Computational Science and Technology

4th ICCST 2017 Kuala Lumpur Malaysia

29 30 November 2017 1st Edition
Rayner Alfred
Visit to download the full and correct content document:
https://textbookfull.com/product/computational-science-and-technology-4th-iccst-2017
-kuala-lumpur-malaysia-29-30-november-2017-1st-edition-rayner-alfred/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Computational Science and Technology 5th ICCST 2018

Kota Kinabalu Malaysia 29 30 August 2018 Rayner Alfred

https://textbookfull.com/product/computational-science-and-
technology-5th-iccst-2018-kota-kinabalu-
malaysia-29-30-august-2018-rayner-alfred/

Computational Science and Technology 6th ICCST 2019

Kota Kinabalu Malaysia 29 30 August 2019 Rayner Alfred

https://textbookfull.com/product/computational-science-and-
technology-6th-iccst-2019-kota-kinabalu-
malaysia-29-30-august-2019-rayner-alfred/

Computational Science and Technology 7th ICCST 2020

Pattaya Thailand 29 30 August 2020 Rayner Alfred
(Editor)

https://textbookfull.com/product/computational-science-and-
technology-7th-iccst-2020-pattaya-
thailand-29-30-august-2020-rayner-alfred-editor/

Smart Objects and Technologies for Social Good Third

International Conference GOODTECHS 2017 Pisa Italy
November 29 30 2017 Proceedings 1st Edition Barbara
Guidi
https://textbookfull.com/product/smart-objects-and-technologies-
for-social-good-third-international-conference-
goodtechs-2017-pisa-italy-november-29-30-2017-proceedings-1st-
Advances in Electronics Engineering: Proceedings of the
ICCEE 2019, Kuala Lumpur, Malaysia Zahriladha Zakaria

https://textbookfull.com/product/advances-in-electronics-
engineering-proceedings-of-the-iccee-2019-kuala-lumpur-malaysia-
zahriladha-zakaria/

Advances in Visual Informatics 5th International Visual

Informatics Conference IVIC 2017 Bangi Malaysia
November 28 30 2017 Proceedings 1st Edition Halimah
Badioze Zaman Et Al. (Eds.)
https://textbookfull.com/product/advances-in-visual-
informatics-5th-international-visual-informatics-conference-
ivic-2017-bangi-malaysia-november-28-30-2017-proceedings-1st-
edition-halimah-badioze-zaman-et-al-eds/

Robot Intelligence Technology and Applications 6th

International Conference RiTA 2018 Kuala Lumpur
Malaysia December 16 18 2018 Revised Selected Papers
Jong-Hwan Kim
https://textbookfull.com/product/robot-intelligence-technology-
and-applications-6th-international-conference-rita-2018-kuala-
lumpur-malaysia-december-16-18-2018-revised-selected-papers-jong-
hwan-kim/

Internet Science 4th International Conference INSCI

2017 Thessaloniki Greece November 22 24 2017
Proceedings 1st Edition Ioannis Kompatsiaris Et Al.
(Eds.)
https://textbookfull.com/product/internet-science-4th-
international-conference-insci-2017-thessaloniki-greece-
november-22-24-2017-proceedings-1st-edition-ioannis-kompatsiaris-
et-al-eds/

Lonely Planet Kuala Lumpur Melaka Penang Albiston

https://textbookfull.com/product/lonely-planet-kuala-lumpur-
melaka-penang-albiston/
Lecture Notes in Electrical Engineering 488

Rayner Alfred · Hiroyuki Iida

Ag. Asri Ag. Ibrahim · Yuto Lim
Editors

Computational
Science and
Technology
4th ICCST 2017, Kuala Lumpur, Malaysia,
29–30 November, 2017
Lecture Notes in Electrical Engineering

Volume 488

Board of Series editors

Leopoldo Angrisani, Napoli, Italy
Marco Arteaga, Coyoacán, México
Bijaya Ketan Panigrahi, New Delhi, India
Samarjit Chakraborty, München, Germany
Jiming Chen, Hangzhou, P.R. China
Shanben Chen, Shanghai, China
Tan Kay Chen, Singapore, Singapore
Rüdiger Dillmann, Karlsruhe, Germany
Haibin Duan, Beijing, China
Gianluigi Ferrari, Parma, Italy
Manuel Ferre, Madrid, Spain
Sandra Hirche, München, Germany
Faryar Jabbari, Irvine, USA
Limin Jia, Beijing, China
Janusz Kacprzyk, Warsaw, Poland
Alaa Khamis, New Cairo City, Egypt
Torsten Kroeger, Stanford, USA
Qilian Liang, Arlington, USA
Tan Cher Ming, Singapore, Singapore
Wolfgang Minker, Ulm, Germany
Pradeep Misra, Dayton, USA
Sebastian Möller, Berlin, Germany
Subhas Mukhopadyay, Palmerston North, New Zealand
Cun-Zheng Ning, Tempe, USA
Toyoaki Nishida, Kyoto, Japan
Federica Pascucci, Roma, Italy
Yong Qin, Beijing, China
Gan Woon Seng, Singapore, Singapore
Germano Veiga, Porto, Portugal
Haitao Wu, Beijing, China
Junjie James Zhang, Charlotte, USA
About this Series

** Indexing: The books of this series are submitted to ISI Proceedings, EI-Compendex,
SCOPUS, MetaPress, Springerlink **
Lecture Notes in Electrical Engineering (LNEE) is a book series which reports the latest research
and developments in Electrical Engineering, namely:

• Communication, Networks, and Information Theory

• Computer Engineering
• Signal, Image, Speech and Information Processing
• Circuits and Systems
• Bioengineering
• Engineering

The audience for the books in LNEE consists of advanced level students, researchers, and industry
professionals working at the forefront of their fields. Much like Springer’s other Lecture Notes
series, LNEE will be distributed through Springer’s print and electronic publishing channels.
For general information about this series, comments or suggestions, please use the contact
address under “service for this series”.
To submit a proposal or request further information, please contact the appropriate Springer
Publishing Editors:
Asia:

China, Jessie Guo, Assistant Editor (jessie.guo@springer.com) (Engineering)

India, Swati Meherishi, Senior Editor (swati.meherishi@springer.com) (Engineering)
Japan, Takeyuki Yonezawa, Editorial Director (takeyuki.yonezawa@springer.com)
(Physical Sciences & Engineering)
South Korea, Smith (Ahram) Chae, Associate Editor (smith.chae@springer.com)
(Physical Sciences & Engineering)
Southeast Asia, Ramesh Premnath, Editor (ramesh.premnath@springer.com)
(Electrical Engineering)
South Asia, Aninda Bose, Editor (aninda.bose@springer.com) (Electrical Engineering)
Europe:

Leontina Di Cecco, Editor (Leontina.dicecco@springer.com)

(Applied Sciences and Engineering; Bio-Inspired Robotics, Medical Robotics, Bioengineering;
Computational Methods & Models in Science, Medicine and Technology; Soft Computing;
Philosophy of Modern Science and Technologies; Mechanical Engineering; Ocean and Naval
Engineering; Water Management & Technology)
(christoph.baumann@springer.com)
(Heat and Mass Transfer, Signal Processing and Telecommunications, and Solid and Fluid
Mechanics, and Engineering Materials)
North America:

Michael Luby, Editor (michael.luby@springer.com) (Mechanics; Materials)

More information about this series at http://www.springer.com/series/7818

Rayner Alfred Hiroyuki Iida
•

Ag. Asri Ag. Ibrahim Yuto Lim

•

Editors

Computational Science
and Technology
4th ICCST 2017, Kuala Lumpur, Malaysia,
29–30 November, 2017

123
Editors
Rayner Alfred Ag. Asri Ag. Ibrahim
Knowledge Technology Research Unit, Faculty of Computing and Informatics
Faculty of Computing and Informatics Universiti Malaysia Sabah
Universiti Malaysia Sabah Kota Kinabalu
Kota Kinabalu Malaysia
Malaysia
Yuto Lim
Hiroyuki Iida School of Information Science, Security
School of Information Science and Networks Area
Japan Advanced Institute of Science Japan Advanced Institute of Science
and Technology and Technology
Nomi, Ishikawa Nomi, Ishikawa
Japan Japan

ISSN 1876-1100 ISSN 1876-1119 (electronic)

Lecture Notes in Electrical Engineering
ISBN 978-981-10-8275-7 ISBN 978-981-10-8276-4 (eBook)
https://doi.org/10.1007/978-981-10-8276-4
Library of Congress Control Number: 2018933372

© Springer Nature Singapore Pte Ltd. 2018

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part
of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations,
recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission
or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar
methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this
publication does not imply, even in the absence of a specific statement, that such names are exempt from
the relevant protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this
book are believed to be true and accurate at the date of publication. Neither the publisher nor the
authors or the editors give a warranty, express or implied, with respect to the material contained herein or
for any errors or omissions that may have been made. The publisher remains neutral with regard to
jurisdictional claims in published maps and institutional affiliations.

Printed on acid-free paper

This Springer imprint is published by the registered company Springer Nature

Singapore Pte Ltd. part of Springer Nature
The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721,
Singapore
Preface

Computational science and technology is a rapidly growing multi- and interdisci-

plinary field that uses advanced computing and data analysis to understand and
solve complex problems. The absolute size of many challenges in computational
science and technology demands the use of supercomputing, parallel processing,
sophisticated algorithms, and advanced system software and architecture. The
ICCST17 conference provides a unique forum to exchange innovative research
ideas and recent results and share experiences among researchers and practitioners
in the field of advanced computational science and technology.
Building on the previous three conferences that include Regional Conference on
Computational Science and Technology (RCSST 2007), the International
Conference on Computational Science and Technology (ICCST 2014), and the
Third International Conference on Computational Science and Technology 2016
successful meetings, the Fourth International Conference on Computational Science
and Technology (ICCST17) program offers practitioners and researchers from
academia and industry the possibility to share computational techniques and
solutions in this area, to identify new issues, and to shape future directions for
research, as well as to enable industrial users to apply leading-edge large-scale
high-performance computational methods. This volume presents a theory and
practice of ongoing research in computational science and technology. The focuses
of this volume is on a broad range of methodological approaches and empirical
reference points including artificial intelligence, cloud computing, communication
and data networks, computational intelligence, data mining and data warehousing,
evolutionary computing, high-performance computing, information retrieval,
knowledge discovery, knowledge management, machine learning, modeling and
simulations, parallel and distributed computing, problem-solving environments,
semantic technology, soft computing, system-on-chip design and engineering, text
mining, visualization and Web-based and service computing. The carefully selected
contributions to this volume were initially accepted for oral presentation during the
Fourth International Conference on Computational Science and Technology
(ICCST17) held on November 29–30, 2017, in Kuala Lumpur, Malaysia. The level
of contributions corresponds to that of advanced scientific works, although several

v
vi Preface

of them could be addressed also to non-expert readers. The volume brings together
43 chapters.
In concluding, we would also like to express our deep gratitude and appreciation
to all the program committee members, panel reviewers, organizing committees,
and volunteers for your efforts to make this conference a successful event. It is
worth emphasizing that much theoretical and empirical work remains to be done. It
is encouraging to find that more researches on computational science and tech-
nology are still required. We sincerely hope the readers will find this book inter-
esting, useful, and informative and it will give then a valuable inspiration for
original and innovative research.
Contents

Sequential and Global Learning Styles as Pathways to Improve

Learning in Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Sin-Ban Ho, Sek-Kit Teh, Gaik-Yee Chan, Ian Chai, and Chuie-Hong Tan
Vulnerability Reports Consolidation for Network Scanners . . . . . . . . . . 11
Nicholas Ming Ze Lee, Shih Yin Ooi, and Ying Han Pang
A Performance Comparison of Feature Selection Methods for
Sentiment Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Lai Po Hung, Rayner Alfred, and Mohd Hanafi Ahmad Hijazi
A Real Time Road Marking Detection System on Large Variability
Road Images Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
B. S. Khan, M. Hanafi, and S. Mashohor
Time Delay Modeling for Energy Efficient Thermal Comfort Control
System in Smart Home Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Yuto Lim and Yasuo Tan
Energy Management Techniques for RF-Enabled Sensor Networks
Based on Internet of Things . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Shaik Shabana Anjum, Rafidah Md Noor, Ismail Ahmedy,
Mohammad Hossein Anisi, and Norazlina Khamis
Keypoint Descriptors in SIFT and SURF for Face
Feature Extractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
SukTing Pui and Jacey-Lynn Minoi
Optimizing Congestion Control for Non Safety Messages in VANETs
Using Taguchi Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Mohamad Yusof Darus, Mohd Salehuddin Zainal Abidin,
Shamsul Jamel Elias, and Zarina Zainol

vii
viii Contents

An Authentication Technique: Behavioral Data Profiling

on Smart Phones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Salmah Mousbah Zeed Mohammed, Azizul Rahman Mohd Shariff,
and Manmeet Mahinderjit Singh
An Efficient ElGamal Encryption Scheme Based on Polynomial
Modular Arithmetic in Fn2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Tan Soo Fun and Azman Samsudin
Proposed DAD-match Mechanism for Securing Duplicate Address
Detection Process in IPv6 Link-Local Network Based
on Symmetric-Key Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Ahmed K. Al-Ani, Mohammed Anbar, Selvakumar Manickam,
Ayman Al-Ani, and Yu-Beng Leau
Image-Based Technique for Turbulent Flow Segmentation . . . . . . . . . . 119
A. B. Osman, Mark Ovinis, I. Faye, and F. M. Hashim
Optimization of Remaining Energy and Error Rates for Wireless
Sensor Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Samirah Razali, Kamaruddin Mamat, and Nor Shahniza Kamal Bashah
MYTextSum: A Malay Text Summarizer Model Using a Constrained
Pattern-Growth Sentence Compression Technique . . . . . . . . . . . . . . . . . 141
Suraya Alias, Siti Khotijah Mohammad, Keng Hoon Gan,
and Tan Tien Ping
A FIPA-ACL Ontology in Enhancing Interoperability
Multi-agent Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Kim Soon Gan, Kim On Chin, Patricia Anthony,
and Abdul Razak Hamdan
Gamification Effect of Loyalty Program and Its Assessment Using
Game Refinement Measure: Case Study on Starbucks . . . . . . . . . . . . . . 161
Ooi Wei Xin, Long Zuo, Hiroyuki Iida, and Norshakirah Aziz
Rule-Based Model for Malay Text Sentiment Analysis . . . . . . . . . . . . . . 172
Khalifa Chekima, Rayner Alfred, and Kim On Chin
Proposed Scheme for Finger Vein Identification Based on Maximum
Curvature and Directional Feature Extraction Using Discretization . . . 186
Yuhanim Hani Yahaya, Siti Mariyam Shamsuddin, and Wong Yee Leng
Word-Based Classification of Imagined Speech Using EEG . . . . . . . . . . 195
Noramiza Hashim, Aziah Ali, and Wan-Noorshahida Mohd-Isa
Sentiment Analysis of Malay Social Media Text . . . . . . . . . . . . . . . . . . . 205
Khalifa Chekima and Rayner Alfred
Contents ix

Modeling Dengue Hotspot with Bipartite Network Approach . . . . . . . . 220

Woon Chee Kok, Jane Labadin, and David Perera
Data Fusion Based on Self-Organizing Map Approach to Learning
Medical Relational Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Rayner Alfred, Chong Jia Chung, Chin Kim On, Ag Asri Ag Ibrahim,
Mohd Shamrie Sainin, and Paulraj Murugesa Pandiyan
A Review on Outdoor Parking Systems Using Feasibility
of Mobile Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Md Ismail Hossen, Michael Goh, Tee Connie, Azrin Aris,
and Wong Li Pei
Volatile Organic Compounds (VOCs) Feature Selection for Human
Odor Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Ahmed Qusay Sabri and Rayner Alfred
Combining Sampling and Ensemble Classifier for Multiclass
Imbalance Data Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Mohd Shamrie Sainin, Rayner Alfred, Fairuz Adnan, and Faudziah Ahmad
Utilizing Smartphone and Tablet for Appliances Mobile
Controller System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Aslina Baharum, Nurul Hidayah Mat Zain, Ismassabah Ismail,
Chew Yun Fai, Siti Hasnah Tanalol, and Muhammad Omar
Dengue Fever Awareness Using Mobile Application: DeFever . . . . . . . . 284
Aslina Baharum, Siti Hasnah Tanalol, Jafhate Edward,
Nordaliela Mohd. Rusli, Ismassabah Ismail, and Nurul Hidayah Mat Zain
A Model for Predicting and Determining the Best-Fit Programmers
Using Prognostic Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Sorada Prathan and Siew Hock Ow
Design and Development of Novel Android 3D 3rd Person
Shooting Game . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Kim On Chin, Syukri Majdi Hamdan, and Tan Tse Guan
An Exploratory Study on Latent-Dirichlet Allocation Models
for Aspect Identification on Short Sentences . . . . . . . . . . . . . . . . . . . . . 314
Ameer Abu Bakar, Lay-Ki Soon, and Hui-Ngo Goh
Evaluation of Artificial Neural Network in Classifying Human
Gender Based on Odour . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Ahmed Qusay Sabri and Rayner Alfred
Application of Social Media Among Medical Practitioner for Sharing
Tacit Knowledge: A Pilot Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Asra Amidi, Yusmadi Yah Jusoh, Mar Yah Said, Marzanah A. Jabar,
and Rusli Haji Abdullah
x Contents

Lost in Time: Temporal Analytics for Long-Term

Video Surveillance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Huai-Qian Khor and John See
Synergy in Facial Recognition Extraction Methods
and Recognition Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Rayner Pailus Henry and Rayner Alfred
Detection and Defense Algorithms of Different Types of DDoS
Attacks Using Machine Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Mohd Azahari Mohd Yusof, Fakariah Hani Mohd Ali,
and Mohamad Yusof Darus
Performance of Decision Tree C4.5 Algorithm in Student
Academic Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Edy Budiman, Haviluddin, Nataniel Dengan, Awang Harsa Kridalaksana,
Masna Wati, and Purnawansyah
Computing Complex Roots of Systems of Nonlinear Equations
Using Spiral Optimization Algorithm with Clustering . . . . . . . . . . . . . . 390
Kuntjoro Adji Sidarto and Adhe Kania
A Survey on Context-Aware Information Retrieval Research . . . . . . . . 399
Shaiful Bakhtiar bin Rodzman, Normaly Kamal Ismail,
and Nurazzah Abd Rahman
Improved Cascade Control Tuning for Temperature
Control System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
I. M. Chew, F. Wong, A. Bono, J. Nandong, and K. I. Wong
GOW-LDA: Applying Term Co-occurrence Graph Representation
in LDA Topic Models Improvement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Phu Pham, Phuc Do, and Chien D. C. Ta
Topic Discovery Using Frequent Subgraph Mining Approach . . . . . . . . 432
Tri Nguyen and Phuc Do
Creating Prior-Knowledge of Source-LDA for Topic Discovery
in Citation Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Ho Duy Tri Nguyen, Trac Thuc Nguyen, and Phuc Do
The Study of Genetic Algorithm Approach to Solving University
Course Timetabling Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Kuan Yik Junn, Joe Henry Obit, and Rayner Alfred
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
 Sequential and Global Learning Styles
as Pathways to Improve Learning
in Programming

Sin-Ban Ho1 ✉ , Sek-Kit Teh1, Gaik-Yee Chan1, Ian Chai1 , and Chuie-Hong Tan2
( )

1
Faculty of Computing and Informatics, Multimedia University, 63100 Cyberjaya,
Selangor, Malaysia
{sbho,gychan,ianchai}@mmu.edu.my, nicholas.teh93@gmail.com
2
Faculty of Management, Multimedia University, 63100 Cyberjaya, Selangor, Malaysia
chtan@mmu.edu.my

Abstract. Programming knowledge is increasingly important to facilitate code

reuse. Nevertheless, comprehending another programming language is not simple
because of its complexity and clarification needs. Prior work focused on different
learning styles to aid programming, but it was important to identify which ones were
more effective. This research highlights findings in assessing the different documen‐
tation styles, including sequential and global documentation styles. Organizing an
observation of 125 intermediate undergraduates participated in cloud hosting compu‐
tation and file content programming exercises, this empirical investigation revealed
that sequential documentation exhibits a positive impact in obtaining programming
knowledge, significantly pertaining faster completion time, higher multiple choice
comprehension, and fewer difficulties. This concludes that sequential documentation
solutions can lead intermediate undergraduates with sequential learning styles to
faster growth in gaining programming knowledge.

Keywords: Knowledge management · e-Learning analytics

Modeling and simulations · Learning style · Documentation

1 Introduction

Programming knowledge is important in Computer Science. Since object-orientation

was introduced, object-oriented programming languages like Python [1, 2] have
emerged as a major way of organizing object-oriented code for reuse. Object-oriented
programming (OOP) comprises of a set of classes that work together to solve problems
in a domain.
Another way of looking at OOP knowledge is to think of them as prefabricated parts.
When one has prefabricated parts, one can put together a new product much faster than
if one had to build every piece from scratch. However, this also means that one must
know how the parts are intended to be used [3, 4]. The crucial problem is that a developer
who is new to a programming language may not be aware of the internal structure of
the design. Due to this, acquiring OOP knowledge from documentation often has a steep
learning curve [2, 4].

© Springer Nature Singapore Pte Ltd. 2018

R. Alfred et al. (Eds.): ICCST 2017, LNEE 488, pp. 1–10, 2018.
https://doi.org/10.1007/978-981-10-8276-4_1
2 S.-B. Ho et al.

2 Motivation of the Study

Literature on pedagogical documentation has progressed rapidly in recent years. Each

philosophy applies different models in mixing examples, texts and diagrams. Applica‐
tions of cloud hosting and file contents alphabetizing are chosen as the basis for our
study using Python [5–8]. Hence, this stage of research work is to find the outcome of
novices in pursuing the beginners’ level stage of programming in the context of the
Python programming language.
Two documentation styles are proposed in this paper, the sequential and global
learning styles [9, 10]. These documentation styles are aimed to provide exemplars in
learning and instruction that guide developers how to build applications using an object-
oriented scripting technology.
The central idea of the first style, the sequential style, is that people learn best when
their own needs and interests direct their learning. The concepts, examples, and test are
arranged immediately and directly one after another (see Fig. 1). For this reason,
sequential documentation presents instructions in small chunks and allows readers to
choose the order in which to read them, based on what seems important to them, although
they also do often have a particular starting point. Each page in sequential documentation
web pages usually links to other pages for related tasks or information that the reader
might need in order to complete the task at hand.

Fig. 1. Python learning structure for sequential documentation style

Sequential documentation generally follows these guidelines [9–12]: Training in

linear steps: motivate with following linear stepwise paths to find solutions. Absorbing
logically and directly connected pieces: testing them immediately after each concept
chunk and example. Reasoning and improvising: instead of the trouble of relating to
 Sequential and Global Learning Styles as Pathways 3

numerous different aspects of the same course or to different courses, let people be
challenged with something relevant, so that they may know a lot about specific aspects
of a course. Coordinating related components: instead of presenting ambiguous and
lengthy steps, allow their readers to progress on the task interactively. Supporting error
recognition: do not assume people will follow your instructions flawlessly; expect
mistakes and give resources to overcome them. Exploiting prior knowledge: use anal‐
ogies and avoid jargon. This mirrors the findings of [3] regarding patterns documenta‐
tion, [11] in respect to minimalist documentation, and not to be confused with step-by-
step documentation [4].
The second style, global documentation, originates from the concept of learning in
large leaps, i.e., a holistic thinking process [9]. A whole picture is gained after absorbing
the learning material almost randomly [10]. The rationale is to learn enough material
without jumping into too much detail in a particular aspect of a course. The Global style
guides learners to find connections among different areas, where the whole picture is
presented first, as shown in Fig. 2. We use the situation of giving a big picture to build
the learning materials based on the expectations of the audience.

Fig. 2. Python learning structure for global documentation style

In contrast to the sequential style of Fig. 1, the global style in Fig. 2 presents the
previews of each chapter, i.e. Chapter 2 preview, Chapter 3 preview, and subsequently,
Chapter 4 preview before navigating back to the detailed topics of Chapter 2, i.e. topics
2.1, 2.2, 2.3, and so on. The sequential documentation in Fig. 1, on the other hand,
presents each topic linearly, i.e. in the sequence of topics 2.1 and 2.2, followed by
4 S.-B. Ho et al.

chunked pieces of examples and the test. The small tests are conducted immediately
after each aspect is covered. For example, in Fig. 1, there is a small test after topics 2.1
and 2.2, and another small test after topics 2.3, 2.4, and 2.5. In contrast, the global style
in Fig. 2 emphasizes a more major test only after all topics of a chapter are covered. For
instance, there is a major test of Chapter 2 only after all topics 2.1, 2.2, 2.3, 2.4, and 2.5
are presented in the global style. With this, we observe two main differences between
Figs. 1 and 2. Firstly, the preview order and secondly, the grouping of major tests in the
global style.

3 Experiments

The sample sizes (number of students) in the two groups are different due to the different
class sections arrangement. Furthermore, the exercise-based investigation was
conducted in two different semesters. Only one type of the documentation set is uniquely
presented to the participants. The formulated hypothesis guided us to test out the docu‐
mentation sets first for their readability, soundness, and usability. After that, we rolled
them out to collect the field data. We analyzed the collected data through suitable stat‐
istical analysis techniques.

3.1 Documentation Procedure

The students would use the documentation and write Python source code, which allows
faster application development than programming languages such as C++. The tasks
outcome would have a running cloud hosting and file content alphabetization applica‐
tions.
An idea of the sequential documentation is organized in [13]. The whole procedure
of the exploratory study proceeded with the additional background information section
amended at the beginning of each piece of subtask to formulate the global documentation
[14]. Furthermore, the small chunked examples and tests are integrated into a larger
example and test towards the end of each chapter in the global style.
Table 1 shows the documentation quantitative characteristics, including their relative
length measured in bytes, as supported by Beizer [15]. The documents in the experiment
are quantitatively characterized through this methodology.

Table 1. Quantitative characteristics of the documentation

Relative characterization Sequential Global
1. Total length (kilobytes, KB) 430 KB 436 KB
2. Information that is relatively Chunked pieces of tests after Background information in
available every topic overview and collated test
3. Total document files 28 files 29 files
4. Number of sections 10 sections 7 sections
5. Number of paragraphs 48 paragraphs 38 paragraphs
 Sequential and Global Learning Styles as Pathways 5

3.2 Hypothesis
We use standard significance testing to explicitly determine the impacts of the docu‐
mentation styles. We state the hypothesis as follows.
E1H0 - There is no difference between sequential and global documentation for the
users in performing the given Python exercise. We derive the interpretations through
this hypothesis rejection or non-rejection.

3.3 Experimental Design

The experimental design consists of a factor (independent variable), and seven

dependent variables. The factor is the documentation philosophy. Meanwhile, the
dependent variables refer to the semi completion time, completion time, comprehension
of the exercise, workings, and total difficulties faced.
Factor:
• Documentation style (doctype): Two documentation groups are used, which were
mentioned in Sect. 2, each having a similar aim in completing the designated exercise.
Dependent variables:
• Semi Completion time (semiTime): Duration for the participants to complete their
first cloud hosting programming.
• Completion time (complTime): Duration to complete the entire work task.
• Comprehension: The participants need to determine the coding variables, line of
code, and function, which fulfill the given exercise. Several multiple choices ques‐
tions (comprMcq) and structured questions (comprStruc) are given to evaluate their
code understanding.
• Workings: This variable assesses how well the subjects followed the instructions to
assign default settings for the cloud hosting computation (workingHost), and file
content alphabetizing (workingFile).
• Total difficulties faced (totalDiff): Certain documentation parts let the participants
discover solutions with the documentation. The participants subsequently record the
number of difficulties they encountered.

3.4 Participants

This study involves 125 participants, who have spent between two years to four years
undergraduate at the university. They are computer science university students who
pursue the software evolution course in the university. The average student age is 22
years old. Two different documentation groups are needed to assess our experiment
hypothesis. Since the two different groups are organized according to their laboratory
sessions, the number of students in each group is different.
The lectures provide the students basic principles of software evolution and OOP.
The practical laboratory sessions supplemented the lectures so that the participants have
the chance to practice what they have learnt via the numerous coding tasks through the
on-line documentation. The participants represented intermediate undergraduates as
6 S.-B. Ho et al.

they have mostly undergone the previous courses such as Software Engineering Funda‐
mentals (SEf), pre-Python Foundation course (prePython), and Data Structures and
Algorithms (DataStruct). As they are still pursuing the software evolution course, they
are not regarded as advanced users.

3.5 Validity
To understand the two groups further, we collect the participants’ grades in previous
programming courses. We categorized the grade into zero point (‘None’), when the
participant has not attempted the course, one point (‘F’) for fail, two points (‘C’) for
poor, three points (grade ‘B’) for average, and four points (grade ‘A’) for best score.
Furthermore, we also considered the grade intervals, i.e. 2.33 points for ‘C+’, 2.67 points
for ‘B−’, 3.33 points for ‘B+’, and 3.67 points for ‘A−’.
Table 2 depicts the results of Pearson Chi-square performed, where there is no
significant difference in the two documentation groups academically, since all the p-
values > 0.050. As such, the two groups are balanced pertaining the courses that they
had taken in prior semesters, such as SEf, DataStruct, prePython, and Cumulative
Grade Point Average (CGPA).

Table 2. Pearson Chi-square tests results of previous achievement of SEf, DataStruct,

prePython, and CGPA.
Documentation group Sequential Global p-value
N (participants) 83 42 not applicable
SEf: Mean (Std. Dev.) 3.01 (0.721) 2.91 (0.543) 0.161
DataStruct: Mean (Std. Dev.) 2.67 (1.213) 2.00 (1.372) 0.115
prePython: Mean (Std. Dev.) 0.08 (0.489) 0.13 (0.862) 0.173
CGPA: Mean (Std. Dev.) 2.97 (0.498) 2.74 (0.450) 0.414

4 Data Analysis and Results

We conduct statistical analyses via the Statistical Package for Social Science (SPSS) on
the 125 responses gathered. The data is analyzed in determining which group let the
subjects compute cloud hosting (semiTime) and finish the fastest (complTime), as well
as comprehend the most in answering multiple choice questions (comprMcq) and struc‐
tured questions (comprStruc). We accumulate the number of difficulties recorded at
intervals (totalDiff). We also collect test scores in their inner workings knowledge of
the cloud hosting computation (workingHost), and file content alphabetization (work‐
ingFile). We evaluate the dependent variables normality to avoid assuming their distri‐
bution is normal. Table 3 shows the normality test result, where two dependent variables,
namely semiTime and complTime are normally distributed, with p-values > 0.050.
Hence, rather than the means, we use medians as the expected values for the other
dependent variables.
 Sequential and Global Learning Styles as Pathways 7

Table 3. Results of Kolmogorov-Smirnov normality test

Category p-value Category p-value
1. semiTime 0.061 5. workingHost 0.000*
2. complTime 0.112 6. workingFile 0.000*
3. comprMcq 0.001* 7. totalDiff 0.000*
4. comprStruc 0.012*
Note: * Statistically significant at 0.050 level (with p < 0.050)

In Table 4, some items of the sequential column are bold-faced to show that this
group has better performance than global style. In order to discuss more detail in the
results of Table 4, for example, in complTime, the sequential group took 21 min 53 s to
complete the exercise. Meanwhile, the global group took a longer time of 38 min 19 s
to complete the similar exercise. On the other hand, in terms of comprMcq, the sequential
group has a better median of 3.00 correct answers (out of 5), compared to the global
group, which has only a median of 2.50 correct answers.

Table 4. The categories descriptive statistics

Dependent variable (Category) Mean Std. Dev.
Seq. Global Seq. Global
1. semiTime (hh:mm:ss) 0:11:30 0:18:52 0:06:00 0:10:21
2. complTime (hh:mm:ss) 0:21:53 0:38:19 0:10:30 0:19:11
Median Std. Dev.
Seq. Global Seq. Global
3. comprMcq (scale: 0-6) 3.00 2.50 1.695 1.656
4. comprStruc (scale: 0-5) 3.00 2.50 1.529 1.630
5. workingHost (scale: 0-8) 8.00 8.00 0.472 0.821
6. workingFile (scale: 0-7) 7.00 7.00 0.469 0.790
7. totalDiff 1.00 2.00 2.950 2.600

Table 5 indicates the separate multivariate tests results. We conducted these F-tests
to see the specific dependent variables that are significant across the categories. We
obtained the p-values through between-subjects effects tests via MANOVA (Multi‐
variate Analysis of Variance) [16]. These results, through Wilks’ Lambda = 0.689,
F(2,122) = 27.472 (p < 0.001), implied highly significant differences in the mean scores.

Table 5. Multivariate effects of the documentation style on dependent variables.

Category F p-value Category F p-value
1. semiTime 25.252 0.000** 2. complTime 53.487 0.000**
Note: ** Statistically significant at 0.050 level with p < 0.050 (2-tailed)

Pertaining semiTime and complTime within Table 4, the sequential participants

complete their entire task faster than the other global group. In Table 5, when we look
for 0.050 standard significance level (95% probability), the sequential group gives the
8 S.-B. Ho et al.

evidence of being much faster for semiTime and complTime. Participants using sequen‐
tial are faster more significantly than the global especially on the Python topic in this
exercise, which do not have advanced pointers concept as in C++ programming
language. To generalize the results throughout the whole Python programming content
chapters, a more technical understanding such as arrays can be considered as our future
work.
Since the subsequent five dependent variables are not normally distributed over the
comparison of two groups, the non-parametric Mann-Whitney test [17] is used. In
Table 6, with the p-values more than 0.05, comprStruc, workingHost, and workingFile
have no significant differences between the two groups. The participants worked well
in assigning default settings irrespective of which type of documentation was presented
to them.

Table 6. Mann-Whitney (MW) test results on the categories.

Categories Mean rank
Sequential Global MW-U Z Wilcoxon W p-value
1. comprMcq 69.39 50.37 1212.500 −2.817 2115.500 0.005**
2. comprStruc 62.54 63.92 1704.500 −0.205 5190.500 0.838
3. workingHost 64.22 60.60 1642.000 −0.828 2545.000 0.408
4. workingFile 64.23 60.56 1640.500 −1.139 2543.500 0.255
5. totalDiff 55.00 78.81 1079.000 −3.574 4565.000 0.000**
Note: ** Statistically significant at 0.050 level with p < 0.050 (2-tailed)

Regarding comprMcq and totalDiff, the participants in the sequential group indicate
significantly better outcome than the global group at the 5 per cent level. Therefore, this
supports that the E1H0 hypothesis for these variables in Sect. 3 is rejected. This rejection
means that the sequential and global groups are different in promoting learning to the
participants. Most of the undergraduates are often from the sequential learning style, as
found by [18]. As such, the sequential documentation style suits the majority inter‐
mediate undergraduates, who typically have a sequential learning style.

5 Conclusion

In summary, the strong measurements showing the shorter duration of semi completion
time, the faster completion time, with the higher multiple choice questions (MCQ)
comprehension, and fewer total difficulties faced confirm the advantage of the sequential
documentation. Based on our experiment, we discover that Python programming
learners perform better in terms of knowledge acquisition using sequential documenta‐
tion compared to global learners. As majority of the participants exhibit sequential
learning characteristics, we can conclude that students’ learning performance is related
to their learning styles. Most of the undergraduates are often from the sequential learning
style, as found by [18].
Therefore, knowing the learning styles of each student can help identify their learning
preference, which can eventually be utilized in instructional documentation to improve
 Sequential and Global Learning Styles as Pathways 9

students’ learning performance. The aim of suiting documentation according to the

students’ learning style is to harness their learning performance. This will have a positive
impact on the result of less text context preferable with sequential documentation, which
is shown effective at least in the context of basic Python programming tasks.
For future work, we can consider advanced topics of Python as a whole, and use
Structural Equation Modelling (SEM) for data analysis. SEM refers to a multivariate
statistical technique, which aims to explain further the relationship of multiple variables.
The main benefit of SEM over other multivariable techniques is its ability to examine a
series of dependence relationships simultaneously [19–21]. With this, SEM allows all
hypothesized relationships to fit together into a single model so that they can be simul‐
taneously evaluated. This can give higher accuracy than individual causal path testing
of the proposed pathways to acquire effective programming knowledge.

Acknowledgments. This research work was financially supported by the Fundamental Research
Grant Scheme, FRGS/1/2015/SS06/MMU/02/1.

References

1. Schneider, D.I.: An Introduction to Programming Using Python, pp. 208–237, 299–315.

Pearson Education Limited, Harlow (2016)
2. Lutz, M.: Learning Python, 5th edn, pp. 862–868. O’Reilly Media Inc., Sebastopol (2013)
3. Chai, I.: Pedagogical framework documentation: how to document object-oriented
frameworks: an empirical study. PhD dissertation, University of Illinois at Urbana-
Champaign, IL (2000). http://www.cs.uiuc.edu/research/techreports.php?
report=UIUCDCS-R-99-2077. Accessed 25 Sep 2017
4. Ho, S.B.: Framework documentation with patterns: an empirical study. PhD thesis,
Multimedia University, Cyberjaya, Selangor, Malaysia (2008)
5. Gaddis, T.: Starting Out with Python, 3rd edn. Pearson Education Limited, Upper Saddle
River (2015)
6. Unpingco, J.: Python for Probability, Statistics, and Machine Learning. Springer, Switzerland
(2016)
7. Nelli, F.: Python Data Analytics, pp. 13–34. Springer, New York (2015)
8. Briggs, J.R.: Python for Kids: a Playful Introduction to Programming, pp. 193–217. No Starch
Press Inc., San Francisco (2013)
9. Felder, R.M., Spurlin, J.: Applications, reliability and validity of the index of learning styles.
Int. J. Eng. Educ. 21(1), 103–112 (2005)
10. Graf, S., Viola, S.T., Kinshuk: In-depth analysis of Felder-Silverman learning style
dimensions. J. Res. Technol. Educ. 40(1), 79–93 (2007)
11. Carroll, J.M.: Minimalism Beyond the Nurnberg Funnel. MIT Press, Cambridge (1998)
12. Dollmat, K.S., Ho, S.B., Chai, I.: A minimalist approach in creating a guide for Visual Basic
2010. In: Proc. IEEE Student Conference on Research and Development (SCOReD 2010),
Kajang, Selangor, Malaysia, pp. 154–158 (2010). https://doi.org/10.1109/SCORED.
2010.5703992
13. Example of the documentation fragment which was presented in the sequential documentation
group. http://pesona.mmu.edu.my/~sbho/Pythoncmd/Pt1.1.3.html. Assessed 25 Sep 2017
10 S.-B. Ho et al.

14. Example of the documentation fragment that is available in the global style, but not available
in the sequential documentation. http://pesona.mmu.edu.my/~sbho/Pyglobal. Assessed 25
Sep 2017
15. Beizer, B.: Software is different. In: Patel, D., Wang, Y. (eds.) Comparative Studies of
Engineering Approaches for Software Engineering, vol. 10, pp. 293–310. Baltzer Science
Publishers, Norwell (2000)
16. Neter, J., Kutner, M.H., Nachtsheim, C.J., Wasserman, W.: Applied Linear Statistical Models.
McGraw Hill, Boston (1996)
17. Leech, N.L., Barrett, K.C., Morgan, G.A.: IBM SPSS for Intermediate Statistics: Use and
Interpretation, 5th edn. Routledge, Taylor & Francis, New York (2015)
18. Ho, S.B., Tan, C.H.: Local population: a study in the influence of learning styles in computing
field. Aust. J. Basic Appl. Sci. 9(22), 1–7 (2015)
19. Hair, J.F., Black, W.C., Babin, B.J., Anderson, R.E.: Multivariate Data Analysis, 7th edn.
Pearson Prentice Hall, Upper Saddle River (2010)
20. Finch, W.H., Immekus, J.C., French, B.F.: Applied Psychometrics Using SPSS and AMOS.
Information Age Publishing Inc., Charlotte (2016)
21. Ho, R.: Handbook of Univariate and Multivariate Data Analysis with IBM SPSS, pp. 421–
505. CRC Press, Taylor & Francis Group, Boca Raton (2014)
 Vulnerability Reports Consolidation
for Network Scanners

Nicholas Ming Ze Lee, Shih Yin Ooi ✉ , and Ying Han Pang
( )

Faculty of Information Science and Technology, Multimedia University, Melaka, Malaysia

lmz.nicholas@gmail.com, {syooi,yhpang}@mmu.edu.my

Abstract. Vulnerability scanning is one of the vital process conducted by many

penetration testers and security consultants as to assess the security of an organ‐
izational network. However, when multiple vulnerability scanners are used,
reports of varied sources have to be compiled via manual means. It is an uncom‐
plicated but lengthy process, where vulnerabilities of different reports have to be
examined thoroughly in order to assess them. Thus, this paper describes an
approach of creating a report consolidation tool in order to merge similar vulner‐
abilities and to unify results of differing scanner.

Keywords: Vulnerability management · Vulnerability merging · Scanner

1 Introduction

The ever-increasing popularity of Internet has not only made it a cornerstone for infor‐
mation sharing, but also paves way to numerous new opportunities. It has now become
imperative, especially for organization to secure their network perimeters and any access
points which could turn out to be the root of security breach. However, the amount of
tests required to analyze and identify every misconfigurations and weaknesses in a
system are too much of a work. Coupled with both internal and Internet-facing devices
in the network, the amount increases exponentially. Thus, a software which is known
as vulnerability scanner is used to automate the process of identifying potential security
holes.
Vulnerability scanning is often conducted in a penetration test in order to quickly
identify and quantify the exposure to weaknesses [1]. Thereafter, an exploitation will
be attempted in order to access the risks associated with the vulnerabilities found. This
will also enable the organization to pinpoint the more critical weaknesses and to provide
suitable mitigations for them.
Due to the nature of the vulnerability, each scanner of differing vendor employs a
different set of algorithms and are specialized in different types of use case. Hence, by
using several vulnerability scanners altogether, one scanner could tackle the limitations
of the other scanners. It is especially beneficial to smaller-scale companies, where the
budget of leasing and purchasing a commercial scanner can be cut off greatly by utilizing
a variety of open source and free vulnerability scanners. However, at the cost of using
multiple scanners, a problem arises at the end of the scanning phase. Be it security

© Springer Nature Singapore Pte Ltd. 2018

R. Alfred et al. (Eds.): ICCST 2017, LNEE 488, pp. 11–20, 2018.
https://doi.org/10.1007/978-981-10-8276-4_2
12 N. M. Z. Lee et al.

consultants, penetration testers, or a private individual, a report documenting the list of

findings and methods is expected to be delivered. A tedious job would then be required
to manually scrutinize dozens of reports.
Thus, this paper explores the work done on developing the proposed framework with
the objective of parsing and merging vulnerabilities addressed from different network
vulnerability scanners.
An overview and literature review on related topics are featured in Sect. 2.
Section 3 contains the design of the proposed system. Section 4 presents the implemen‐
tation result of the proposed system, followed by the conclusion of this paper in Sect. 5.

2 Background

2.1 Types of Vulnerability Scanner

Vulnerability scanner can be categorized into two groups – network and host based
vulnerability scanner [2].
A host-based scanner is installed and runs from within the target host itself. This
enables the scanner to access to low level data and is able to provide a greater insight
on a vulnerable system. Some common risks and vulnerabilities that can be detected by
host-based scanner include backdoors, non-compliant policies, weak passwords and
inadequate file access permissions.
A network-based scanner scans and examines live systems over the network. Typi‐
cally, an unabridged network vulnerability scanner is able to perform banner grabbing
and scans for related vulnerabilities and misconfigurations. There are some scanners,
however, specialized in handling specific task of a complete network scanning suite,
such as the port scanner and application scanner [3].
The main functionality of a port scanner is to identify open and closed ports on the
target. Some notable features included OS fingerprinting, services and applications
identification, and version scanning. While port scanner is able to gather information of
the target host, it does not detect nor identify any vulnerabilities. On the other hand, an
application scanner is used to assess configurations and security features of specific
application. Database servers and web applications are the more common applications
being assessed.
Network-based scanning can be done easily as compared to a host-based scanning.
A host-based scanning requires the installation of the scanner in every system to be
assessed, while a network scanner can be launched remotely and assess multiple systems
on the network. In certain cases, the merit of using host-based scanner is that, a greater
level of security check can be performed, since a network scanner does not have a direct
access to the file system of the target.

2.2 Architecture of a Vulnerability Scanner

Typically, a vulnerability scanner consists of four main components: user interface, scan
engine, scan database and report module [4].
 Vulnerability Reports Consolidation for Network Scanners 13

• User interface. It allows users to operate and configure the scanner, two main types
of user interface are used by vulnerability scanners – graphical user interface (GUI)
and command-line interface (CLI). Alternately, some scanners allow the use of its
API (Application Programming Interface). By sending specially crafted messages,
user is able to launch an automated scan easily without the need of user interface.
• Scan engine. The core module which, based on plugins installed, carries out specified
scanning tasks. Some scanners identify vulnerabilities by detecting running services
and its version, while others attempt exploitation on the scanned target.
• Scan database. Data stored in the database are used by scanner to aid in scanning and
reporting. While contents of the database varied for each vendor, some of the more
common ones are vulnerability information, configuration data, scanning results and
Common Vulnerabilities and Exposures identifier (CVE-ID).
• Report module. Most Scanners now allow users to customize and sort the contents
of scan result. From a high-level summary report to a detailed technical report,
different levels of view and formats can be provided for employees of a different
echelon.

2.3 Vulnerability Source and Database

Vulnerability feed and database plays an important role in unifying vulnerabilities from
various technologies and keeping us informed firsthand of new security flaws. Security
professionals and developers rely on these feeds to keep an organization or software
application secure.
Maintained by MITRE Corporation, the Common Vulnerabilities and Exposures or
CVE in short, is a dictionary of publicly known security vulnerabilities. It has become
the de facto standard many organizations have referred to as a source for vulnerability
intelligence [5]. Rather than being a vulnerability database itself, CVE uses a standar‐
dized identifier to facilitate data sharing and association across separate security tools
and databases. As such, it does not include an in-depth technical details and solutions
for each vulnerability [6].
One such vulnerability database which addresses the lack of analysis on the CVE
entries is the NIST National Vulnerability Database (NVD). NVD data is freely avail‐
able, it is built on top of CVE and synchronizes with every new vulnerability added to
the CVE dictionary. Additional capabilities include a fine-grained search engine and
enhanced information [7] for each CVE entry. The additional information include but
are not limited to technical details, vulnerability fixes and CVSS severity.
Common Vulnerability Scoring System (CVSS) is a prevailing open industry
standard used to calculate and produce a numerical score reflecting the severity of a
vulnerability. The scores can then be used as a guidance for an organization to plan and
prioritize on the vulnerabilities which poses a substantial amount of risk [8]. CVSS is
made up of 3 metric groups [9], with each representing a different area of concern. The
first group is the base metric, it reflects the intrinsic qualities of the vulnerability which
remain unchanged with time and user environments. The temporal metric group other‐
wise, expresses the qualities that change with time such as the availability of exploit
14 N. M. Z. Lee et al.

techniques at present time. The environmental metric group then defines the qualities
of the vulnerability based on the user’s environment.
Recently in April 2016, the popular and comprehensive Open Sourced Vulnerability
Database (OSVDB) announced the shutting down of its services [10]. OSVDB was
around for 14 years, dedicated on cataloguing vulnerabilities of various types for non-
commercial uses. The shutdown has causes some of the vulnerabilities to lose their only
identifier, as well as references used in many of the security products such as Metasploit
to point to a non-existing resource. Although a modest attempt on the replacement of
the identifier has already begun, a coordinated effort would be required in order to build
a complete historical vulnerability database [11].

2.4 Existing Free Vulnerability Management and Reporting Tools

Dradis Community Edition [12] is an open source vulnerability management and
reporting tool. It is one of the more active and frequently updated project. The
Community Edition is maintained by a small dedicated team and is sponsored by
Security Roots. It uses plugin architecture to integrate more scanner tools, output file
formats and customized functionalities. Managing of imported or custom data is also
possible through the web interface of Dradis. Some templates for importing plugins are
bundled with Dradis for easier creation and modification. The commercial version of
Dradis is another alternative for a more consistent support and quality reporting.
Another free vulnerability reporting tool is the MagicTree by Gremwell [13].
Although the last update for the tool is year 2013 and has remained in the same version
ever since. Most of its operations remain intact. MagicTree has main functionalities
similar to that of Dradis’, which includes aggregating vulnerabilities data, querying
imported data, and generating report based on supplied templates. It also supports the
execution of shell commands, and allows XML results to be combined together with the
imported data. For example, Nmap port scanner can be executed and its result obtained
directly from MagicTree. Besides, the notion that imported data are stored and organized
in a tree structure is the reason why it is named MagicTree.

3 Solution Design

3.1 Process Flow

The program accepts vulnerability reports in XML format. Before they are parsed,
plugins and templates which reside in respective repository are scanned and imported
into the main program. Each plugin is created to associate to a specific nature of a report
or a vulnerability scanner. In it contains detection signatures, parsing instructions and
hexadecimal color code.
• Detection signatures comprise of a root tag and a list of XPath expressions. They are
used as a green light to assign a particular plugin in handling specific vulnerability
report.
 Vulnerability Reports Consolidation for Network Scanners 15

• Parsing instructions are a set of Python codes responsible in obtaining relevant data
from the assigned report.
• Hexadecimal color code is used by templates for output styling. Each color serves
as an identity to distinguish which vulnerability scanner the data originated from.
Root tags are obtained from both supplied vulnerability reports and detection signa‐
ture in plugins to perform comparison. If there’s a match, further tests using XPath
queries are executed to verify the report. A report will only be assigned to a plugin once
all conditions are met.
The parsing instructions are then called from associated plugin to perform data
extraction. Each report is parsed block by block in an iterative manner using approach
published by IBM [14]. Subsequently, all previous nodes which are processed will then
be freed. This is to ensure memory consumption is kept low instead of loading the entire
report into memory. A simple pseudocode on parsing Nessus report is shown as below,
which adheres to the structure [15].

Extracted data are stored in a two-dimensional data frame structure with attributes
as shown in Table 1. When all data are extracted from supplied reports, a cleanup process
on the extracted data is initiated. Any redundant data found are removed and an attempt
to merge vulnerabilities of different scanners is made.
Thereafter, user-selected template is executed to build the consolidated report.
Several common templates have been created for this project at the time of writing, such
as complete database dump in CSV format, and sort based on vulnerabilities and scan‐
ners in Microsoft Word Document format.
16 N. M. Z. Lee et al.

Table 1. General attributes for each instance of data.

Attribute Description
Name Vulnerability name
Port Port and protocol used
Reference Reference identifier related to found vulnerability
Reference URL URL for the reference
Severity Severity score
CVSS score CVSS base or temporal score
Risk Risk factor ranging from low to critical
Summary Short summary on the vulnerability
Description Full description of the vulnerability
Solution Provided remedies for the vulnerability
Impact Consequences of the vulnerability on the system
Extra Extra technical information such as footprint and scanner output
PCI PCI audit scan result

3.2 Programming Language and Libraries Used

Since performance is not the main focus in this paper, Python scripting language, or
Python 3 specifically, is used primarily in building the framework. There are two
versions of Python available – Python 2 and Python 3. Python 2 is the legacy version
and will reach the end-of-life support in year 2020, while Python 3 is under active
development and will be “the future of the language” [16].
There are a few advantages of choosing Python as the development language, the
first one being the portability it offers. Since Python is a scripting language, it can be
run on any machine that has a Python interpreter installed. This allows the Python code
to be executed independently on different platforms without the need of modification.
Besides, Python comes with a large number of standard libraries which can be imported
as needed instead of requiring all functionalities directly. When performance is a
concern, modules written in compiled language such as C can also be used to circumvent
the complications of interpreted language. In addition to portability and extensibility,
Python is one of the more popular language, it is favored for its decent development
speed and easily understood high-level language without compromising any efficacies.
Due to its popularity, there are a generous amount of third party modules being actively
developed and are available to be used.
In this project, several third-party libraries are used in order to utilize the wide avail‐
ability of the libraries the community has offered, and also to ease the development of
the project without the need to re-implement the functionalities. Some notable libraries
are listed as below.
• lxml – lxml is a popular library which is used to parse and process vulnerability
reports in XML format. Few other libraries which offer the same functionalities such
as cElementTree and the built-in ElementTree are taken into consideration as well.
However, after running several tests using parsing techniques posted by IBM [14],
 Vulnerability Reports Consolidation for Network Scanners 17

both cElementTree and ElementTree are not chosen due to their inferior performance
as compared to lxml’s.
• pandas – Built on top of NumPy library, pandas offers fast and flexible data structure
which is designed to work with many kinds of data. It is used to access and store the
extracted data easily, as well as a built-in function to enable the exporting of the
stored data into CSV format.
• Python-docx – The library allows a DOCX format report to be built and generated
easily. It is primarily used by template in the final stage of the program.

3.3 Data Processing and Consolidation

Unless otherwise specified, the execution of the program will filter out redundant infor‐
mation generated by some of the vulnerability scanners, namely Nessus and OpenVas.
The excessive information mostly originated from the same vulnerability due to different
ports such as the port 80 and port 443 which are reserved for HTTP and HTTPS respec‐
tively. The process is done by querying duplicate vulnerability name entries stored in
the data frame. If attributes of the duplicate pair have unalike content, both contents will
be obtained and appended to one another in a newly created record.
Next, consolidation of vulnerabilities from different scanners will be executed. Since
scanners of multiple vendors are involved, even though when a system has only one
weakness, several results addressing the same vulnerability might be obtained. More‐
over, they would have a dissimilar name from one another even though their contexts
are similar. The method used for clustering is through linking references associated to
the vulnerability. CVE reference is used in this program as it is publicly available and
amongst the prevailing standard. Besides, it also highlights the specific instance within
a product or a system, thus reducing possibility of incorrectly clustering unrelated
results. While the consolidation approach relying on Common Weakness Enumeration
(CWE) reference might proves useful, the result will not be as precise as compared to
CVE. The reason is that CWE reference highlights the class of a vulnerability instead
of the specific instance a vulnerability in. While CWE can be used, more efforts/tech‐
niques will be required to refine the broad clustering. Thus, CVE method is used as a
proof of concept for this paper.
The program will first create two temporary dictionaries. One contains all unique
CVEs key with their associated vulnerabilities of same host, and the other containing
the contrariwise. Next, each unindexed key in CVE dictionary is then obtained and
processed. Any unprocessed vulnerabilities associated to the CVE are stored and their
unindexed CVEs obtained for further operation. The recursion is stopped when all CVEs
keys are indexed. All vulnerabilities which are returned from the corresponded recursion
will be assigned the same cluster. A sample process is illustrated in Fig. 1.
18 N. M. Z. Lee et al.

Fig. 1. An example showing the clustering of three similar vulnerabilities.

4 Implementation Result

A simple command-line interface is created in the implementation phase. Input files and
reporting template are the mandatory parameters required by the program. A sample
demonstration of the command-line usage is shown in Fig. 2 below.

Fig. 2. Demonstration on command-line execution of the program

A database snapshot of the consolidated vulnerabilities is shown in Fig. 3. The

generated result is obtained by consolidating reports of three vulnerability scanners
which are deployed against an Apache server host.
Another random document with
no related content on Scribd:
headstrong rebels should be swept away by the stroke of its formidable
wing!

This law, drafted entirely by him, with its every villainy cunningly
concealed, or placed in the light of a sacred duty, and as the only means of
assuring public safety, Robespierre would himself lay before the
Convention. The deputies, who had been insulted in the person of their
President by that brawling meddler arrested on the Place de la Révolution,
could not but pass the law, after such a scandalous scene. That public insult
of the riotous rebel was an excellent pretext. It would help him to take them
by surprise, to wring from them the vote which would place entirely at his
mercy not only his rivals who had expressed their opinions so freely, but
also that rude scoffer, already doomed to die.

His trial would not last long! But before his death he should be brought
before Robespierre. He should lay bare the most secret recesses of his soul,
denounce his accomplices, and disclose his connections and parentage.
Such an insult, the cruellest Robespierre had as yet sustained, demanded an
exemplary penalty. The death of the man himself would not suffice; he
should pay with the heads of every one connected with him in any way—
accomplices, friends, and relations. Ah! the wretch, he had sacrificed not
only his own life, but the lives of all near and dear to him!

Pondering still on the cross-examination he would so soon be able to

enforce, Robespierre descended into the dining-room, where the family had
assembled for supper. The table had not been laid out-of-doors, partly on
account of the uncertain weather, but more especially to divert
Robespierre's attention, by a change of surroundings, from the
remembrance of the last two days, and to turn into a fresh channel the secret
thoughts of their good friend, which they felt still dwelt on the failure of his
inauguration.

Robespierre found the family so bright and affable that his reappearance
was not embarrassing. He had but to explain vaguely the cause of his
indisposition, which was quite gone. Oh, yes! every one could see that!
Why, he looked so well, so full of life! What a good thing it was, after all,
to have had a day's rest!
 But this conspiracy of smiles, which had put him at his ease so quickly,
soon began to irritate him. The whole family racked their brains to find
scraps of news and items of interest outside the one all-absorbing subject of
his thoughts. When the dessert came on, however, Robespierre himself
turned the conversation to the carefully avoided theme, and asked their
candid opinion of the previous day's fête.

As they resorted to evasions, giving a host of details to escape the main

question, he asked them plainly what they thought of his personal success.

"It was gigantic!" said Madame Duplay.

"Ah, that's a woman's answer—a mother's!" he replied sadly.

And longing for sympathy, he opened his heart to them; he had been
disappointed in his dearest hopes; everything must begin over again. Lebas
interrupted him.

"You exaggerate, I think."

Robespierre replied calmly—

"I am so far from exaggerating that I have passed the whole day in
preparing my revenge."

Here they were interrupted by a knock at the door, and young Duplay
rose to open it.

"Ah! it is Buonarotti!" they all exclaimed. "What a pleasant surprise!"

But it was not a surprise at all. The demoiselles Duplay had invited
Buonarotti to supper, a valuable and ever-welcome guest, in so far that he
played the harpsichord to perfection, and used to accompany Lebas, who
was always ready to show his talent on the violin. Buonarotti was an
original character, a Corsican by birth, claiming descent from Michaël-
Angelo. He was an ardent revolutionist, and an enthusiastic admirer of
Robespierre. He had begged to be excused from accepting the invitation to
dinner, but promised to come in afterwards to cheer up his friend.
 The family took advantage of his entrance to leave the table and move
to the drawing-room, where music was soon started, in spite of the terrible
longing Buonarotti had to talk politics, and to give Robespierre an account
of the different opinions of the fête which he had picked up here and there.
But they had dragged him coaxingly to the harpsichord, laying a sonata of
Mozart before him, of which Lebas had already struck the first bars on his
violin.

In no other apartment was the hero-worship of the Duplays more

evident than in this drawing-room, with its furniture covered in Utrecht
velvet, where portraits of the Incorruptible faced each other in every
conceivable form and position—on the walls, on the tables, on the brackets,
and even on the harpsichord; in crayon, water-colours, plaster-cast
medallions, bronze, and terra-cotta. This was the sanctuary in which the
Duplays loved to congregate under the auspices of their demigod. It was
here they spent their evenings, when sometimes a few friends were
admitted to the intimacy of the family circle. The young women, seated at
the round table, would occupy themselves with sewing or embroidery,
whilst the men conversed on one subject or another, more often suggested
by some letters or reports among Robespierre's correspondence, which was
usually sorted by Lebas or Duplay.

The hours were sometimes enlivened by music, and sometimes also by

recitation. When there was music Lebas and Buonarotti carried off all the
honours, but in recitation it was Robespierre who triumphed, for he had
preserved from his youth the love of rhymed and sonorous phrases. As he
had read aloud to himself long ago in his little room at the Hôtel de Pontivy
the burning pages of "La Nouvelle Héloïse," so he read now, amidst these
austere Republican surroundings, the tragedies of Corneille and of Racine,
giving himself up to the magic sway of the rhythmic verse, a smile of
appreciation on his lips.

But that evening he was quite preoccupied, and gave but little attention
to the music, as he sat with his back to the mantelpiece, entirely absorbed in
the voluminous correspondence which had just reached him—letters,
reports, denunciations and the like. He sorted them feverishly, handing them
one by one to Simon the wooden-legged, who stood near him, either to
classify them or to throw them in the waste-paper basket. Mother Duplay,
ensconced in a deep armchair, was indulging in her after-dinner nap, whilst
old Duplay smoked his pipe, leaning on the window ledge to watch the
departure of some of the workmen kept late over some pressing work.
Young Maurice Duplay ran backwards and forwards from one group to
another, as lively and active as a squirrel.

Buonarotti, still at the harpsichord, was now playing the hymn to the
Supreme Being, by Gossec. The air fell on Robespierre's ears and brought
back the previous day's fête to his memory: the procession from the gardens
of the Tuileries; the affectation of the deputies in keeping so far behind him
to make it appear that he had already assumed the role of Dictator; the
whole plot which he felt was undermining the popular rejoicings; and the
untoward scene of that final insult. All this and more was suggested by that
hymn composed to celebrate his apotheosis, but reminding him to-day of
his defeat. His defeat! yes, nothing less than defeat! These anonymous
letters, inspired by hatred and envy, proved it only too plainly, and it was
emphasised by the reports of his police agents, in whose obsequious
language a certain embarrassment could be detected.

Just then Didier, the chief agent, entered, bringing the latest news, and
when Robespierre asked him his impression of the fête, he declared it to
have been perfect.

"You are lying!" said Robespierre.

Brought to bay by the Incorruptible's questions, the police agent owned

the truth. The affair bad been a disastrous failure. It was the fault of the
organisers, of Didier's own scouts. Every one, in fact, was to blame. The
men hired to applaud had been imprudently paid in advance. They had
drunk hard, lingered in the taverns, and only arrived on the scene when the
fête was already compromised. Didier gave him other details, corroborating
the reports which had just reached him, and opened his eyes to things
ignored before. Robespierre was dumfounded on hearing of the audacious
conduct of his enemies. He called Duplay, who was still at the window, to
seek counsel with him. But Didier, emboldened by the interest which the
Incorruptible took in his disclosures, ventured himself to proffer advice.
 "Between ourselves," he said, "the guillotine is becoming unpopular."

And he confessed that the young fanatic's cry of "Down with the
scaffold!" at the fête, seemed to have been trembling on the lips of a
considerable number of the spectators, who were more than half inclined to
protect the insulter from the violence of the crowd.

"They are heartily sick of it," he continued. "Another proof of this is the
protest the inhabitants near the Bastille have been making against its
erection there. The Committee of Public Safety had to see into the affair to-
day in your absence, and have decided that the guillotine should be
transported to the Barrière du Trône."

This last piece of news exasperated Robespierre beyond measure. What!

His colleagues of the Committee dared to take such an important step in his
absence? And that, too, the very day after he had been publicly insulted! In
truth, the moment was well chosen to show themselves ashamed of the
scaffold! And as Robespierre questioned Duplay on the number of prisoners
condemned during the day, he was astonished to learn that there were only
fifteen. Had the Tribunal then been won over by the Conspiracy of the
Lenient? However, the carpenter assured him that it was simply a
coincidence, for he had heard Fouquier-Tinville, the Public Prosecutor,
remark at the conclusion of the sitting that if things continued at this rate
there would never be an end of it. There were, it appeared, at that moment
seven thousand prisoners under lock and key.

"Fouquier-Tinville is right," said Robespierre; "things move too slowly."

"But how can they go quicker?" asked Duplay, who regarded his
juryman's duties as sacred.

"Have patience! I have my plans."

"May we hear them?"

"You shall know to-morrow. I must first of all make an example of that
young fanatic, with whom it is time to deal."
 And turning to Didier he asked—

"Where is he?"

"A few steps from here, at the police station of the Rue Saint-Florentin,
where Héron has locked him up, pending your orders."

"Very well! Bid Héron bring him here; I wish to examine him instantly."

The peremptory tone admitted no reply. Didier, wishing the company

good-night, left the room with Simon Duplay, whom the Incorruptible had
charged with several messages, and Cornélie, taking advantage of their
departure, called Robespierre to the harpsichord.

"And now, I hope you will take a little notice of us," she said, coming
towards him in half petulant, half coquettish mood.

Robespierre, softening at her approach, kissed her hand. Only let him
have the time to answer a letter from his friend Saint-Just, and he would be
entirely at her disposal. And he seated himself at the round table to write.
Only Buonarotti played now. Lebas had laid down his violin, and whilst
filling his pipe asked Robespierre for news of the Army of the North, where
Saint-Just then was. All was going well there. Robespierre had also good
news from his brother Augustin, then at Lyons, and on the point of
returning. Augustin warmly recommended to him a young general of the
artillery whom he had known at Nice, and who had already distinguished
himself at Toulon.

"Augustin tells me that this young man could replace, to some

advantage, that drunkard Hauriot as commander of the armed force of
Paris."

Buonarotti, who was still at the harpischord, turned at the mention of

Toulon.

"Bonaparte?" he said.

Robespierre looked across. He knew him, then?

 Yes, he knew him. They had lived together in Corsica. And as the
Incorruptible asked what were the sentiments of the young soldier, he
replied—

"Excellent. He is Republican to the core."

"Well, we shall see," said Robespierre, favourably inclined to a change,

adverse as he was to the idea of a military commander remaining too long
in the same post.

And he began his letter to Saint-Just, at the same time lending an ear to
Lebas, who was telling Duplay of certain rumours coming from the army of
the aspiration of some of its chiefs to the dictatorship. But Duplay
interrupted him—

"Sapristi! I had almost forgotten!"

Robespierre raised his eyes inquiringly.

"I have a letter also to give you."

"From whom?" asked the Incorruptible, reassured as soon as he knew it

was only a letter.

"From a prisoner, I think, who very innocently confided it to one of our

spies. It was given to me just now at the Tribunal."

Duplay searched in his pockets, and having found the letter, handed it to
Robespierre, who continued writing.

"Look at it with Lebas," he said.

Lebas took the letter, and going to the mantel-piece, commenced to read
it by the light of a candle. Duplay, in the act of filling his pipe, looked over
his shoulder.

It was Clarisse's letter to Robespierre, and read thus—

 "I should not write to you if I had only my own life to plead for. But I
have to protect that of two children, my niece imprisoned here with me and
a son of nineteen years, who may be arrested at any moment and sent to the
scaffold, and good God, by whom! CLARISSE."

Robespierre had now finished his letter to Saint-Just, and whilst closing
it, asked—

"Well, and the letter?"

"It is a woman who supplicates you for her niece imprisoned with her,"
answered Lebas.

Robespierre, annoyed, stopped him, saying curtly that he received

twenty such letters every day.

"She also supplicates you for her son," added Lebas, still perusing the
note.

Robespierre simply shrugged his shoulders and sealed his letter to

Saint-Just.

"Always the same refrain!" he said.

"Shall I throw it in the basket, then?"

"Yes, do, for goodness' sake!"

But Duplay took the letter from Lebas's hands, twisted it into a spill,
and ignited it at the candle to light his pipe.

Robespierre now rose and went towards the harpsichord, where he was
received with joyous exclamations.

"Here you are at last!"

Cornélie whispered a few words to Buonarotti, and placed a new piece

of music before him.
 "As a reward," she said, "Buonarotti will sing you one of his latest
compositions."

"And the words are by a friend of yours," added Madame Lebas, with a
mysterious air.

Robespierre, puzzled, asked the name of this friend, but Victoire wished
him to guess, and when he demurred a battle of words ensued, in which his
stronger will prevailed.

"Very well, then! We will tell you the poet's name."

And as he was all attention, they exclaimed in chorus—

"Maximilian Robespierre!"

The Incorruptible smiled. What were they talking about? He the author
of a poem!

"Yes."

Before he had time to protest, Cornélie recited the first verse—

"Crois-moi, jeune et belle Ophélie..."

Ah, yes! They were right. Robespierre remembered the piece now. He
had composed it at Arras, and read it in public before the Society of the
Rosati, of which he was a member. He went on with the verse from
memory, while Cornélie followed in the book—
"Si flatteur que soit ton miroir,
Sois charmante avec modestie,
Fais semblant de n'en rien savoir."
 What! had Buonarotti really set that to music? Robespierre was very
curious to hear it.

"With pleasure!" said the Corsican.

Madame Lebas, seated at the piano, struck the first chord of the
accompaniment, and Buonarotti commenced the song. Every one had
gathered round the singer.

The first verse was greeted with loud applause.

Ah, how pretty it was! How well the music chimed in with the words!
What simplicity! What grace!

Robespierre, delighted, joined in the chorus of praise, congratulating

Buonarotti.

Suddenly every one stopped. An ominous cry came through the open
window—

"Buy to-day's list of the condemned."

It was the voice of newsvendors calling out the result of the day's sitting
at the Revolutionary Tribunal. The Incorruptible showed signs of
uneasiness. Buonarotti had already begun the second verse—
"Sur le pouvair de tes appas
Demeure toujours alarmée..."

But a new cry was heard—

"Winning numbers! ... Lottery of Sainte-Guillotine! Buy! Buy!"

"Shut that window!" Robespierre called out impatiently.

The boy Maurice ran to do so.

 "Why!" he exclaimed, "here is Héron, and three people with him."

At Héron's name Robespierre turned round sharply, and as every one

seemed surprised at the untimely visit, he explained—

"Oh, it's all right! I expected him. He is bringing the young villain of
yesterday's fête."

"Ah yes," said the women, "the chouan of the Place de la Concorde!"
and they looked curiously towards the door, at which the new-comers were
now knocking.

"Come in!" cried Duplay.

Héron entered and bowed to every one in the room.

"Is the culprit with you?" asked Robespierre nervously.

The police-agent replied in the affirmative, and was ordered to

introduce the prisoner. Héron turned and signed to two men, who appeared
escorting Olivier, pale and dejected, his hands tied behind his back. The
young man, no longer resisting, seemed already to offer himself as a victim.

"He is a nice-looking fellow," observed Madame Lebas, in a low voice.

Héron pushed Olivier forward, who, perfectly indifferent to his

impending cross-examination, stood sullenly aside. Robespierre, always
mistrustful, made a rapid survey of the young man from head to foot,
keeping, however, at a safe distance from the fettered prisoner.

"What have you learnt about him?" he asked Héron.

The agent did not know much. The day before, while under arrest, the
prisoner had let fall some words by which Héron understood that his
mother, arrested with a young girl he loved, was threatened with the
scaffold. But since his imprisonment he had been completely mute. No one
had been able to draw a word from him, and things would have very likely
remained thus had not Madame Beaugrand, a lodging-house keeper of the
Rue du Rocher, come to the police-station for the purpose of obtaining
some particulars of the arrest, the news of which had reached her. From the
description of the young man she fancied he might be one of her lodgers,
who had arrived the day before, and inscribed himself under the name of
Germain, blacksmith's apprentice. Brought face to face with the prisoner,
she exclaimed immediately, "Oh yes! it is he! most certainly!"

"And his papers!" asked Robespierre.

"He had none! Not even a passport! They had only found in his
possession a set of keys, some paper-money in assignats, a pocket-book,
and some small change in a purse." As he spoke, Héron placed these
articles on the table.

"And no arms?" interposed Robespierre again.

The police-agent replied in the negative.

"Untie his hands. We shall see if they are a workman's."

Duplay examined them, the women watching with great interest the
while. The carpenter declared it to be very possible, as the hands looked
used to handling wood and iron.

"In war, most likely!" said Robespierre.

The Incorruptible then stated his suspicions more precisely. The man
was perhaps a chouan, come in disguise from Vendée to stab him in the
excitement of the fête!

The women cried out in horror at the thought, and added, "Of course he
was not without accomplices!"

As this idea fastened in his mind, Robespierre wished to know if the

young man's room had been searched. Héron had not neglected to do so, as
could well be imagined! He had, however, only found a few scattered
clothes and a valise, which one of his men had with him. He had brought it
to open before Robespierre.

"Why didn't you say so, then? Be quick and open it!"
 Héron tried a set of keys, and after some delay the valise was unlocked.

The police-agent examined its contents, and enumerated them: linen,

articles of toilet, and an ivory casket mounted in silver. He took out the
ivory casket, which drew a cry of admiration from mother Duplay, and
passed it from hand to hand. Héron then drew forth a rather heavy roll, from
which he tore the paper wrapper, disclosing a number of louis d'or. He
deposited them on the table, and set to work to count them, remarking that
the young apprentice was, after all, richer than himself!

Meanwhile the agent continued his search.

"Ah, some letters!" he exclaimed.

"Give them to Lebas," said Robespierre.

Lebas took the packet from the agent's hands.

"Go and examine them by the mantelpiece under the lamp," Robespierre
continued, "and tell me their contents."

The curiosity of the women had now reached its height. Héron had
drawn out a gold medallion, encircled with small pearls.

"Those are real pearls," observed mother Duplay.

The medallion was opened, and found to contain a lock of fair hair, with
the initials M.T. The jewel was handed round, admired, and examined
carefully, giving rise to all sorts of reflections, in Olivier's presence, who
looked on apparently unconcerned.

Robespierre was exasperated at this indifference. He knew, however,

how to restrain himself, and said mockingly—

"You will not tell me, I suppose, that there is nothing extraordinary for a
sum of money like that and such jewels to be found in the possession of an
apprentice?"
 Héron insinuated that perhaps he had stolen them, at which Olivier
simply shrugged his shoulders. Duplay endorsed Héron's opinion. In fact,
he had not the slightest doubt about it. The young man had stolen them.

Olivier could bear it no longer.

"Everything there belongs to me!" he said.

And as they seemed still to doubt, he repeated in a loud voice—

"Everything belongs to me! And, since you seem so anxious about it,
know that I am an aristocrat, a royalist, and a chouan!"

The men cried out almost with one voice—

"At last! He owns it!"

Olivier took up the word at once.

"Very well! Since I have owned it, why don't you get quit of me, and
send me forthwith to the scaffold? I am weary of it all!"

But Robespierre calmly told him not to be in such a hurry, for he wished
to know his name. As the young man defied him, saying he would have to
ask elsewhere, for he should never learn it from him, Robespierre grew
furious. He must have his name, and the names of his accomplices as well,
for he was not single-handed; that was certain!

"And if I have no accomplice, you will find some, I'll be bound!" cried
Olivier ironically. "But you shall not have my name!"

Lebas, having finished the letters, came forward, and Robespierre gave
him a questioning glance. The letters, he said, revealed nothing in
particular. They had been written two or three years ago, and bore no
address or signatures of importance. Two signed Marie Thérèse were
apparently from a young girl, the prisoner's sister or fiancée.

"Then the medallion belongs to her," put in Victoire; "M.T. are the
initials on it."
 But these letters revealed nothing, nor did three others signed "Your
mother," couched in terms of endearment and advice. The style was most
certainly that of an aristocrat. Only one letter—dated 1791—gave a slight
indication, a very vague one.

Robespierre pricked up his ears—

"And the contents of that letter?" he asked.

Lebas scanned it once more. It was dated 1791, from a country place in
one of the suburbs of Paris, and addressed to the young man, then a student,
by his grandfather, who seemed also to be his godfather, for he says: "I shall
expect you to-morrow evening, for my fête and yours, the Feast of St.
Olivier."

"Is Olivier, then, his name?" inquired Robespierre, looking at the young
man.

But Lebas continued reading. "The valet, my dear child, will not fetch
you this time. At fifteen a lad ought to be able to travel alone."

"The letter being dated May, 1791, the young man must be now
nineteen," Lebas observed.

"Nineteen! yes, just nineteen!" repeated Robespierre, as if a thought had

struck him. "Go on! Go on? What comes next?"

Lebas continued: "My travelling-coach will wait for you in the Rue des
Lions, before the door of the hotel."

"There can be only one Rue des Lions in Paris, the Rue des Lions-Saint-
Paul?" interposed Robespierre, more and more impressed, and still looking
intently at the youth.

"Just so!" Lebas answered.

"Go on with the letter! Go on!"

Lebas resumed his reading: "Benoit..."

 "The concierge!" interrupted Robespierre, scarcely able to hide his
emotion.

Lebas went on: "Benoit will open the shutters of the little room leading
out of my study to the garden. In a bookcase, the one surmounted by the
busts of Cicero and Socrates, you will find just within your reach, and will
bring to me, volumes x. and xi. of a set of folios bound in red morocco,
with the title..."

"Arrêts du Parlement!" exclaimed Robespierre, to the general surprise,

carried beyond himself by the revelation which had suddenly burst upon
him.

Olivier looked at him, in bewilderment.

"That is it! Arrêts du Parlement," repeated Lebas; "but how did you
know?"

Robespierre, mastering his feelings, and without taking his eyes off
Olivier, answered with assumed indifference—

"Oh! I have had those books in my hands many a time at Monsieur de

Pontivy's, King's Councillor in Parliament, and that young man's
grandfather."

Olivier turned deadly pale, and grasped convulsively at the back of a

chair for support. His mother was lost! Exclamations of surprise and
astonishment had greeted the Incorruptible's words. Then Robespierre knew
his family, and all about him? And all eyes were fixed on the young man
with renewed curiosity.

"Yes ... I know," ... answered Robespierre, forcing himself to appear

calm, "I know ... who he is..."

"Oh, now we shall hear the whole story!" they all exclaimed, clapping
their hands.
 "Certainly you shall," Robespierre replied, "but in order to make sure I
should like to be alone with him. We are too many here; I shall call you
back presently. Let Héron and the police-agents wait in the courtyard."

Every one prepared to leave the room, looking rather disappointed,

specially the women, who wondered what would be the outcome of it all.

As Lebas was passing out Robespierre stopped him.

"Don't go," he said, "I may want you."

And the three men remained alone.

The father was face to face with his son!

Robespierre's anger had all melted before this sudden revelation. He

preserved, however, a stern countenance, subduing the almost
uncontrollable emotion which threatened to overpower him. He was still
struggling with it, trying to regain possession of himself, and, moved by a
natural impulse, he told Olivier in a gentle voice to be seated.

The prisoner, however, did not heed him, and when Robespierre
repeated his words even more persuasively, and in a trembling voice,
Olivier still paid no attention. Seeing Lebas shrug his shoulders, intimating
that Robespierre was really very good to insist, the Incorruptible explained
—his eyes still fixed on Olivier—that it was but natural for him to show
kindness towards the grandchild of a man whose secretary he had been for
eighteen months.

The young man stared back in surprise.

"They never told you, then?" said Robespierre. "Of course not.... They
loathe my very name, your people, do they not?"

But he immediately added, to Lebas's astonishment, that this was no

reason why he should forget his stay in Monsieur de Pontivy's house. He
could not help thinking now of the happy evenings he had spent there and
the many pleasant meals of which he had partaken, side by side with
Olivier's mother. That dim, sweet spirit of the past, which the young man's
presence had called from its grave, had softened his heart strangely towards
him.

But Olivier interrupted him harshly. Robespierre might harden his heart
again, then! His life was in Robespierre's hands! He could take it if it
pleased him to do so. All the family had been victims to the Revolution: his
grandfather who died of grief, his uncle killed in Vendée, his father mortally
wounded defending the cause of the King....

"But your mother? She is alive; you have not the right to sacrifice her
life!"

Robespierre went on thus carefully, trying by well-placed insinuations

and questions to wring the truth from him. If Olivier had cried "Down with
the scaffold!" it was because he trembled for his mother's life? ... because
she was arrested?

"Am I not right in this?" he urged, with deep anxiety. "Is she not
arrested?"

But he was met by a blunt denial.

And so the struggle between father and son went on; the former
impatient to learn the woman's hiding-place, the latter firm and unshaken in
his refusal to betray it to one whom he regarded as a tiger seeking his prey.

Robespierre, though wounded by every syllable, continued his soft

persuasions. What! was it possible Olivier could not understand his wish to
protect his mother, and to place her out of harm's reach, in memory of the
time he had passed so happily at her side?

Olivier smiled in bitter irony. Robespierre need not waste his words. He
well knew he had too much pride to allow any such remembrance to incline
him to leniency. Ah, there were memories in that sweet past, as he called it,
for which his mother would pay with her head! Friendship? Robespierre's
friendship! Why, it paved the road to the scaffold! All his friends had
trodden that deadly path.
 A cry of indignation escaped Lebas, but Robespierre quieted him in a
husky voice, himself a prey to the most feverish agitation. The lad's head
had been turned by the chouans! He was not responsible for what he said!
Then turning to Olivier he tried, with a ring of sadness in his voice, to
persuade him that had he been a tyrant he would have punished his
insolence, he would not have attempted to reason with him. But Olivier
remained unmoved. This kindness was assumed, he told himself, to hide
some dastardly plot! Robespierre only wanted to find his mother that he
might avenge her son's insult on herself. In vain the Incorruptible protested,
deeply grieved and wounded. Olivier stoutly maintained his position,
declaring that Robespierre was not a man to pardon any one who had
publicly insulted him with such outspoken contempt and hatred.

"Wretch!" cried out Lebas.

But Robespierre signed to him to stop. Hatred? That word in the young
man's mouth sounded like blasphemy. And trying to master himself, that his
voice should not tremble, he asked him—

"Then you do hate me very much?"

Olivier again furiously asserted his abhorrence, and was met by the
question—

"When have I ever wronged you?"

At this Olivier, losing self-control, nearly betrayed his secret.

"Wronged me! ... When have you wronged me?" the young man
repeated. "Wasn't it through you that my mother was..."

But recollecting himself he stopped short.

"Arrested?" put in Robespierre.

"No!" exclaimed Olivier.

And then the struggle recommenced.

 Robespierre was, however, quite sure now of the arrest. What he wanted
to know was the name of the prison to which the two women had been
taken, and he came near to the chair by which the prisoner was standing.
Olivier instinctively recoiled a step, Robespierre, completely exhausted,
made one last effort. He implored the young man to lay aside his mistrust
and hatred, to help him to save those who were so dear to him.

"To help you to kill them, you mean!"

Robespierre started from his seat, exasperated beyond measure. This

was going too far! Olivier must be mad! Could he not, would he not realise
that the very way to kill the two unhappy women was to leave them for the
executioner to do his work! Their turn would soon come.

"If yours does not come first!" interrupted Olivier.

What madness! Perhaps at this very moment they were entering the cart
which was to take them to the Revolutionary Tribunal, and the next day to
the scaffold. It was Olivier who was sending them to death, and all because
he was too obstinate to say the word which would save them! He was a
blind, unnatural son; he would kill his own mother!

Olivier, though amazed at Robespierre's persistence, remained

unshaken.

"Are you so thirsty for her blood?" he cried, hurling at him this last
insult.

At these words Robespierre lost all self-control.

"Fool!" he cried, "insensate fool!" as he paced the room in unrestrained

excitement.

But Lebas had heard enough.

"Let us have done with this madman," he said, hurrying towards the
door to call in the police-agents.

But Robespierre turned round—