Four Computer Science MSc theses to be presented on 16 June

Monday, 16 June there will be four master thesis presentations in Computer Science at Lund University, Faculty of Engineering.

The presentations will take place in E:2116.

Note to potential opponents: Register as an opponent to the presentation of your choice by sending an email to the examiner for that presentation (firstname.lastname@cs.lth.se). Do not forget to specify the presentation you register for! Note that the number of opponents may be limited (often to two), so you might be forced to choose another presentation if you register too late. Registrations are individual, just as the oppositions are! More instructions are found on this page.

11:15-12:00 in E:2116

Presenters: Axel Prellner, Eric Martell
Title: Closed Loop Retrieval-Augmented Generation (RAG) for Content-based Recommendations in E-commerce
Examiner: Emelie Engström
Supervisors: Per Runeson (LTH), Rasmus Ros (Theca Systems)

This thesis investigates using a closed-loop Retrieval-Augmented Generation (RAG) system for content-based product recommendations in e-commerce. Traditional recommendation systems often fail to capture the nuanced context of long-form content and the evolving intent of the reader, resulting in generic suggestions that miss the mark in terms of relevance and engagement. To address this, we propose an iterative refinement approach that leverages the language understanding capabilities of Large Language Models (LLMs) and incorporates feedback from previous retrieval cycles to produce more contextually aligned product recommendations. The system was evaluated across multiple Swedish e-commerce platforms using both offline metrics and a user-based interleaving test study. Results demonstrate consistent performance improvements across iterations and a significant advantage over baseline methods. These results highlight the potential of iterative RAG for recommendation tasks and suggest broad applicability beyond e-commerce. 

Link to popular science summary: To be added

13:15-14:00 in E:2116

Presenters: Axel Froborg, Emil Lantz
Title: Vulnerability detection in an isolated network environment using the language server protocol
Examiner: Niklas Fors
Supervisors: Ulf Asklund (LTH), Hampus Balldin (Advenica AB), Thomas Lidén (Advenica AB) 

As cybersecurity regulations tighten and software projects grow more complex, detecting vulnerabilities, especially in isolated or offline-first environments, becomes increasingly challenging. This thesis introduces a tool for advanced vulnerability detection using the Language Server Protocol (LSP) to analyze code at the function level. The tool operates offline-first and consists of three components; `cve-sync` for collecting public CVE data, `cve-scan` for analyzing SBOMs and source code, and `cve-panel` for a graphical user interface.

Vulnerabilities are enriched using AI to extract function details in an attempt to reduce false positives common in package-level only scanning. By utilizing the CycloneDX SBOM format to identify vulnerable package versions in conjunction with static code analysis using LSP the system determines if the vulnerable functions are actually invoked within the code of the project.

Evaluations demonstrate improved detection accuracy for some projects as well as a reduced manual workload, making the tool suitable for high-security environments with strict network constraints.

Link to popular science summary: To be added

14:15-15:00 in E:2116

Presenters: Joakim Svensson, Anton Skorup
Title: Analyzing the analyzers: A benchmarking-based evaluation of static analysis tools
Examiner: Görel Hedin
Supervisors: Christoph Reichenbach (LTH), Eva Haslum (Axis Communications)

Static code analysis is used to discover vulnerabilities in software. We have benchmarked a select number of tools on their ability to identify errors and their level of precision. We also evaluated their usability aspects.

The greatest challenge with our evaluation is to match the errors reported by the tools with the annotated errors in the benchmark test suites. We conducted a study into how to best match these error messages. Our study concluded that the optimal matching strategy varied between different tools.

Collectively the tools found all relevant weaknesses. The open source tools in our study are generally good at detecting fundamental problems, while the more advanced tools finds more complex issues. Our validity concerns are related to the benchmarks and our matching. The matching is not perfect and differs for each tool. Benchmark tests are flawed because they contain unintended errors in addition to ambiguous intended errors.

Link to popular science summary: To be added

15:15-16:00 in E:2116

Presenters: Hugo Mattsson, Alex Gustafsson
Title: Add support for Cause & Effect Matrix language in ABB control application compiler
Examiner: Görel Hedin
Supervisors: Anton Risberg Alaküla (LTH), Christina L Persson (ABB), Stefan Sällberg (ABB)

Cause & Effect Matrices (CEMs) are commonly used in industry to describe functionality specifications for control systems. These matrices provide a clear, high-level overview of how the system should function and makes it easier to audit the specification. However, a CEM is only a specification, and to realize the control system it must be translated into runnable code. Today, no standardized programming language for CEMs exist, forcing some developers to use more general languages. These general languages may have a very different structure from CEM specifications, making it more difficult to verify the correctness of the implementation. If programs instead were written in a language of similar structure to a CEM, its benefits would be kept, and the implementation and verification costs would be improved.

This thesis defines a programming language for CEMs, taking inspiration from previous work in the field to influence its functionality. The project also includes a compiler and graphical editor for said language. With these components a CEM specification can be inserted graphically, keeping a very similar structure, and lower-level runnable code can be generated and more easily verified.

We performed a small user study that compared our language to an existing, more general language for the process control industry called Structured Text that is sometimes used when realizing CEM specifications. The study found that the idea of a CEM-specific language has value and our particular implementation shows promise, as most interviewees found our editor to be easy to use and the language to fulfil all their mentioned requirements. Therefore, our language could become a good complement to the existing languages in the space.

Link to popular science summary: To be added