I-Corps: Data-Driven Risk Assessments for Software Vulnerabilities
University Of Maryland, College Park, College Park MD
Investigators
Abstract
The broader impact/commercial potential of this I-Corps project is the development of technology that addresses inefficiencies in the software update processes by complementing existing vulnerability assessment tools and allowing practitioners to update critical vulnerabilities faster in order to reduce the risk of attacks. The World Economic Forum ranks cyberattacks among the top 10 global risks of the decade. One of the main causes for these incidents are exploits against software vulnerabilities. A recent survey revealed that 27% of participating organizations were breached due to unpatched vulnerabilities. The impact of vulnerability exploits can often be seen through infamous ransomware campaigns which have affected several critical infrastructure sectors. Vulnerability exploits have shifted from being primarily a financial concern, to being a societal issue threatening the environment, national security, and even human life. As a result, removing software vulnerabilities as a target of cyber attackers is an urgent necessity. The government and industrial organizations can mitigate the risk of attacks by remediating vulnerabilities within their enterprise networks through software updates. This I-Corps project is based on the development of a technology that focuses on mitigating the impact of vulnerability exploits, which are one of the principal enablers of cyberattacks, and can be prevented through software updates. This project will provide novel tools to address the operational challenges involved in managing software updates by offering automatic, data-driven risk assessments for vulnerabilities. These tools use machine learning to learn historical associations between vulnerabilities and attacks. During deployment, the technology identifies newly disclosed vulnerabilities, collects publicly available information, and uses the machine learning models to compute various components related to the risk of exploits and attacks against these vulnerabilities. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →