicro Conference on Digital System Design, DSD 2023
Note

Conference paper; Export Date: 10 April 2024; Cited By: 0; Conference name: 26th Euromicro Conference on Digital System Design, DSD 2023; Conference date: 6 September 2023 through 8 September 2023; Conference code: 198217

Available from: 2024-04-10 Created: 2024-04-10 Last updated: 2024-05-08Bibliographically approved
Barrett, A., Enoiu, E. P. & Afzal, W. (2023). On the Current State of Academic Software Testing Education in Sweden. In: Proceedings - 2023 IEEE 16th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023: . Paper presented at 16th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023, Dublin, Ireland, 16 April 2023 through 20 April 2023 (pp. 397-404). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>On the Current State of Academic Software Testing Education in Sweden
2023 (English)In: Proceedings - 2023 IEEE 16th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 397-404Conference paper, Published paper (Refereed)
Abstract [en]

Well-trained software development personnel, in the art and science of software testing, will effectively and efficiently develop quality software products with potentially fewer, less-critical defects. Thus software testing education is considered to be an important part of curricula for a university degree in Computer Science or Information Systems. The objective of this paper is to determine how much dedicated knowledge in the field of software testing is taught within Swedish universities. To achieve this objective, a systematic search of syllabi for software testing-related courses was done. From 25 Swedish universities offering Computer Science (or related) degrees, 14 currently offer dedicated courses in software testing. Some findings include: 32% of the individual courses were offered at the undergraduate level; 28% of the universities offer courses for specialised testing training; and, for the vast majority of the universities, dedicated software testing courses account for about 5% of the total degree credits. While some universities fare better than others, the overall state of academic software testing education in Sweden is limited but promising.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
software testing, software testing education, Sweden, Curricula, Engineering education, Personnel, Software design, Well testing, 'current, Art and science, Critical defects, Quality software, Software products, Software testings, Swedishs
National Category
Software Engineering
Identifiers
urn:nbn:se:mdh:diva-63857 (URN)10.1109/ICSTW58534.2023.00073 (DOI)001009223100059 ()2-s2.0-85163057348 (Scopus ID)9798350333350 (ISBN)
Conference
16th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023, Dublin, Ireland, 16 April 2023 through 20 April 2023
Available from: 2023-07-12 Created: 2023-07-12 Last updated: 2023-08-16Bibliographically approved
Salari, M. E., Enoiu, E. P., Afzal, W. & Seceleanu, C. (2023). PyLC: A Framework for Transforming and Validating PLC Software using Python and Pynguin Test Generator. In: Proceedings of the ACM Symposium on Applied Computing: . Paper presented at 38th Annual ACM Symposium on Applied Computing, SAC 2023, Tallinn, Estonia, 27 March 2023 through 31 March 2023 (pp. 1476-1485). Association for Computing Machinery
Open this publication in new window or tab >>PyLC: A Framework for Transforming and Validating PLC Software using Python and Pynguin Test Generator
2023 (English)In: Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery , 2023, p. 1476-1485Conference paper, Published paper (Refereed)
Abstract [en]

Many industrial application domains utilize safety-critical systems to implement Programmable Logic Controllers (PLCs) software. These systems typically require a high degree of testing and stringent coverage measurements that can be supported by state-of-the-art automated test generation techniques. However, their limited application to PLCs and corresponding development environments can impact the use of automated test generation. Thus, it is necessary to tailor and validate automated test generation techniques against relevant PLC tools and industrial systems to efficiently understand how to use them in practice. In this paper, we present a framework called PyLC, which handles PLC programs written in the Function Block Diagram and Structured Text languages such that programs can be transformed into Python. To this end, we use PyLC to transform industrial safety-critical programs, showing how our approach can be applied to manually and automatically create tests in the CODESYS development environment. We use behaviour-based, translation rules-based, and coverage-generated tests to validate the PyLC process. Our work shows that the transformation into Python can help bridge the gap between the PLC development tools, Python-based unit testing, and test generation.

Place, publisher, year, edition, pages
Association for Computing Machinery, 2023
Keywords
code translation, FBD, IEC 61131-3, PLC, pynguin, python, ST, translation validation, Accident prevention, Application programs, Automation, Programmable logic controllers, Software testing, Applications domains, Automated test generations, Development environment, Generation techniques
National Category
Software Engineering
Identifiers
urn:nbn:se:mdh:diva-63850 (URN)10.1145/3555776.3577698 (DOI)001124308100209 ()2-s2.0-85162895923 (Scopus ID)9781450395175 (ISBN)
Conference
38th Annual ACM Symposium on Applied Computing, SAC 2023, Tallinn, Estonia, 27 March 2023 through 31 March 2023
Available from: 2023-07-12 Created: 2023-07-12 Last updated: 2024-04-02Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-0611-2655

Search in DiVA

Show all publications