research-article

Towards Quality Assurance of Software Product Lines with Adversarial Configurations

Authors:
Paul Temple

University of Namur, Namur, Belgium

University of Namur, Namur, Belgium
View Profile

,
Mathieu Acher

Univ Rennes, Rennes, France

Univ Rennes, Rennes, France
View Profile

,
Gilles Perrouin

University of Namur, Namur, Belgium

University of Namur, Namur, Belgium
View Profile

,
Battista Biggio

University of Cagliari, Cagliari, Italy

University of Cagliari, Cagliari, Italy
View Profile

,
Jean-Marc Jezequel

Univ Rennes, Rennes, France

Univ Rennes, Rennes, France
View Profile

,
Fabio Roli

University of Cagliari, Cagliari, Italy

University of Cagliari, Cagliari, Italy
View Profile

SPLC '19: Proceedings of the 23rd International Systems and Software Product Line Conference - Volume ASeptember 2019Pages 277–288https://doi.org/10.1145/3336294.3336309

Published:09 September 2019Publication History

SPLC '19: Proceedings of the 23rd International Systems and Software Product Line Conference - Volume A

Pages 277–288

ABSTRACT

Software product line (SPL) engineers put a lot of effort to ensure that, through the setting of a large number of possible configuration options, products are acceptable and well-tailored to customers' needs. Unfortunately, options and their mutual interactions create a huge configuration space which is intractable to exhaustively explore. Instead of testing all products, machine learning is increasingly employed to approximate the set of acceptable products out of a small training sample of configurations. Machine learning (ML) techniques can refine a software product line through learned constraints and a priori prevent non-acceptable products to be derived. In this paper, we use adversarial ML techniques to generate adversarial configurations fooling ML classifiers and pinpoint incorrect classifications of products (videos) derived from an industrial video generator. Our attacks yield (up to) a 100% misclassification rate and a drop in accuracy of 5%. We discuss the implications these results have on SPL quality assurance.

References

Marco Barreno, Blaine Nelson, Russell Sears, Anthony D Joseph, and J Doug Tygar. 2006. Can machine learning be secure?. In Proceedings of the 2006 ACM Symposium on Information, computer and communications security. ACM, New York, NY, USA, 16--25. Google ScholarDigital Library
Don S. Batory. 2005. Feature Models, Grammars, and Propositional Formulas. In SPLC'05 (LNCS), Vol. 3714. Springer, Berlin, Germany, 7--20. Google ScholarDigital Library
Richard Bellman. 1957. Dynamic Programming (1 ed.). Princeton University Press, Princeton, NJ, USA.Google Scholar
David Benavides, Sergio Segura, and Antonio Ruiz-Cortes. 2010. Automated Analysis of Feature Models 20 years Later: a Literature Review. Information Systems 35, 6 (2010), 615--636. Google ScholarDigital Library
Thorsten Berger, Ralf Rublack, Divya Nair, Joanne M. Atlee, Martin Becker, Krzysztof Czarnecki, andAndrzej Wasowski. 2013. A Survey of Variability Modeling in Industrial Practice. In Proceedings of the Seventh International Workshop on Variability Modelling of Software-intensive Systems (VaMoS '13). ACM, New York, NY, USA, Article 7, 8 pages. Google ScholarDigital Library
Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Srndic, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer Berlin, Berlin, Heidelberg, 387402. Google ScholarDigital Library
B. Biggio, L. Didaci, G. Fumera, and F. Roli. 2013. Poisoning attacks to compromise face templates. In 2013 International Conference on Biometrics (ICB). IEEE, New York, USA, 1--7.Google Scholar
Battista Biggio, Giorgio Fumera, and Fabio Roli. 2014. Pattern recognition systems under attack: Design issues and research challenges. International Journal of Pattern Recognition and Artificial Intelligence 28, 07 (2014), 1460002.Google ScholarCross Ref
Battista Biggio, Giorgio Fumera, and Fabio Roli. 2014. Security evaluation of pattern classifiers under attack. IEEE transactions on knowledge and data engineering 26,4 (2014),984--996. Google ScholarDigital Library
BattistaBiggio, Blaine Nelson, andPavelLaskov. 2012. PoisoningAttacks Against Support Vector Machines. In Proceedings of the 29th International Coference on International Conference on Machine Learning (ICML'12). Omnipress, USA, 1467--1474. http://dl.acm.org/citation.cfm?id=3042573.3042761 Google ScholarDigital Library
Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition 84 (2018), 317--331.Google ScholarDigital Library
Eric Bodden, Tarsis Toledo, Marcio Ribeiro, Claus Brabrand, Paulo Borba, and Mira Mezini. 2013. SPLLIFT: statically analyzing software product lines in minutes instead of years. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '13, Seattle, WA, USA, June 16--19, 2013. ACM, New York, USA, 355--364. Google ScholarDigital Library
Quentin Boucher, Andreas Classen, Paul Faber, and Patrick Heymans. 2010. Introducing TVL, a Text-based Feature Modelling. In Fourth International Workshop on Variability Modelling of Software-Intensive Systems, Linz, Austria, January 27--29, 2010. Proceedings (ICB-Research Report), David Benavides, Don S. Batory, and Paul Griinbacher (Eds.), Vol. 37. Universitat Duisburg-Essen, Essen, Germany, 159--162. http://www.vamos-workshop.net/proceedings/VaMoS_2010_Proceedings.pdfGoogle Scholar
Tom Brown, Dandelion Mane, Aurko Roy, Martin Abadi, and Justin Gilmer. 2017. Adversarial Patch. https://arxiv.org/pdf/1712.09665.pdf (2017).Google Scholar
Michael Buhrmester, Tracy Kwang, and Samuel D Gosling. 2011. Amazon's Mechanical Turk: A new source of inexpensive, yet high-quality, data? Perspectives on psychological science 6, 1 (2011), 3--5.Google Scholar
Nitesh V Chawla, Kevin W Bowyer, Lawrence O Hall, and W Philip Kegelmeyer. 2002. SMOTE: synthetic minority over-sampling technique. Journal of artificial intelligence research 16 (2002), 321--357. Google ScholarCross Ref
Andreas Classen, QuentinBoucher, and PatrickHeymans. 2011. AText-basedAp-proach to Feature Modelling: Syntax and Semantics of TVL. Science of Computer Programming, Special Issue on Software Evolution, Adaptability and Variability 76, 12 (2011), 1130--1143. Google ScholarDigital Library
Paul Clements and Linda M. Northrop. 2001. Software Product Lines : Practices and Patterns. Addison-Wesley Professional, Boston, USA. Google ScholarDigital Library
Jean-Marc Davril, Patrick Heymans, Guillaume Becan, and Mathieu Acher. 2015. OnBreakingTheCurseofDimensionalityinReverseEngineeringFeatureModels. In 17th International Configuration Workshop (17th International Configuration Workshop), Vol. 17th International Configuration Workshop. Vienna, Austria. https://hal.inria.fr/hal-01243571Google Scholar
Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, and Fabio Roli. 2018. On the Intriguing Connections of Regularization, Input Gradients and Transferability of Evasion and Poisoning Attacks. CoRR abs/1809.02861 (2018). arXiv:1809.02861 http://arxiv.org/abs/1809.02861Google Scholar
Ambra Demontis, Marco Melis, Maura Pintor, MatthewJagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, and Fabio Roli. 2019. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/usenixsecurity19/presentation/demontisGoogle Scholar
Guneet S Dhillon, Kamyar Azizzadenesheli, Zachary C Lipton, Jeremy Bernstein, Jean Kossaifi, Aran Khanna, and Anima Anandkumar. 2018. Stochastic activation pruning for robust adversarial defense. arXiv preprint arXiv:1803.01442 (2018).Google Scholar
Richard W. Dosselman and Xue Dong Yang. 2012. No-Reference Noise and Blur Detection via the Fourier Transform. Technical Report. University of Regina, CANADA.Google Scholar
Gamaleldin F Elsayed, Shreya Shankar, Brian Cheung, Nicolas Papernot, Alex Kurakin, Ian Goodfellow, and Jascha Sohl-Dickstein. 2018. Adversarial Examples that Fool both Human and Computer Vision. arXiv preprint arXiv:1802.08195 (2018).Google Scholar
Ivan Evtimov, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, and Dawn Song. 2017. Robust Physical-World Attacks on Deep Learning Models. arXiv preprint arXiv:1707.08945 1 (2017).Google Scholar
Jose Angel Galindo Duarte, Mauricio Alferez, Mathieu Acher, Benoit Baudry, and David Benavides. 2014. A Variability-Based Testing Approach for Synthesizing Video Sequences. In ISSTA '14: International Symposium on Software Testing and Analysis. San Jose, California, United States. https://hal.inria.fr/hal-01003148 Google ScholarDigital Library
Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems. 2672--2680. Google ScholarDigital Library
Chuan Guo, Mayank Rana, Moustapha Cisse, and Laurens van der Maaten. 2017. Countering adversarial images using input transformations. arXiv preprint arXiv:1711.00117 (2017).Google Scholar
Jianmei Guo, Krzysztof Czarnecki, Sven Apel, Norbert Siegmund, and Andrzej Wasowski. 2013. Variability-aware performance prediction:Astatisticallearning approach. In ASE. Google ScholarDigital Library
Axel Halin, Alexandre Nuttinck, Mathieu Acher, Xavier Devroey, Gilles Perrouin, and Benoit Baudry. 2018. Test them all, is it worth it? Assessing configuration sampling on the JHipster Web development stack. Empirical Software Engineering (July 2018). https://doi.org/10.07980 Empirical Software Engineering journal. Google ScholarDigital Library
Axel Halin, Alexandre Nuttinck, Mathieu Acher, Xavier Devroey, Gilles Perrouin, and Benoit Baudry. 2019. Test them all, is it worth it? Assessing configuration sampling on the JHipster Web development stack. Empirical Software Engineering 24,2 (2019), 674--717. Google ScholarDigital Library
Roberto Ierusalimschy. 2006. Programmingin Lua, SecondEdition. Lua.Org. Google ScholarDigital Library
Cem Kaner, James Bach, and Bret Pettichord. 2001. Lessons Learned in Software Testing. John Wiley & Sons, Inc., New York, NY, USA. Google ScholarDigital Library
Alexander Knuppel, Thomas Thiim, Stephan Mennicke, Jens Meinicke, and Ina Schaefer. 2018. Is There a Mismatch between Real-World Feature Models and Product-Line Research?. In Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. Marz 2018, Ulm, Germany. (LNI), Matthias Tichy, Eric Bodden, Marco Kuhrmann, Stefan Wagner, and Jan-Philipp Steghofer (Eds.), Vol. P-279. Gesellschaft fur Informatik, 53--54. https://dl.gi.de/20.500.12116/16312Google Scholar
Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. arXivpreprintarXiv:1607.02533 (2016).Google Scholar
Axel Legay and Gilles Perrouin. 2017. On Quantitative Requirements for Product Lines. In Proceedings of the Eleventh International Workshop on Variability Modelling of Software-intensive Systems (VAMOS '17). ACM, New York, NY, USA, 2--4. Google ScholarDigital Library
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and AdrianVladu.2017. Towardsdeeplearningmodels resistanttoadversarialattacks. arXiv preprint arXiv:1706.06083 (2017).Google Scholar
Flavio Medeiros, Christian Kastner, Marcio Ribeiro, Rohit Gheyi, and Sven Apel. 2016. A Comparison of 10 Sampling Algorithms for Configurable Systems. In Proceedings of the 38th International Conference on Software Engineering (ICSE 16). ACM, New York, NY, USA, 643--654. Google ScholarDigital Library
Sarah Nadi, Thorsten Berger, Christian Kastner, and Krzysztof Czarnecki. 2014. Mining configuration constraints: static analyses and empirical results. In 36th International Conference on Software Engineering, ICSE '14, Hyderabad, India -May 31 - June 07, 2014. 140--151. Google ScholarDigital Library
Vivek Nair, Tim Menzies, Norbert Siegmund, and Sven Apel. 2017. Using bad learners to find good configurations. In Proceedings of the 2017 11th Joint Meeting on Foundations ofSoftware Engineering, ESEC/FSE 2017, Paderborn, Germany, September4--8,2017, Eric Bodden, Wilhelm Schafer, Arie van Deursen, andAndrea Zisman (Eds.). ACM, 257--267. Google ScholarDigital Library
Blaine Nelson, Marco Barreno, Fuching Jack Chi, Anthony D Joseph, Benjamin IP Rubinstein, Udam Saini, Charles A Sutton, J Doug Tygar, and Kai Xia. 2008. Exploiting Machine Learning to Subvert Your Spam Filter. LEET 8 (2008), 1--9. Google ScholarDigital Library
Jeho Oh, Don S. Batory, Margaret Myers, and Norbert Siegmund. 2017. Finding near-optimal configurations in product lines by random sampling. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4--8, 2017. 61--71. Google ScholarDigital Library
N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami. 2016. The Limitations of Deep Learning in Adversarial Settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS P). 372--387.Google Scholar
Kexin Pei, Yinzhi Cao, Junfeng Yang, and Suman Jana. 2017. DeepXplore: Automated Whitebox Testing of Deep Learning Systems. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP '17). ACM, New York, NY, USA, 1--18. Google ScholarDigital Library
Juliana Alves Pereira, Hugo Martin, Mathieu Acher, Jean-Marc JÃl'zÃl'quel, Goetz Botterweck, and Anthony Ventresque. 2019. Learning Software Configuration Spaces: A Systematic Literature Review. arXiv:arXiv:1906.03018Google Scholar
Quentin Plazar, Mathieu Acher, Gilles Perrouin, Xavier Devroey, and Maxime Cordy. 2019. Uniform Sampling of SAT Solutions for Configurable Systems: Are We There Yet?. In 12th IEEE Conference on Software Testing, Validation and Verification, ICST 2019, Xi'an, China, April 22--27, 2019. 240--251.Google ScholarCross Ref
Klaus Pohl, Günter Böckle, and Frank J. van der Linden. 2005. Software Product Line Engineering: Foundations, Principles and Techniques. Springer-Verlag. Google ScholarDigital Library
A. Sarkar, Jianmei Guo, N. Siegmund, S. Apel, and K. Czarnecki. 2015. Cost-Efficient Sampling for Performance Prediction of Configurable Systems (T). In ASE'15. Google ScholarDigital Library
Pierre-Yves Schobbens, Patrick Heymans, Jean-Christophe Trigaux, and Yves Bontemps. 2007. Generic semantics of feature diagrams. Comput. Netw. 51, 2 (2007), 456--479. Google ScholarDigital Library
Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K Reiter. 2016. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1528--1540. Google ScholarDigital Library
Norbert Siegmund, Alexander Grebhahn, Christian Kästner, and Sven Apel. {n.d.}. Performance-Influence Models for Highly Configurable Systems. In ESEC/FSE'15. Google ScholarDigital Library
Norbert Siegmund, Marko RosenmüLler, Christian KäStner, Paolo G. Giarrusso, Sven Apel, and Sergiy S. Kolesnikov. 2013. Scalable Prediction of Non-functional Properties in Software Product Lines: Footprint and Memory Consumption. Inf. Softw. Technol. (2013). Google ScholarDigital Library
Norbert Siegmund, Stefan Sobernig, and Sven Apel. 2017. Attributed Variability Models: Outside the Comfort Zone. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017). ACM, New York, NY, USA, 268--278. Google ScholarDigital Library
Daniel Strüber, Julia Rubin, Thorsten Arendt, Marsha Chechik, Gabriele Taentzer, and Jennifer Plöger. 2018. Variability-based model transformation: formal foundation and application. Formal Asp. Comput. 30, 1 (2018), 133--162. Google ScholarCross Ref
Paul Temple, Mathieu Acher, Jean-Marc Jézéquel, and Olivier Barais. 2017. Learning Contextual-Variability Models. IEEE Software 34, 6 (2017), 64--70.Google ScholarCross Ref
Paul Temple, José Angel Galindo Duarte, Mathieu Acher, and Jean-Marc Jézéquel. 2016. Using Machine Learning to Infer Constraints for Product Lines. In Software Product Line Conference (SPLC). Beijing, China. Google ScholarDigital Library
Maurice H. ter Beek, Alessandro Fantechi, Stefania Gnesi, and Franco Mazzanti. 2016. Modelling and analysing variability in product families: Model checking of modal transition systems with variability constraints. J. Log. Algebr. Meth. Program. 85, 2 (2016), 287--315.Google ScholarCross Ref
Maurice H. ter Beek, Alessandro Fantechi, Stefania Gnesi, and Laura Semini. 2016. Variability-Based Design of Services for Smart Transportation Systems. In Leveraging Applications of Formal Methods, Verification and Validation: Discussion, Dissemination, Applications - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10--14, 2016, Proceedings, Part II. 465--481.Google Scholar
Maurice H. ter Beek and Axel Legay. 2019. Quantitative Variability Modeling and Analysis. In Proceedings of the 13th International Workshop on Variability Modelling of Software-Intensive Systems (VAMOS '19). ACM, New York, NY, USA, Article 13, 2 pages. Google ScholarDigital Library
Thomas Thüm, Sven Apel, Christian Kästner, Ina Schaefer, and Gunter Saake. 2014. A Classification and Survey of Analysis Strategies for Software Product Lines. Comput. Surveys (2014). Google ScholarDigital Library
Mahsa Varshosaz, Mustafa Al-Hajjaji, Thomas Thüm, Tobias Runge, Mohammad Reza Mousavi, and Ina Schaefer. 2018. A classification of product sampling for software product lines. In Proceeedings of the 22nd International Systems and Software Product Line Conference - Volume 1, SPLC 2018, Gothenburg, Sweden, September 10--14, 2018. 1--13. Google ScholarDigital Library
Mengshi Zhang, Yuqun Zhang, Lingming Zhang, Cong Liu, and Sarfraz Khurshid. 2018. DeepRoad: GAN-based Metamorphic Testing and Input Validation Framework for Autonomous Driving Systems. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE 2018). ACM, New York, NY, USA, 132--142. Google ScholarDigital Library

Index Terms

Towards Quality Assurance of Software Product Lines with Adversarial Configurations
1. Software and its engineering
  1. Software creation and management
    1. Software development techniques
      1. Reusability
        Software product lines

Recommendations

Empirical assessment of generating adversarial configurations for software product lines
Abstract
Software product line (SPL) engineering allows the derivation of products tailored to stakeholders’ needs through the setting of a large number of configuration options. Unfortunately, options and their interactions create a huge configuration ...
Read More
A New Parameter for Product Configuration in Software Product Lines
KAM '09: Proceedings of the 2009 Second International Symposium on Knowledge Acquisition and Modeling - Volume 02

Software product line development is a new software engineering method. It promotes the predictive software reuse by developing similar software systems together. One of the key artifacts of a software product line is the feature model, which represents ...
Read More
Handling complex configurations in software product lines: a tooled approach
SPLC '14: Proceedings of the 18th International Software Product Line Conference - Volume 1

As Software Product Lines (SPLs) are now more widely applied in new application fields such as IT or Web systems, complex and large-scale configurations have to be handled. In these fields, the strong domain orientation leads to the need to manage ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SPLC '19: Proceedings of the 23rd International Systems and Software Product Line Conference - Volume A
September 2019
356 pages
ISBN:9781450371384
DOI:10.1145/3336294
Editors:
Thorsten Berger
Chalmers | University of Gothenburg, Sweden
,
Philippe Collet
Université Côte d'Azur, France
,
Laurence Duchien
University Lille, France
,
Thomas Fogdal
Danfoss Power Electronics A/S, Denmark
,
Patrick Heymans
University of Namur, Belgium
,
Timo Kehrer
Humboldt-Universität zu Berlin, Germany
,
Jabier Martinez
Tecnalia, Spain
,
Raúl Mazo
University Paris 1 Panthéon-Sorbonne, France
,
Leticia Montalvillo
IK4-IKERLAN Research Center, Spain
,
Camille Salinesi
University Paris 1 Panthéon-Sorbonne, France
,
Xhevahire Tërnava
Sorbonne University, France
,
Thomas Thüm
TU Braunschweig, Germany
,
Tewfik Ziadi
Sorbonne University, France
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 9 September 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
machine learning
quality assurance
software product line
software testing
software variability
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate167of463submissions,36%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 4
  Total Citations
  View Citations
- 198
  Total Downloads
- Downloads (Last 12 months)18
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Towards Quality Assurance of Software Product Lines with Adversarial Configurations

SPLC '19: Proceedings of the 23rd International Systems and Software Product Line Conference - Volume A

ABSTRACT

References

Cited By

Index Terms

Recommendations

Empirical assessment of generating adversarial configurations for software product lines

A New Parameter for Product Configuration in Software Product Lines

Handling complex configurations in software product lines: a tooled approach