Saeed ParsaIran University of Science and Technology · School of Computer Engineering
Saeed Parsa
Doctor of Philosophy
Seeking a new position to lead teams of researchers to design and develop tools to assist software engineers and testers
About
220
Publications
35,738
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,617
Citations
Introduction
My research interests are:
1. Software testing
2. Compiler design
3. Software engineering
Education
October 1988 - October 1993
Publications
Publications (220)
Path testing is one of the most efficient approaches for covering a program during the test. However, executing a path with a single or limited number of test data does not guarantee that the path is fault-free, specifically in the fault-prone paths. A common solution in these cases is to extract the corresponding domain of the path constraint that...
Requirements form the basis for defining software systems’ obligations and tasks. Testable requirements help prevent failures, reduce maintenance costs, and make it easier to perform acceptance tests. However, despite the importance of measuring and quantifying requirements testability, no automatic approach for measuring requirements testability h...
To evaluate the software quality it is required to measure factors affecting the qualityof the software . Reliability and number of faults are examples of quality factors. If these factors are measured during the software development life cycle, more efficient and optimal activities can be performed to improve the software quality. The difficulty i...
The responsibility of a method/function is to perform some desired computations and disseminate the results to its caller through various deliverables, including object fields and variables in output instructions. Based on this definition of responsibility, this paper offers a new algorithm to refactor long methods to those with a single responsibi...
White box test data generation typically relies on an optimized search through the program input space. Metaheuristic algorithms, such as Genetic Algorithms, Particle Swarm Optimization, and Simulated Annealing, are commonly utilized to address this problem. However, it is observed that existing algorithms often fall short in generating diverse tes...
Test-first development (TFD) is a software development approach involving automated tests before writing the actual code. TFD offers many benefits, such as improving code quality, reducing debugging time, and enabling easier refactoring. However, TFD also poses challenges and limitations, requiring more effort and time to write and maintain test ca...
Measuring and evaluating source code similarity is a fundamental software engineering activity that embraces a broad range of applications, including but not limited to code recommendation, duplicate code, plagiarism, malware, and smell detection. This paper proposes a systematic literature review and meta-analysis on code similarity measurement an...
Measuring and evaluating source code similarity is a fundamental software engineering activity that embraces a broad range of applications, including but not limited to code recommendation, duplicate code, plagiarism, malware, and smell detection. This paper proposes a systematic literature review and meta-analysis on code similarity measurement an...
The accuracy reported for code smell-detecting tools varies depending on the dataset used to evaluate the tools. Our survey of 45 existing datasets reveals that the adequacy of a dataset for detecting smells highly depends on relevant properties such as the size, severity level, project types, number of each type of smell, number of smells, and the...
The accuracy reported for code smell-detecting tools varies depending on the dataset used to evaluate the tools. Our survey of 45 existing datasets reveals that the adequacy of a dataset for detecting smells highly depends on relevant properties such as the size, severity level, project types, number of each type of smell, number of smells, and the...
The responsibility of a method/function is to perform some desired computations and disseminate the results to its caller through various deliverables, including object fields and variables in output instructions. Based on this definition of responsibility, this paper offers a new algorithm to refactor long methods to those with a single responsibi...
HTOA is a meta-heuristic algorithm for solving global optimization problems. Here its implementation source code is available for researchers.
Fault localization is among the most costly tasks in software development.
Learning physical principles marks the start of a new era for software testing in cyber-physical systems.
Test cases are developed before writing the code in test-first techniques, such as TDD and BDD.
Meta-heuristic search algorithms have proposed a suitable alternative for developing test data generators. Genetic algorithms are the most popular heuristic search technique applied to test data generation problems. Search-based testing involves looking in a program input space for test data, satisfying a test adequacy criterion encoded as a fitnes...
Spectrum-based fault localization techniques do not consider the number of iterations of statements in each failing or passing execution as a factor when computing suspiciousness scores of the statements.
The cost of the testing rises exponentially as the size of the code under test grows. TDD and BDD aggravate the cost by using failing tests to conduct the design and implementation code. Testability-Driven Development (TsDD) suggests repeated measurement of testability and refactoring for testability while applying a test-first approach to design a...
Software testing should begin with the testability assessment. Testing before assessing code testability is a potentially costly and ineffective approach. Before a piece of code can be tested thoroughly, certain precautions must be taken to ensure the code is in a testable state.
Throughout this chapter, the reader will learn how to specify requirements in natural language so they can be directly and automatically converted into executable specifications. Requirements form the basis of the software development life cycle.
Test data generation techniques optimally seek to provide test data sets that, when applied, ensure the accuracy of the program under test, or expose any existing error.
Testing typically begins with the units of the software under test. Integration tests can begin when the unit tests pass and the results appear convincing. In software testing, a unit refers to the smallest possible part of a program that can be tested in isolation.
Dynamic-symbolic execution is a fantastic area of research from a software industry point of view.
Spectrum-based statistical fault-localization techniques locate fault-relevant statements.
Context Coverage criteria are satisfied by at least one examination of the test target, while many faults are not revealed by one execution. However, despite executing the faulty statement, the test result is correct in certain circumstances. Such coincidentally passing test cases execute the faulty statement but do not cause failures. Objective Th...
Method naming is a critical factor in program comprehension, affecting software quality. State-of-the-art naming techniques use deep learning to compute the methods’ similarity considering their textual contents. They highly depend on identifiers’ names and do not compute semantical interrelations among methods’ instructions. Source code metrics co...
Unlike most other software quality attributes, testability cannot be evaluated solely based on the characteristics of the source code. The effectiveness of the test suite and the budget assigned to the test highly impact the testability of the code under test. The size of a test suite determines the test effort and cost, while the coverage measure...
Front Cover Caption: The cover image is based on the Research Article Learning to predict test effectiveness by Morteza Zakeri‐Nasrabadi and Saeed Parsa https://doi.org/10.1002/int.22722.
Unlike most other software quality attributes, testability cannot be evaluated solely based on the characteristics of the source code. The effectiveness of the test suite and the budget assigned to the test highly impact the testability of the code under test. The size of a test suite determines the test effort and cost, while the coverage measure...
Static malware detection approaches are time-consuming and cannot deal with code obfuscation techniques. Dynamic malware detection approaches, on the other hand, address these two challenges, however, suffer from behavioral ambiguity, such as the system calls obfuscation. In this paper, we introduce Markhor, a dynamic and behavior-based malware det...
Early prediction of malicious activity can help prevent irreparable damage caused by rogue actions. A malware analysis tool can anticipate malicious activity and stop the execution of the instance based on API calls to avoid the damage caused by the malware. The anticipation operation examines signatures as behaviors defined in a hierarchical model...
Service identification plays a key role in the design of service-oriented systems. There are non-model-based and model-based methods for extracting services from business processes. These methods suggest a set of mostly descriptive solutions that do not pay sufficient attention to service design guidelines and the conceptual relations between tasks...
The high cost of the test can be dramatically reduced, provided that the coverability as an inherent feature of the code under test is predictable. This article offers a machine learning model to predict the extent to which the test could cover a class in terms of a new metric called Coverageability. The prediction model consists of an ensemble of...
Novel metaheuristic algorithms are now considered an appealing collection of methods for solving complex optimization problems, in which the challenging objective is to find a better solution in a shorter computation time. Focusing on the same objective, this paper proposes a novel metaheuristic optimization algorithm inspired by heat transfer rela...
Appropriate test data are a crucial factor to succeed in fuzz testing. Most of the real-world applications, however, accept complex structure inputs containing data surrounded by meta-data which is processed in several stages comprising of the parsing and rendering (execution). The complex structure of some input files makes it difficult to generat...
http://ce.iust.ac.ir/content/60832/%D8%A2%D9%82%D8%A7%DB%8C-%D8%AF%DA%A9%D8%AA%D8%B1-%D8%B3%D8%B9%DB%8C%D8%AF-%D9%BE%D8%A7%D8%B1%D8%B3%D8%A7
http://parsa.iust.ac.ir/2020/09/14/dr-parsa-is-among-top-10-most-influential-authors-in-sfl-research/
Fault localization is one of the most important and difficult tasks in the software debugging process. Therefore, several methods have been proposed to automate and improve this process. Mutation-based fault localization is one of the states of the art techniques that try to locate faults by executing different mutants of the faulty program. In add...
Botnet is a group of hosts infected with the same malicious code and managed by an attacker or Botmaster through one or more command and control (C&C) servers. The new generation of Botnets generates C&C domain name server’s list dynamically. This dynamic list created by a domain generation algorithm helps an attacker to periodically change its C&C...
Rapid online adaptation to the new business requirements can improve innovation level and market competency of collaborative organizations. Complex and unstructured processes are provision e-services in collaborative networks through web service inter-connections, which unanticipated changes made it hard to manage them. In a cross-organizational do...
Test data adequacy is a major challenge in software testing literature. The difficulty is to provide sufficient test data to assure the correctness of the program under test. Especially, in the case of latent faults, the fault does not reveal itself unless specific combinations of input values are used to run the program. In this respect, detection...
The rapid increase in the number of malicious programs has made malware forensics a daunting task and caused users’ systems to become in danger. Timely identification of malware characteristics including its origin and the malware sample family would significantly limit the potential damage of malware. This is a more profound risk in Cyber-Physical...
Spectrum-based fault localization (SBFL) is a promising approach to reduce the cost of program debugging and there has been a large body of research on introducing effective SBFL techniques. However, performance of these techniques can be adversely affected by the existence of coincidental correct (CC) test cases in the test suites. Such test cases...
Domain name detection techniques are widely used to detect Algorithmically Generated Domain names (AGD) applied by Botnets. A major difficulty with these algorithms is to detect those generated names which are meaningful. In this way, Command and Control (C2) servers are detected. Machine learning techniques have been of great use to generalize the...
Botnets have recently been identified as serious Internet threats that are continually developing and expanding. Identifying botnets in the domain of network security is regarded as a new challenge and topic for research. There are several methods for detecting botnets in networks, and prior research has encountered problems, including a high error...
Domain Generation Algorithms (DGAs) are used in Botnets as rendezvous points to their command and control (C&C) servers, and can continuously provide a large amount of domains to evade the detection by traditional methods such as Blacklist. Internet security vendors often use blacklists to detect Botnets and malwarse, but the DGA can continuously u...
A Botnet is a set of infected computers and smart devices on the Internet that controlled remotely by a Botmaster to perform various malicious activities like distributed denial of service (DDoS) attacks, sending spam, click-fraud etc. When a Botmaster communicates with own Bots, it generates traffic that analyzing this traffic to detect the traffi...
In this article, a new criterion, domain coverage, for white box testing is introduced. In search of the biggest subdomains for input variables exercising a given path, the variable domains are broken down into overlapping subregions in such a way that the resultant subregions either exercise or deviate from the path. To this aim, an incremental me...
Security threats due to malicious executable are getting more serious. A lot of researchers are interested in combating malware attacks. In contrast, malicious users aim to increase the usage of polymorphism and metamorphism malware in order to increase the analysis cost and prevent being identified by anti-malware tools. Due to the intuitive simil...
Traditional test case generation approaches focus on design and implementation models while a large percentage of software errors are caused by the lack of understanding in the early phases. One of the most important models in the early phases of software development is business process model which closely resembles the real world and captures the...
This paper presents an overview of the findings on trigger-based malware behavior elicitation, classification, modeling, and behavioral signature generation. Considering reactions to environmental conditions, we suggest a new classification of trigger-based malware behavior as evasive and elicited behaviors. Both these behaviors are concerned with...
Based on the information theory, it first diversifies the test suites to achieve the highest possible code coverage. Then, after the first faulty output, it prioritizes test cases to locate the buggy statement effectively.
Appropriate test data is a crucial factor to reach success in dynamic software testing, e.g., fuzzing. Most of the real-world applications, however, accept complex structure inputs containing data surrounded by meta-data which is processed in several stages comprising of the parsing and rendering (execution). It makes the automatically generating e...
The foundation of the infrastructure of a collaborative network for ubiquitous connectivity will employ hyper-connected technologies in smart and sustainable cities. Typically, there are millions of items for processing and analytics on the massive generated data. The predictive analytics are indispensable for such volumes of which there are many d...
Despite the proven applicability of the spectrum-based fault localization (SBFL) methods, their effectiveness may be degraded due to the presence of coincidental correctness, which occurs when faults fail to propagate, i.e., their execution does not result in failures. This article aims at improving SBFL effectiveness by mitigating the effect of co...
Regarding the fact that the majority of faults may be revealed as joint effect of program predicates on each other, a new method for localizing complex bugs of programs is proposed in this article. The presented approach attempts to identify and select groups of interdependent predicates which altogether may affect the program failure. To find these...
Although empirical studies have confirmed the effectiveness of statistical fault localization based on code coverage, the performance of these techniques may be degraded due to presence of some undesired circumstances such as the existence of coincidental correctness where one or more passing test cases exercise a faulty statement and thus cause so...
This paper presents a novel test data generation method called Bayes-TDG. It is based on principles of Bayesian networks (BNs) and provides the possibility of making inference from probabilistic data in the model to increase the prime path coverage ratio (PPCR) for a given program under test (PUT). In this regard, a new program structure-based prob...
Regarding the fact that the majority of faults may be revealed as joint effect of program predicates on each other, a new method for localising complex bugs of programs is proposed in this article. The presented approach attempts to identify and select groups of interdependent predicates which altogether may affect the program failure. To find thes...
In this paper, a novel approach, Inforence, is proposed to isolate the suspicious codes that likely contain faults. Inforence employs a feature selection method, based on mutual information, to identify those bug-related statements that may cause the program to fail. Because the majority of a program faults may be revealed as undesired joint effect...
In this paper, a novel approach, Inforence, is proposed to isolate the suspicious codes that likely contain faults. Inforence employs a feature selection method, based on mutual information, to identify those bug-related statements that may cause the program to fail. Because the majority of a program faults may be revealed as undesired joint effect...
Despite the proven applicability of the statistical methods in automatic fault localization, these approaches are biased by data collected from different executions of the program. This biasness could result in unstable statistical models which may vary dependent on test data provided for trial executions of the program. To resolve the difficulty,...
Today's enterprise systems are typically compositions of services that collaborate with each other to achieve business goals. To develop such systems service-oriented paradigm is used. On the other hand, model-driven approaches deal with the provision of models, transformations between them and code generators to address software development. This...