2023
1.
Fitzroy D Nembhard, Marco M Carvalho
Teaming humans with virtual assistants to detect and mitigate vulnerabilities Book Chapter
In: Arai, K. (Ed.): vol. 711, Chapter Lecture Notes in Networks and Systems, pp. 565-576, Springer Nature Switzerland, 2023.
Abstract | Links | BibTeX | Tags: Human-machine teaming, virtual assistant, vulnerability detection, vulnerability mitigation
@inbook{nokey,
title = {Teaming humans with virtual assistants to detect and mitigate vulnerabilities},
author = {Fitzroy D Nembhard, Marco M Carvalho},
editor = {Arai, K.},
url = {978-3-031-37717-4},
doi = {https://doi.org/10.1007/978-3-031-37717-4_35},
year = {2023},
date = {2023-07-13},
urldate = {2023-07-13},
volume = {711},
pages = {565-576},
publisher = {Springer Nature Switzerland},
chapter = {Lecture Notes in Networks and Systems},
series = {SAI 2023},
abstract = {The use of virtual assistants has grown significantly in recent years. This growth can be attributed to the prevalence of mobile devices and advances in the Internet of Things (IoT). While virtual assistants are widely used for interpersonal and social purposes such as ordering items from restaurants, creating reminders, and communicating with peers, their use is limited in cybersecurity and other computational sciences. In this research, we develop a framework that teams humans with virtual assistants on mobile devices in an effort to encourage the use of vulnerability detectors to mitigate errors in software and their underlying networks and systems. Creating effective cyber defenses involves teaming humans with machines in a way that enables secure orchestration, real-time communication, and unity of action. We demonstrate that a seamless coordination between human and AI can help minimize the number of errors in software systems, which will ultimately reduce data breaches and other cyber-related challenges plaguing our world.},
keywords = {Human-machine teaming, virtual assistant, vulnerability detection, vulnerability mitigation},
pubstate = {published},
tppubtype = {inbook}
}
The use of virtual assistants has grown significantly in recent years. This growth can be attributed to the prevalence of mobile devices and advances in the Internet of Things (IoT). While virtual assistants are widely used for interpersonal and social purposes such as ordering items from restaurants, creating reminders, and communicating with peers, their use is limited in cybersecurity and other computational sciences. In this research, we develop a framework that teams humans with virtual assistants on mobile devices in an effort to encourage the use of vulnerability detectors to mitigate errors in software and their underlying networks and systems. Creating effective cyber defenses involves teaming humans with machines in a way that enables secure orchestration, real-time communication, and unity of action. We demonstrate that a seamless coordination between human and AI can help minimize the number of errors in software systems, which will ultimately reduce data breaches and other cyber-related challenges plaguing our world.
2017
2.
Nembhard, Fitzroy; Carvalho, Marco; Eskridge, Thomas
A Hybrid Approach to Improving Program Security Proceedings Article
In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), 2017.
Abstract | BibTeX | Tags: code security, cybersecurity, recommender systems, topic modeling, vulnerability detection, vulnerability mitigation
@inproceedings{nembhard_hybrid_2017,
title = {A Hybrid Approach to Improving Program Security},
author = {Fitzroy Nembhard and Marco Carvalho and Thomas Eskridge},
year = {2017},
date = {2017-11-27},
urldate = {2017-11-27},
booktitle = {2017 IEEE Symposium Series on Computational Intelligence (SSCI)},
abstract = {The security of computer programs and systems is a very critical issue. With the number of attacks launched on computer networks and software, businesses and IT professionals are taking steps to ensure that their information systems are as secure as possible. However, many programmers do not think about adding security to their programs until their projects are near completion. This is a major mistake because a system is as secure as its weakest link. If security is viewed as an afterthought, it is highly likely that the resulting system will have a large number of vulnerabilities, which could be exploited by attackers. One of the reasons programmers overlook adding security to their code is because it is viewed as a complicated or time-consuming process. This paper presents a tool that will help programmers think more about security and add security tactics to their code with ease. We created a model that learns from existing open source projects and documentation using machine learning and text mining techniques. Our tool contains a module that runs in the background to analyze code as the programmer types and offers suggestions of where security could be included. In addition, our tool fetches existing open source implementations of cryptographic algorithms and sample code from repositories to aid programmers in adding security easily to their projects.},
keywords = {code security, cybersecurity, recommender systems, topic modeling, vulnerability detection, vulnerability mitigation},
pubstate = {published},
tppubtype = {inproceedings}
}
The security of computer programs and systems is a very critical issue. With the number of attacks launched on computer networks and software, businesses and IT professionals are taking steps to ensure that their information systems are as secure as possible. However, many programmers do not think about adding security to their programs until their projects are near completion. This is a major mistake because a system is as secure as its weakest link. If security is viewed as an afterthought, it is highly likely that the resulting system will have a large number of vulnerabilities, which could be exploited by attackers. One of the reasons programmers overlook adding security to their code is because it is viewed as a complicated or time-consuming process. This paper presents a tool that will help programmers think more about security and add security tactics to their code with ease. We created a model that learns from existing open source projects and documentation using machine learning and text mining techniques. Our tool contains a module that runs in the background to analyze code as the programmer types and offers suggestions of where security could be included. In addition, our tool fetches existing open source implementations of cryptographic algorithms and sample code from repositories to aid programmers in adding security easily to their projects.