Search-Based Software Testing (SBST) tools can automatically generate tests to achieve high code coverage; however, a systematic understanding of why they fail in specific situations is necessary. This thesis addresses this gap by developing a comprehensive taxonomy of coverage failures through an empirical analysis of the three most prominent SBST tools: Pynguin (Python), SynTest (JavaScript), and EvoSuite (Java). By classifying and analysing failure patterns across these tools and language paradigms, this research provides a foundational framework to diagnose shortcomings, prioritise future development, and enhance the practical effectiveness of automated test generation.

The Border Gateway Protocol (BGP) is the Internet's de facto inter-domain routing protocol. Due to its critical role in backbone infrastructure, denial of service attacks on BGP routers have the potential to compromise global connectivity.

BGP is not a standalone protocol; it relies on other protocols such as the Transport Control Protocol (TCP). In this work, we research whether BGP's reliance on TCP could lead to vulnerabilities allowing non-peers to perform denial of service attacks. We develop a methodology allowing researchers, vendors, and operators to enumerate potential weaknesses or vulnerabilities in routers and propose three attack types. We apply this methodology to physical and virtual routers from three popular vendors and identify several potential vulnerabilities. We find that one vendor's BGP implementation is susceptible to two types of attacks: SYN Flood and Connection Exhaustion. They allow a remote non-peered attacker to stop legitimate peers from connecting to the BGP listener of the affected router, preventing the exchange of routes. We responsibly disclose the vulnerability to the affected vendor. Our results show that as few as 5 to 20 packets per second can be sufficient to perform denial of service. Finally, we propose several ways to mitigate the impact of the proposed attacks.

Modern software development has to conform to high standards. Developers rely on Continuous Integration and Continuous Delivery (CI/CD) to automate the software lifecycle. However, many developers are falling short in reaping all its benefits. Developers are often misguided due to a lack of awareness of all automations, and over-engineering specific aspects does not yield the expected outcomes.

Developers need guidance on their automation focus. A deeper understanding of the automation landscape is necessary to fully leverage the full potential of CI/CD, along with a structured framework that guides developers through these possibilities. We accomplish this by applying the concept of maturity to CI/CD practices.

In this work, we analyzed Python and Java repositories on GitHub. Through open coding and card sorting, an automation taxonomy was created to chart the automation landscape. We explore an approach that helps developers identify the most valuable automations for the current state of the project, aiming to ensure a balanced approach to different automation aspects and maximize the value of automation effort. We utilize this taxonomy in a survey and series of interviews to create a maturity model, which we validated through developer feedback on our repository analysis.

It was found that maturity has a strong positive association with key repository metrics, such as commit frequency. The majority of developers perceive the maturity model as effective and would use it to guide their CI/CD efforts.

This paper extends the Tulipa energy system optimisation model by incorporating start-up and shut-down capability constraints formulated for Tulipa's fully flexible temporal resolution. The impact of adding these constraints for thermal generators is assessed using a greenfield case study with 7 European countries. Results show that including these constraints increases computation time, but they more realistically represent generator behaviour, which also results in a higher objective function value. Cases where the resolution of assets is not a multiple of the resolution of flows result in uniquely long solving times. The investments, as well as the unit operation trends remain similar on a high level. Batteries are utilised to improve the reduced flexibility, and units with the most flexible start-up/shut-down capabilities become used slightly more often, while the opposite holds for those with the least flexible capabilities. Units also tend to be turned on and off less often. This research contributes to understanding the trade-offs between model complexity and runtime in long-term energy planning.

The XRP Ledger Consensus Protocol is a Byzantine fault-tolerant algorithm that enables the XRP Ledger to reach agreement on which transactions to apply, supporting millions of transactions daily. While the protocol is correct by design, its practical implementation is vulnerable to concurrency-related bugs triggered by nondeterministic message delivery between distributed validator nodes. These bugs are subtle and difficult to expose through conventional testing. In this paper, we investigate the use of evolutionary concurrency testing combined with a priority-based message scheduling strategy to explore different message interleavings. Specifically, we evaluate multiple fitness functions and assess their ability to guide the search toward buggy executions. Our results show that EvoPriority, which applies evolutionary testing to priority-based schedules, is difficult to guide toward buggy executions regardless of the fitness function used. Although it is capable of uncovering violations on a bug-seeded versions of the XRP Ledger Consensus Protocol, its performance is similar to randomized concurrency testing.

In recent literature fully flexible temporal resolutions have been proposed as a new form of temporal clustering in generation expansion planning models, showing promising benefits in terms of the tradeoff between solution accuracy and computation time. However, unit commitment constraints such as minimum up and down times have not yet been considered in combination with these resolutions. This paper introduces minimum up and down time (MU/MD) constraints to fully flexible time resolutions and shows the effects of including them when doing generation expansion planning. This is done by constructing a case study based on the European energy grid and comparing the effects of adding MU/MD constraints to a model with a fully flexible time resolution in the form of the geographically decreasing resolution. The paper shows that the addition of minimum up and down time constraints maintains the benefits of fully flexible time resolutions, but comes with additional computation time and also has little effect on the optimal solution cost for the case study examined.

The XRP Ledger (XRPL) relies on a Byzantine fault-tolerant consensus algorithm to ensure global agreement on transactions across distributed nodes. Despite its critical financial role, the implementation remains under-tested. While prior work has shown the potential of evolutionary testing to uncover potential consensus violations in XRPL, the role of genetic operator selection in this process remains unexplored. We address this research gap by presenting a comparative evaluation of four evolutionary configurations that differ in their balance of exploration and exploitation. The system is tested by injecting network delays to simulate adverse conditions and trigger violations. Our results show that the balance of exploration and exploitation affects the performance of bug detection: configurations that favor exploitation, complemented by subtle exploration, yield the most favorable results. In addition, we contribute an extensible testing method tailored to XRPL but applicable to other distributed systems.

The decentralized nature of blockchain systems makes them prone to concurrency bugs, which are difficult to detect. There exist testing techniques to find these bugs, such as systematic exploration of the solution space, but these techniques are difficult to scale. Evolutionary algorithms have been proposed as an effective solution to find these bugs. In this research, we aim to discover the influence of evolutionary operators in the bug detection performance of evolutionary algorithms. We test this on the XRP Ledger Consensus Protocol (XRP LCP) using priority-based event representation. We present Groot, an evolutionary algorithm that is implemented using a modified version of the Rocket framework. We experimented with two combinations of operators: the Simulated Binary Crossover (SBX) operator with the Gaussian mutation operator and the Laplace Crossover (LX) operator with the Makinen, Periaux and Toivanen Mutation (MPTM) operator. We evaluated these setups using effectiveness and efficiency and compared them to a random baseline. We used a bug-seeded version of the XRP LCP to run the experiments of these setups. We discovered that all setups are capable of detecting bugs in the XRP LCP. The results indicate that the effectiveness and efficiency is not influenced by the choice of these operators in a significant way. We discuss that possible reasons for these discoveries include noise in the fitness function, event representation limitations and configuration choices that may have contributed to these results.

Fully flexible temporal resolutions have shown to be a useful tool for improving the tradeoff between the runtime and accuracy of generation expansion planning models. However, no research has been done into the effects of considering short-term operational dynamics of thermal generators in models with such resolutions. Therefore, this paper complements the existing literature by adding start-up and shut-down costs to a large-scale energy system optimisation model with a fully flexible temporal resolution. The results suggest that the addition of start-up and shut-down costs significantly increases the runtime of the model, while providing a small increase in accuracy. Additionally, they show that a compact set of start-up and shut-down constraints outperforms a full set of constraints in terms of model runtime, while having the same accuracy.

This research explores the integration of start-up and shut-down trajectory constraints into the Tulipa energy system optimisation model, which uses fully-flexible temporal resolution. These constraints aim to more realistically represent the behaviour of large thermal generators during operation. Case studies with varying time resolutions and generator configurations were evaluated to measure impacts on computation time and solution accuracy. Results show a significant increase in computation time with small gains in accuracy, compared to introduction of minimal down-time constraints.

The transition of the energy grid into a system with higher shares of renewable energy production requires careful investment planning while considering operational characteristics of generators. Generation Expansion Planning (GEP) is used for finding optimal investments, while Unit Commitment (UC) can be used to limit generator operational capabilities, such as via ramping limits, for more accurate modelling. The system may be extended to model custom thermal generator capabilities at the time of their start-up or shut-down, where they may differ from traditional ramping, promoting more precise modelling. However, the inclusion of such detail requires careful managing of model complexity to keep solving time feasible, which can be done with techniques such as Clustered Unit Commitment (CUC), and clustering time blocks while allowing flexible resolution combinations. The latter is known as Fully Flexible Temporal Resolution, and promises managing of model complexity via temporal resolution reductions, while maintaining modelling versatility. The paper targets the unexplored area of including Start-Up and Shut-Down (SU/SD) capability ramping limits alongside a fully flexible temporal resolution in a GEP & CUC model, and contributes by examining the effect of the new capabilities on the run times, investment and operational solutions, and the total system cost of a model with enabled Battery Energy Storage System (BESS) investments. The resulting findings show that the inclusion of the SU/SD capabilities has little effect on the investments and total cost of the model, significantly increases computation time, yet has a noticeable effect on the operational schedule of generators.

Distributed systems, such as blockchains, can have bugs around edge-cases that are hard to detect or trigger. Previous publications have introduced guided-search testing approaches that are able to find edge cases more efficiently than through conducting a systematic and exhaustive search. In this paper, we compare the effectiveness of fitness functions in evolutionary testing frameworks. For this we evaluate time and proposal fitness. While evolutionary testing frameworks are not new to the domain of concurrency testing consensus algorithms, the impact of the fitness functions that underpin them remains poorly understood. We use the XRPL consensus algorithm as a case study to evaluate the fitness functions using the Rocket testing framework. For this, we make use of seeded versions of XRPL. All evaluated fitness functions have been able to detect the bugs we seeded in the source code of the XRPL consensus algorithm. We show the validity of various fitness functions in trying to find the bug and analyze effects in the interplay between the time and proposal fitness functions we examine.

Integrating single-cell multi-omic data is crucial for comprehensive biological discovery, yet it remains challenging due to the weak correlation between modalities, data heterogeneity, and stringent privacy regulations. Conventional integration methods that depend on shared features or matched cells, which are rarely available in practice. While some diagonal integration approaches might mitigate some of these limitations, they are sensitive to noise, prone to overfitting, and challenging to validate, especially in the absence of centralized data access. This thesis introduces Federated Matching xcross modalities via Fuzzy smoothed embeddings (MaxFuse), a novel adaptation of MaxFuse within a Federated Learning (FL) framework, which enables privacy-preserving diagonal integration through fuzzy smoothing, federated Canonical Correlation Analysis (CCA), and iterative matching without exchanging raw data. We validate Federated MaxFuse on benchmark single-cell datasets, demonstrating that it achieves matching accuracy and embedding quality comparable to centralized baselines across supervised and unsupervised metrics. These findings establish Federated MaxFuse as a practical and scalable solution for privacy-preserving integration of multi-omic data, enabling robust cross-institutional analyses under real-world constraints.

In this work, we propose a general solution to address the non-IID challenges that hinder many defense methods against backdoor attacks in federated learning. Backdoor attacks involve malicious clients attempting to poison the global model. While many defense methods effectively filter out these malicious clients using clustering techniques, their effectiveness diminishes when the federated learning process involves non-IID datasets. In such cases, clustering methods struggle to distinguish between benign and malicious clients due to the inherent variability in the clients' data distributions.
Our proposed solution leverages data generation to mitigate the non-IID nature of clients' local datasets. By generating synthetic data, the datasets become more IID, enabling defense methods to once again effectively counter backdoor attacks. Evaluations are carried out on standard datasets in the image classification fields, like MNIST and CIFAR-10. The results show that the data generation solution can effectively improve the performance of defense methods and filter out malicious clients again. Although the generated data samples may suffer from low quality and limited diversity due to constraints in training the generative adversarial networks (GANs), our approach demonstrates significant improvements in defending against backdoors.

This thesis paper addresses the vulnerability of Deep Neural Networks (DNNs) to adversarial attacks. We introduce Multi-Scale Inpainting Defense (MSID), a novel adversarial purification method leveraging a pre-trained diffusion denoising probabilistic model (DDPM) for targeted perturbation removal. MSID employs a four-step process: (1) multi-scale superpixel segmentation, (2) occlusion sensitivity map generation at multiple scales to identify important regions for inference, (3) targeted inpainting using the DDPM, and (4) artifact removal using Variance Preservation Sampling. We investigate the effectiveness of diffusion-based inpainting for robust defense, the impact of multi-scale occlusion sensitivity mapping, and the robustness of MSID against a set of adversarial attacks, including color-based attacks. Our experiments demonstrate that MSID outperforms existing adversarial purification methods, achieving robustness improvements of up to 5.42% on CIFAR-10 and 10.75% on ImageNet against AutoAttack, with further gains against PGD and unseen attacks, while maintaining high standard accuracy. This paper, to the best of our knowledge, is the first to apply DDPM inpainting for targeted adversarial purification and demonstrates its effectiveness in purifying a range of adversarial attacks.

Blockchain systems rely on consensus protocols to ensure agreement among nodes even in the presence of malicious or faulty nodes. A consensus protocol that provides safety and liveness guarantees under such conditions is known as a Byzantine fault‑tolerant (BFT) protocol. Various whitepapers describe the design and implementation of BFT protocols, providing formal proofs of their safety and liveness properties. However, in practice such protocols are difficult to implement correctly and often contain subtle logic errors that cause consensus violations. Ensuring correctness is especially important for the XRP Ledger—a public, decentralized blockchain that processes transactions for the widely used cryptocurrency XRP. Thorough testing of consensus protocols is crucial, but systematic testing is challenging and time-consuming due to the large number of possible network and timing configurations.
In this paper, we present a replication package for evaluating randomized Byzantine fault tolerance testing on the XRP Ledger Consensus Protocol (LCP). We implement the ByzzFuzz search algorithm and compare it to naive random testing. Additionally, we investigate the impact of different hyperparameter configurations on the performance of the ByzzFuzz algorithm. Our experimental results demonstrate that both naive random testing and the ByzzFuzz algorithm detect seeded bugs in the XRP LCP, with ByzzFuzz algorithm uncovering more agreement violations. Finally, we identify the most effective hyperparameter configurations for the ByzzFuzz algorithm.

The reliability of Byzantine Fault Tolerant (BFT) consensus protocols is critical for the robustness of modern distributed systems, i.e., in blockchain technologies. Testing of BFT protocols is crucial, as consequences of faults in their implementation can lead to malicious users exploiting vulnerabilities, resulting in financial losses, data corruption, or system unavailability. Such incidents, as seen in real-world attacks on blockchain systems, underscore the need for rigorous testing methodologies to ensure protocol correctness and resilience under adverse conditions.

This paper evaluates the implementation of the Tendermint protocol in the ByzzBench framework using ByzzFuzz, a testing approach for BFT consensus protocols. ByzzFuzz introduces structured mutations to simulate real-world fault scenarios, enabling the identification of incorrect behavior. The main question addressed in this study is: Can ByzzFuzz detect subtle protocol faults more effectively than baseline testing methods, and how do mutation strategies influence fault detection performance?

Through extensive testing, ByzzFuzz successfully uncovered violations in the Tendermint implementation, demonstrating its capability to detect subtle protocol faults. A comparative analysis with baseline testing methods revealed that ByzzFuzz provides greater fault coverage, identifying nuanced issues that the baseline approach missed. Furthermore, the study evaluated the effectiveness of small-scope and any-scope message mutations, where they change a value incrementally and arbitrarily respectively. This study found that small-scope mutations perform better in finding faults.

Byzantine Fault Tolerant (BFT) protocols are designed to achieve consensus even in the presence of Byzantine faults. Although BFT protocols provide strong theoretical guarantees, bugs in the implementation of the protocols can allow for malicious activity. While previous work, like Twins and Tyr, has focused on alternative methods to test BFT protocols, our work builds upon ByzzFuzz, an automated testing algorithm, which has previously identified bugs in protocols like Tendermint and Ripple. Despite its success, its effectiveness has not yet been tested on speculative BFT protocols like hBFT. This research evaluates the effectiveness of ByzzFuzz in assessing the correctness and safety of hBFT. To address this, we implemented hBFT in ByzzBench, a comprehensive framework where BFT protocols can be evaluated using ByzzFuzz and other testing algorithms. Through testing, ByzzFuzz successfully uncovered a potential violation in hBFT and detected an injected bug in the hBFT implementation. However, detecting the known violation of hBFT required a controlled environment, highlighting areas where ByzzFuzz could be improved. The findings show that ByzzFuzz is effective at identifying bugs in hBFT, while also suggesting the need for improvement to enhance its robustness and adaptability.

Although Byzantine Fault Tolerant (BFT) protocols such as HotStuff are nominally resistant to a number of faulty or unreliable participants, implementation or design errors can cause violations in their expected properties. Because of this, it is useful to have reliable automated testing frameworks that can simulate Byzantine behaviour to make bug detection easier. In this paper, we examine the performance of the ByzzFuzz BFT testing tool using our implementation of the HotStuff protocol. We describe the design choices necessary to create a working HotStuff implementation. Then we purposefully introduce implementation flaws to evaluate the behaviour of ByzzFuzz with different parameters and mutation scopes. We compare its performance to that of a baseline random fault injection scheduler. Our results show that it was able to detect the introduced bugs using either process or network faults. ByzzFuzz's partition-based network faults were more effective at detecting bugs than the 'Random' scheduler's network faults. For process faults, we were unable to register significant differences in performance possibly due to HotStuff's simplistic pipelined structure. In our tests, any-scope mutations performed better than their small-scope counterparts for the same configuration. This could be attributed to the nature of the selected faults and HotStuff's pipelined structure.

Byzantine fault-tolerant protocols have been around for decades, offering the guarantee of agreement on a correct value even in the presence of arbitrary failures. These protocols have become a critical part of achieving consensus in distributed systems and are widely used nowadays. As such, we should aim to ensure the correct functioning of these systems and one essential step to take in this direction is by finding systematic and automatic ways to test BFT protocols. This paper evaluates the performance of ByzzFuzz, an automatic testing framework designed to find bugs in the implementation of Byzantine fault-tolerant protocols through randomized testing. In that sense, we evaluate ByzzFuzz’s ability to find bugs in our implementation, compare its method of injecting network and process faults to a baseline method that arbitrarily injects faults and compare the performance in bug detection of small-scope and any-scope message mutations. We implemented the ”Fast Byzantine Consensus” protocol and employed ByzzFuzz to evaluate the framework’s capability of finding implementation bugs. We materialized a liveness violation previously uncovered in a theoretical analysis research.