Online grocery delivery has seen accelerated growth in the last decade. This growth introduced new challenges in operations, such as damaged groceries upon delivery. Companies have started collecting relevant data, yet operations remain largely disconnected from the data. Motivated by this gap in the industry, we formulated the main research question of this study: "How to improve quality of service by integrating customer feedback in a bin-packing model in the context of online groceries?". A review of recent literature revealed two complementary gaps: limited applications of machine learning in offline one-dimensional bin packing where ML directly assists with the packing process, and the lack of customer feedback integration in bin packing models to improve quality of service.

Therefore, we propose a novel two-part theoretical framework to process historical data of customer damage reports into quantifiable parameters that can be used by a bin packing model. In the first part, we formulate a predictive task and propose a classification machine learning model which provides a probability of damage for the bag, given a set of bag characteristics obtained from customer data. In the second part, we propose to integrate the machine learning component into a bin packing model as a weighted term in its objective function. This integrated model comprises our damage-aware bin packing model.

The proposed methodology was implemented and evaluated through a case study using real data from the daily operations of the online supermarket Picnic. As part of the experiments, we analysed over 60 million articles across 2.2 million deliveries. We started with a comprehensive data analysis to explore the relationships in the data and identify trends. We, then, developed and trained two machine learning variants, a logistic regression and an ensemble extreme gradient boost model (XGBoost) to fulfil the predicting task of bag-damage probability estimation. We applied random undersampling to the training dataset to mitigate the extreme class imbalance (0.41% damage rate). Then, we used the logistic regression model as the ML component and implemented a damage-aware bin packing model. We defined strategic empirical metrics to measure its performance and constructed an evaluation framework using counterfactual analysis on 6000 representative deliveries.

Our findings validate the technical feasibility of integrating customer feedback data into a bin packing algorithm. The damage-aware variant recorded a 14.1% relative reduction in the average probability of damage across all bags of the deliveries tested. On the other hand, extreme class imbalance severely limited the performance of the ML models trained (1% precision score in real operational conditions). As a result, a meaningful review of the economic impact of the model is not possible. The experiments illustrated sensible item movements across the bags tested, measured with some empirical key risk parameters, such as item categories, packaging types, and bag density. The implementation showed a tolerable computational overhead of around 18%, indicating that it is realistic to deploy an efficient model to real operations. ... Read more

The Internet of Things (IoT) is a rapidly growing technology that connects millions of devices together. However, as more devices connect, the importance of ensuring security, privacy, and performance becomes paramount. Training performance is affected without proper protocols in place, and devices can get compromised. This research focuses on how to enhance IoT security, privacy and performance using federated learning and blockchain. We will first identify the current challenges concerning those three metrics for IoT. Then, we will introduce federated learning and blockchain and explore how to integrate them. Next, we will address a set of related work performed on the field through a series of surveys. Keeping those surveys in mind, we present and compare several novel solutions for various IoT applications that attempt to provide solutions to enhance IoT security. We complete this study by discussing the potential of those solutions, as well as their challenges and then we highlight possible directions for future research in this booming field. ... Read more

Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project. By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly mon- itoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use. ... Read more

A security vulnerability is a programming error that introduces a potentially exploitable weakness into a computer system. Such a vulnerability can severely affect an organization's infrastructure and cause significant financial damage to it. Hence, one of the basic pursuits in every new software release should be to mitigate such defects. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms. One of the most common approaches to identify software vulnerabilities is static analysis [1]. This kind of analysis is performed by automated tools either on the program's source or object code and without actually executing it. However, since the formats in which static analysis tools store and present their results vary wildly, it is typically difficult to utilize many of them in the scope of a project. By automating the process of running a variety of vulnerability detectors and collecting their results in an efficient manner during development, the task of tracking security defects throughout the evolution history of software projects can be simplified. In this paper we present TRACER, a framework to support the development of secure applications by constantly monitoring software projects for vulnerabilities. TRACER simplifies the integration of existing tools that detect software vulnerabilities and promotes their use during development and maintenance. Instead of designing and implementing TRACER from the ground up, we built it on top of the open source Alitheia Core [2] platform, which is designed for facilitating large scale quantitative software engineering studies. While Alitheia Core aims for efficient estimation of the quality of software projects, TRACER was designed with a focus on software security. To support the specific objectives of TRACER, a set of new components was added at each level of the Alitheia Core architecture. These include a model for representing software vulnerabilities, a mechanism for automatic vulnerability detection triggering, a REST API for accessing the analysis results, and an archetype for plug-ins to integrate new vulnerability detection tools in the platform. Like Alitheia Core, TRACER monitors multiple data sources associated with the development of a software project, such as the source code repository and bug tracking system, and automatically analyzes each revision. Therefore it can be used to track security defects throughout the evolution of a project. In most cases, the detection of vulnerabilities on a software artifact involves only two steps: invoking an external tool created for this purpose with specific arguments as required, and evaluating the results it generates. There is a vast number of software vulnerability detection tools available, each one having different operating requirements. Such a tool can be integrated in TRACER by creating a corresponding driver that implements these two steps and stores the results using the data model provided by the platform. Thus we can leverage the functionality provided by existing tools, without duplicating it. Such an external tool driver is called a vulnerability detector plug-in, and it uses the Alitheia Core infrastructure to handle automatic activation, as well as storage and retrieval of results. Each vulnerability detector is associated with the set of vulnerability types it can detect and the different types of software artifacts or programming constructs that it can analyze. This allows the platform to automatically trigger it when needing to check if a software project or artifact is vulnerable to a specific type of attacks or a new artifact is submitted to the system for evaluation. To demonstrate the efficiency and usability of the platform, we have created plug-ins to integrate two different tools for vulnerability detection, namely: FindBugs [3], and Frama-c [4]. The former analyzes applications written in Java, while the latter examines applications written in c. This highlights the fact that our platform does not depend on the programming language used to develop the project that is being analyzed, and that the simplicity of integrating third party tools leads to high levels of expandability of the platform. ... Read more