Browsing by Subject "Cyber Security"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Knowledge for Cyber Threat Intelligence(2019-01-01) Mittal, Sudip; Joshi, Anupam; Computer Science and Electrical Engineering; Computer ScienceKeeping up with threat intelligence is a must for a security analyst today. There is a volume of information present in `the wild' that affects an organization. We need to develop an artificial intelligence system that scours the intelligence sources, to keep the analyst updated about various threats that pose a risk to her organization. A security analyst who is better `tapped in' can be more effective. In this thesis, we present, Cyber-All-Intel an artificial intelligence system to aid a security analyst. It is a system for knowledge extraction, representation and analytics in an end-to-end pipeline grounded in the cybersecurity informatics domain. It uses multiple knowledge representations like, vector spaces and knowledge graphs in a `VKG structure' to store incoming intelligence. The system also uses neural network models to pro-actively improve its knowledge. We have also created a query engine and an alert system that can be used by an analyst to find actionable cybersecurity insights.Item VERIFYING SOFTWARE CODE VULNERABILITIES USING MACHINE LEARNING AND CLASSIFICATION TECHNIQUES(2019-01-01) Argiropoulos, Foteini; Karabatis, George; Information Systems; Information SystemsSoftware assurance analysts deal with thousands of potential vulnerabilities many of which are false positives during the process of static code analysis. Manual review of all such potential vulnerabilities is tedious, time consuming, and frequently impractical. This dissertations presents a novel classification algorithm along with its variants that successfully label true and false vulnerabilities in software code. A selection process identi?es the most important features utilized in the algorithm to detect and distinguish the true and false positive findings of the static code analysis results. This has been accomplished by an empirical and semantic method of identifying and using personal identifier as a critical feature for the classification. The approach has been validated by experimentation and comparison against thirteen existing classifiers. Extensive experiments were conducted using multiple production code and open source code with the aid of a variety of static code analysis tools. The results show signi?cant improvements in Accuracy, Precision, and Recall, outperforming all participating classifiers, leading to significant improvements in the security posture of a software system.