When
Where
Agrim Sachdeva
PhD Candidate, Kelley School of Business, Indiana University
User Profiling and Vulnerability Introduction Prediction in Social Coding Repositories: A Dynamic Graph Embedding Approach
Abstract: Social Coding Repositories (SCRs) such as GitHub host open-source software (OSS) that is mission-critical to the world’s economy. However, OSS is especially vulnerable, with most vulnerabilities being introduced due to human error. Moving from reactive to proactive vulnerability management is key, with an important mitigation strategy being preventing the introduction of vulnerabilities. In this study, we adopted the computational design science paradigm to design a novel Vulnerability Introduction Prediction Framework to help proactively identify vulnerabilities users introduce into SCRs. The proposed framework includes a novel dynamic graph representation learning model, Security Continuous Propagation, and Evolution (seCoPE). The proposed seCoPE has two novelties in its design. First, it accounts for vulnerabilities' differential impact based on severity to help prioritize security risks. Second, seCoPE captures the relative influence of users on the propagation of information by utilizing a novel spectral radius term, which recognizes the varying degree of influence users have on information spread. We systematically evaluate seCoPE against prevailing Recurrent Neural Network (RNN) based and Attention-based models on vulnerability introduction datasets for two scientific cyberinfrastructure organizations and demonstrate a 6.8% and 16.2% increase in precision over the baseline method for the two datasets. We demonstrate seCoPE’s practical utility with an in-depth case study of vulnerability prediction on a significant National Science Foundation (NSF)-funded scientific cyberinfrastructure. The proposed framework has important implications for cybersecurity providers, firms, and software developers.
Bio: Agrim Sachdeva is a Ph.D. candidate in Information Systems at the Kelley School of Business, Indiana University. His research focuses on application of AI to address grand societal challenges, with a particular emphasis on cybersecurity. He also studies the dynamics of human-Artificial Intelligence (AI) collaboration. His research has been accepted at venues such as the Journal of Management Information Systems, IEEE Intelligence and Security Informatics (ISI), IEEE International Conference on Data Mining (ICDM), and International Conference on Information Systems (ICIS). In addition, he is a Certified Information Systems Security Professional (CISSP).