CICI: UCSS: Enhancing the Usability of Vulnerability Assessment Results for Open-Source Software Technologies in Scientific Cyberinfrastructure: A Deep Learning Perspective

CICI:UCSS:增强科学网络基础设施中开源软件技术漏洞评估结果的可用性:深度学习视角

基本信息

  • 批准号:
    2319325
  • 负责人:
  • 金额:
    $ 60万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2023
  • 资助国家:
    美国
  • 起止时间:
    2023-08-01 至 2026-07-31
  • 项目状态:
    未结题

项目摘要

Federally funded scientific cyberinfrastructure (CI) has accelerated ground-breaking scientific discoveries, including black hole imaging, genome sequencing, vaccine discovery, and more. However, the open-source software (OSS) technologies that help facilitate these discoveries often contain thousands of vulnerabilities that, if exploited, could threaten irreplaceable scientific analysis. Since scientific CIs often lack the personnel to manage these vulnerabilities, they increasingly outsource their vulnerability management tasks to third-party Research & Education security providers such as OmniSOC. However, security analysts at these providers often face challenges managing the tens of thousands of vulnerabilities present in OSS assets at CIs. This project scans thousands of scientific CI OSS assets for vulnerabilities and employs novel Artificial Intelligence-enabled analytics to (1) manage OSS asset vulnerabilities in scientific CI and (2) link them to their remediation strategies. Vulnerability scan and analytics results are integrated into a novel Vulnerability Management System that allows security analysts search, sort, browse, and collaborate on vulnerability data and remediation strategies across scientific CIs.This project designs a novel Artificial Intelligence-enabled AZSecure Usable and Collaborative Security for Science Framework that scans for vulnerabilities in four major categories of open-source software (OSS) assets (virtual machines, containers, infrastructure-as-code, and GitHub) across two major NSF-funded scientific cyberinfrastructures (CIs): (1) CyVerse for life sciences and (2) Jetstream, NSF’s first Science and Engineering Cloud for NSF and NIH. The vulnerability scans support three sets of AI-enabled analytics research thrusts to enhance the usability of vulnerability scan results for OmniSOC’s security analysts. The first thrust aggregates OSS asset and vulnerability data into an embedding for vulnerability management tasks through multi-view learning incorporating a vulnerability severity weighting scheme and a novel combinatorial attention mechanism. The second thrust uses self-supervised learning and transformers to link vulnerability scans with remediation strategies by stacking multiple word embeddings and aligning vulnerability severity scores with a novel contrastive loss function. The final thrust develops a Vulnerability Management System that integrates scan results and enables analysts to operate the methods. Project execution includes roles for NSF CyberCorps Scholarship-for-Service graduate students from UArizona (NSA/DHS CD-, R, and CO-designated) and IU (NSA/DHS CD- and- R-designated). Findings are disseminated through academic and industry publications and integrated into the top-ranked MS in Cybersecurity programs at UArizona and IU.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
联邦政府资助的科学网络基础设施(CI)加速了突破性的科学发现,包括黑洞成像,基因组测序,疫苗发现等。然而,有助于促进这些发现的开源软件(OSS)技术往往包含数千个漏洞,如果被利用,可能会威胁到不可替代的科学分析。由于科学CI通常缺乏管理这些漏洞的人员,他们越来越多地将漏洞管理任务外包给第三方研究教育安全提供商,如OmniSOC。然而,这些提供商的安全分析师经常面临管理CI的OSS资产中存在的数万个漏洞的挑战。该项目扫描数千个科学CI OSS资产的漏洞,并采用新颖的人工智能分析来(1)管理科学CI中的OSS资产漏洞,以及(2)将其与补救策略联系起来。漏洞扫描和分析结果被集成到一个新的漏洞管理系统中,该系统允许安全分析人员在科学CI中搜索、排序、浏览和协作漏洞数据和补救策略。该项目设计了一个新的支持人工智能的AZSecure Usable和Collaborative Security for Science Framework,该框架扫描四大类开源软件(OSS)资产中的漏洞(虚拟机,容器,基础设施即代码和GitHub)在两个主要的NSF资助的科学网络基础设施(CI):(1)CyVerse生命科学和(2)Jetstream,NSF的第一个科学和工程云NSF和NIH。漏洞扫描支持三组支持AI的分析研究,以增强OmniSOC安全分析师漏洞扫描结果的可用性。第一个推力聚合OSS资产和脆弱性数据到一个嵌入的脆弱性管理任务,通过多视图学习纳入脆弱性严重性加权方案和一种新的组合注意力机制。第二个推力使用自监督学习和transformers,通过堆叠多个单词嵌入并将漏洞严重性分数与新的对比损失函数相匹配,将漏洞扫描与补救策略联系起来。最后的推力开发了一个漏洞管理系统,整合扫描结果,使分析师能够操作的方法。项目执行包括从UArizona(NSA/DHS CD-,R和CO指定)和IU(NSA/DHS CD-和-R指定)的NSF CyberCorps奖学金服务研究生的角色。研究结果通过学术和行业出版物传播,并被整合到UArizona和IU的网络安全计划中排名第一的MS中。该奖项反映了NSF的法定使命,并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估来支持。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Hsinchun Chen其他文献

Chapter 7 Spatio-Temporal Data Analysis in Security Informatics
第7章安全信息学时空数据分析
  • DOI:
  • 发表时间:
    2007
  • 期刊:
  • 影响因子:
    0
  • 作者:
    D. Zeng;Hsinchun Chen;Wei Chang
  • 通讯作者:
    Wei Chang
AI, E-government, and Politics 2.0
  • DOI:
    10.1109/mis.2009.91
  • 发表时间:
    2009-09
  • 期刊:
  • 影响因子:
    6.4
  • 作者:
    Hsinchun Chen
  • 通讯作者:
    Hsinchun Chen
Fostering Cybersecurity Big Data Research : A Case Study of the AZSecure Data System
促进网络安全大数据研究:AZSecure 数据系统案例研究
  • DOI:
  • 发表时间:
    2017
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Resha Shenandoah;Sagar Samtani;Mark W. Patton;Hsinchun Chen
  • 通讯作者:
    Hsinchun Chen
Approach on the Vocabulary Problem in Collaboration
协作中词汇问题的解决方法
  • DOI:
  • 发表时间:
    1993
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Hsinchun Chen
  • 通讯作者:
    Hsinchun Chen
Chapter 10 Social Network Analysis for Terrorism Research
第10章恐怖主义研究的社交网络分析
  • DOI:
  • 发表时间:
    2007
  • 期刊:
  • 影响因子:
    0
  • 作者:
    E. Reid;Hsinchun Chen;J. Xu
  • 通讯作者:
    J. Xu

Hsinchun Chen的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Hsinchun Chen', 18)}}的其他基金

EAGER: SaTC-EDU: Artificial Intelligence and Cybersecurity Research and Education at Scale
EAGER:SaTC-EDU:大规模人工智能和网络安全研究与教育
  • 批准号:
    2038483
  • 财政年份:
    2020
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
SaTC: CORE: Small: Cybersecurity Big Data Research for Hacker Communities: A Topic and Language Modeling Approach
SaTC:核心:小型:黑客社区的网络安全大数据研究:主题和语言建模方法
  • 批准号:
    1936370
  • 财政年份:
    2019
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: SSC: Proactive Cyber Threat Intelligence and Comprehensive Network Monitoring for Scientific Cyberinfrastructure: The AZSecure Framework
CICI:SSC:科学网络基础设施的主动网络威胁情报和综合网络监控:AZSecure 框架
  • 批准号:
    1917117
  • 财政年份:
    2019
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
Cybersecurity Scholarship-for-Service Renewal at The University of Arizona:The AZSecure SFS Program
亚利桑那大学网络安全服务更新奖学金:AZSecure SFS 计划
  • 批准号:
    1921485
  • 财政年份:
    2019
  • 资助金额:
    $ 60万
  • 项目类别:
    Continuing Grant
EAGER: A Longitudinal Study of Knowledge Diffusion and Societal Impact of Nanomanufacturing Research & Development: Harnessing Data for Science and Engineering
EAGER:纳米制造研究的知识传播和社会影响的纵向研究
  • 批准号:
    1832926
  • 财政年份:
    2018
  • 资助金额:
    $ 60万
  • 项目类别:
    Continuing Grant
Cybersecurity Big Data and Analytics Sharing Platform
网络安全大数据和分析共享平台
  • 批准号:
    1719477
  • 财政年份:
    2017
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
EAGER: A Systems Approach for Identification and Evaluation of Nanoscience and Nanomanufacturing Opportunities and Risks
EAGER:识别和评估纳米科学和纳米制造机会和风险的系统方法
  • 批准号:
    1442116
  • 财政年份:
    2014
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CIF21 DIBBs: DIBBs for Intelligence and Security Informatics Research Community
CIF21 DIBB:用于情报和安全信息学研究社区的 DIBB
  • 批准号:
    1443019
  • 财政年份:
    2014
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
SBE TTP: Medium: Securing Cyber Space: Understanding the Cyber Attackers and Attacks via Social Media Analytics
SBE TTP:媒介:保护网络空间:通过社交媒体分析了解网络攻击者和攻击
  • 批准号:
    1314631
  • 财政年份:
    2013
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
Cybersecurity Scholarship-for-Service at The Unive
大学网络安全服务奖学金
  • 批准号:
    1303362
  • 财政年份:
    2013
  • 资助金额:
    $ 60万
  • 项目类别:
    Continuing Grant

相似海外基金

CICI: UCSS: Human-Centered Cybersecurity in Robotic Surgery (HCCRS) - Coordinating the Human and Cyber Infrastructure for Cybersecurity
CICI:UCCSS:机器人手术中以人为中心的网络安全 (HCCCS) - 协调网络安全的人力和网络基础设施
  • 批准号:
    2319891
  • 财政年份:
    2023
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: Trusted Resource Allocation in Volunteer Edge-Cloud Computing Workflows
CICI:UCSS:志愿者边缘云计算工作流程中的可信资源分配
  • 批准号:
    2232889
  • 财政年份:
    2023
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: Building a Community of Practice for Supporting Regulated Research
CICI:UCSS:建立支持监管研究的实践社区
  • 批准号:
    2409859
  • 财政年份:
    2023
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: Secure Containers in High-Performance Computing Infrastructure
CICI:UCSS:高性能计算基础设施中的安全容器
  • 批准号:
    2319975
  • 财政年份:
    2023
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: Maximizing Data Utility and Participant Privacy through Usable, Secure Data Workflows for Human-Centered AI Research
CICI:UCSS:通过可用、安全的数据工作流程实现以人为本的人工智能研究,最大限度地提高数据效用和参与者隐私
  • 批准号:
    2232690
  • 财政年份:
    2023
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: Confidential Computing in Reproducible Collaborative Workflows
CICI:UCSS:可重复协作工作流程中的机密计算
  • 批准号:
    2232824
  • 财政年份:
    2023
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: ScienceAccess: Enabling Zero-Trust Resource Access Management for Scientific Collaborations
CICI:UCSS:ScienceAccess:为科学合作实现零信任资源访问管理
  • 批准号:
    2232911
  • 财政年份:
    2022
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: SciAuth: Deploying Interoperable and Usable Authorization Tokens to Enable Scientific Collaborations
CICI:UCSS:SciAuth:部署可互操作和可用的授权令牌以实现科学协作
  • 批准号:
    2114989
  • 财政年份:
    2021
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: Building a Community of Practice for Supporting Regulated Research
CICI:UCSS:建立支持监管研究的实践社区
  • 批准号:
    2201028
  • 财政年份:
    2021
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
CICI: UCSS: Towards Secure and Usable Push Notification Authentication for Collaborative Scientific Infrastructures
CICI:UCSS:为协作科学基础设施实现安全可用的推送通知身份验证
  • 批准号:
    2115107
  • 财政年份:
    2021
  • 资助金额:
    $ 60万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了