PYCHECKER: AUTOMATIC VULNERABILITY ANALYSIS TOOL IN PYTHON PROGRAMS;DEMOGRAPHIC OF CYBERCRIME BEFORE AND AFTER PANDEMIC
Chen, Wentao, School of Engineering and Applied Science, University of Virginia
Baritaud, Catherine, EN-Engineering and Society, University of Virginia
Tian, Yuan, University of Virginia
Over the past decade, cybercrimes have been escalating and reached a climax with the help of the pandemic. To mitigate this issue, a technical research topic aims to secure our systems and improve upon the current framework. The research addresses the needs of different groups of individuals who use Python as their regular working environment, given the increasing popularity of Python. Additionally, a closely coupled STS research examines the demographics of cybercrime victims, and understanding the distribution of victims is essential to reducing the overall damage brought by cybercrime. Both technical and STS research examine the securities within the programs we use, but the technical research provides a more specific example solution derived from the STS research.
The technical report introduces a novel Python static analysis schema based on the Facebook open-source tool Pysa. Given the difficulty of performing static analysis on Python programs, the lack of widely accepted tools available in the industry, and the low performance of Pysa, the technical research aims to address these issues by improving the Pysa’s source code to increase the variety of detectable vulnerabilities and reduce the overall false positive/false negative rate.
The new tool was tested with over 1000 projects downloaded from GitHub, mainly written in Django and Flask (Python web frameworks), and the output generated a dataset including more categories of vulnerabilities compared to the original Pysa’s output. The false positive/false negative rate was also reduced with the improved version. Due to time constraints, the dataset generated was the only results ready to publish for everyone’s usage, and the tool was still under the testing phase and cannot be put into industrial use.
Initially inspired by examining the impact of COVID-19 on the cyber world, including how it increased the total number of cybercrime cases and diversified the category of cybercrimes, the STS research shifted to answering whether different groups of individuals require different treatments towards cybercrime. The research performed a close examination of the distribution of cybercrime victims and offered hypothetical solutions for one particular group to emphasize the effectiveness of having specialized treatment for cybercrimes. Pinch and Bijker’s Social Construction of Technology theory was adopted to illustrate the relationship between cybersecurity and various social groups.
From the STS research, it was found that younger generations and old people are more vulnerable to cybercrimes, and females are more likely to fall victim to cyber-attacks. Despite the idea of broadening one’s knowledge on cyber-attacks, a specific repeatable schema is shown as a potential solution for software development groups. Throughout the entire research, it is clear that having specialized actions against cybercrimes is much more effective than treating every group equally. The STS research does not provide novel solutions to any groups discussed, but the research does contain a schema for one of the most important groups affected by cybersecurity.
Fighting against cybercrimes has many possible ways. From the engineers’ perspective, one of the most commonly used is to secure our system. However, engineers are not the only group being affected by cybercrimes. For groups like the users, it is never feasible to adapt the methods used by engineers. Similarly, other groups will always require specialized solutions not only for feasibility but also for efficiency.
BS (Bachelor of Science)
Social Construction of Technology, Static Taint Analysis, Python
School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Yuan Tian
STS Advisor: Catherine Baritaud
Technical Team Members: Tamjid Rahat
English
All rights reserved (no additional license for public reuse)
2023/05/12