publications

2024

1. Towards a Taxonomy of Challenges in Security Control Implementation

   Md Rayhanur Rahman, Brandon Wroblewski, Mahzabin Tamanna, and 3 more authors

   In 2024 Annual Computer Security Application Conference, 2024
2. ChronoCTI: Mining Knowledge Graph of Temporal Relations among Cyberattack Actions

   Md Rayhanur Rahman, Brandon Wroblewski, Quinn Matthews, and 3 more authors

   In IEEE International Conference on Data Mining, 2024
3. Attackers reveal their arsenal: An investigation of adversarial techniques in CTI reports

   Md Rayhanur Rahman, Rezvan Mahdavi Hezaveh, Setu Basak, and 1 more author

   (In review) ACM Transactions on Software Engineering and Methodology, 2024
4. A Survey on Software Vulnerability Exploitability Assessment

   Sarah Elder, Md Rayhanur Rahman, Gage Fringer, and 2 more authors

   ACM Comput. Surv., Apr 2024

   Abs

   Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to assist practitioners and researchers in understanding existing methods for assessing vulnerability exploitability through a survey of exploitability assessment literature. We identify three exploitability assessment approaches: assessments based on original, manual Common Vulnerability Scoring System, automated Deterministic assessments, and automated Probabilistic assessments. Other than the original Common Vulnerability Scoring System, the two most common sub-categories are Deterministic, Program State based, and Probabilistic learning model assessments.

2022

1. What are the attackers doing now? Automating cyberthreat intelligence extraction from text on pace with the changing threat landscape: A survey

   Md Rayhanur Rahman, Rezvan Mahdavi-Hezaveh, and Laurie Williams

   ACM Computing Surveys, Apr 2022

   HTML
2. Why secret detection tools are not enough: It’s not just about false positives-An industrial case study

   Md Rayhanur Rahman, Nasif Imtiaz, Margaret-Anne Storey, and 1 more author

   Empirical Software Engineering, Apr 2022

   HTML
3. Investigating co-occurrences of MITRE ATT\backslash&CK Techniques

   Md Rayhanur Rahman, and Laurie Williams

   arXiv preprint arXiv:2211.06495, Apr 2022

   HTML
4. From Threat Reports to Continuous Threat Intelligence: A Comparison of Attack Technique Extraction Methods from Textual Artifacts

   Md Rayhanur Rahman, and Laurie Williams

   arXiv preprint arXiv:2210.02601, Apr 2022

   HTML
5. An investigation of security controls and MITRE ATT\backslash&CK techniques

   Md Rayhanur Rahman, and Laurie Williams

   arXiv preprint arXiv:2211.06500, Apr 2022

   HTML

2021

1. Security smells in ansible and chef scripts: A replication study

   Akond Rahman, Md Rayhanur Rahman, Chris Parnin, and 1 more author

   ACM Transactions on Software Engineering and Methodology (TOSEM), Apr 2021

   HTML

2020

1. A literature review on mining cyberthreat intelligence from unstructured texts

   Md Rayhanur Rahman, Rezvan Mahdavi-Hezaveh, and Laurie Williams

   In 2020 International Conference on Data Mining Workshops (ICDMW), Apr 2020

   HTML
2. Do configuration management tools make systems more secure? an empirical research plan

   Md Rayhanur Rahman, William Enck, and Laurie Williams

   In Proceedings of the 7th Symposium on Hot Topics in the Science of Security, Apr 2020

   HTML

2019

1. Share, but be aware: Security smells in python gists

   Md Rayhanur Rahman, Akond Rahman, and Laurie Williams

   In 2019 IEEE International conference on software maintenance and evolution (ICSME), Apr 2019

   HTML

2018

1. MMRUC3: A recommendation approach of move method refactoring using coupling, cohesion, and contextual similarity to enhance software design

   Md Masudur Rahman, Rashed Rubby Riyadh, Shah Mostafa Khaled, and 2 more authors

   Software: Practice and Experience, Apr 2018

   HTML
2. Mobicomonkey: Context testing of android apps

   Amit Seal Ami, Md Mehedi Hasan, Md Rayhanur Rahman, and 1 more author

   In Proceedings of the 5th International Conference on Mobile Software Engineering and Systems, Apr 2018

2017

1. Dtcth: a discriminative local pattern descriptor for image classification

   Md Mostafijur Rahman, Shanto Rahman, Md Rayhanur Rahman, and 2 more authors

   EURASIP Journal on Image and Video Processing, Apr 2017

   HTML
2. Recommendation of Move Method Refactoring to Optimize Modularization Using Conceptual Similarity

   Md Masudur Rahman, Md Rayhanur Rahman, and BM Mainul Hossain

   International Journal of Information Technology and Computer Science, Apr 2017

   HTML
3. A scalable resource provisioning scheme for the cloud using peer to peer resource discovery and multi-attribute utility theory

   Md Rayhanur Rahman, and Kazi Sakib

   International Journal of Cloud Computing, Apr 2017

   HTML

2013

1. Provintsec: a provenance cognition blueprint ensuring integrity and security for real life open source cloud

   Asif Imran, Alim Ul Gias, Md Rayhanur Rahman, and 1 more author

   International Journal of Information Privacy, Security and Integrity, Apr 2013

   HTML