Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports
| dc.contributor.author | Neil, Lorenzo | |
| dc.contributor.author | Mittal, Sudip | |
| dc.contributor.author | Joshi, Anupam | |
| dc.date.accessioned | 2018-09-06T17:40:26Z | |
| dc.date.available | 2018-09-06T17:40:26Z | |
| dc.description.abstract | Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An intelligent attacker can attack a product by exploiting one of the vulnerabilities present in linked projects and libraries. In this paper, we mine threat intelligence about open source projects and libraries from bugs and issues reported on public code repositories. We also track library and project dependencies for installed software on a client machine. We represent and store this threat intelligence, along with the software dependencies in a security knowledge graph. Security analysts and developers can then query and receive alerts from the knowledge graph if any threat intelligence is found about linked libraries and projects, utilized in their products. | en_US |
| dc.description.sponsorship | The work was partially supported by a gift from IBM Research, USA and the UMBC Louis Stokes Alliance for Minority Participation - LSAMP. | en_US |
| dc.description.uri | https://ieeexplore.ieee.org/document/8587375 | |
| dc.format.extent | 6 PAGES | en_US |
| dc.genre | conference papers and proceedings preprints | en_US |
| dc.identifier | 10.1109/ISI.2018.8587375 | |
| dc.identifier.citation | L. Neil, S. Mittal and A. Joshi, "Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports," 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), Miami, FL, 2018, pp. 7-12, doi: 10.1109/ISI.2018.8587375. | |
| dc.identifier.uri | http://hdl.handle.net/11603/11248 | |
| dc.identifier.uri | 10.1109/ISI.2018.8587375 | |
| dc.language.iso | en_US | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please contact the author. | |
| dc.rights | © 2018 IEEE | |
| dc.subject | Cybersecurity | en_US |
| dc.subject | Artificial Intelligence | en_US |
| dc.subject | Threat Intelligence | en_US |
| dc.subject | Open Source Projects | en_US |
| dc.subject | Intelligence Acquisition | en_US |
| dc.subject | UMBC Ebiquity Research Group | |
| dc.subject | UMBC Ebiquity Research Group | |
| dc.title | Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports | en_US |
| dc.type | Text | en_US |