CISE-MSI: DP: SaTC: MSI Research Capacity Building for Artificial Intelligence (AI)-enabled Vulnerability Assessment and Remediation in Cyberinfrastructure
Colorado State University-Pueblo, Pueblo CO
Investigators
Abstract
This award is funded in whole or in part under the American Rescue Plan Act of 2021 (Public Law 117-2). Federal agencies and public cloud providers such as Amazon Web Services have invested millions of dollars developing high-performance computing resources to support high-impact computational workflows. Users access these advanced resources through technologies such as virtual machines (VMs) and application containers (e.g., Docker) with open-source software that often contains multiple vulnerabilities at different severity levels. Although vulnerability scanners can help aid in the discovery of these threats, security practitioners struggle to effectively assess, prioritize, and remediate them since scanners often return hundreds of thousands of results across multiple virtual environments. This project will create a novel artificial intelligence (AI) enabled framework to (1) detect vulnerabilities and automatically prioritize vulnerable VMs across multiple dimensions of vulnerability data, and (2) link the discovered vulnerabilities from scanners with disclosed vulnerabilities to identify suitable remediation strategies. The two project thrusts will enable automated vulnerability assessment analytics for cloud infrastructures. Project outcomes will contribute to developments in cybersecurity, deep learning, and text analytics through the dissemination of knowledge at academic and industry publication venues as well as integration into cybersecurity and data analytics curricula. Moreover, this work will enable a unique combination of cybersecurity and AI analytics education and research experience for underrepresented demographics across two Hispanic Serving Institutions, and thereby foster the development of the next generation of cybersecurity professionals. This research leverages comprehensive open-source software and vulnerability datasets collected from the team’s NSF-funded partner organizations to facilitate the design of a novel AI-enabled Vulnerability Assessment and Remediation (AI-VAR) framework that consists of two novel and interconnected research thrusts. The first thrust combines and extends principles from network science, multi-view representation learning, autoencoders, and attention mechanisms to create groups of vulnerable VMs in cloud infrastructures for prioritization, while the second thrust draws upon state-of-the-art methods in self-supervised contrastive representation learning and transformers to capture textual features from vulnerability scan descriptions and link discovered vulnerabilities with disclosed vulnerabilities that contain remediation strategies. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →