Loading…
Enhancing Vulnerability Prioritization in Cloud Computing Using Multi-View Representation Learning
Cybersecurity is a present and growing concern that needs to be addressed with both behavioral and design-oriented research. Public cloud providers such as Amazon Web Services and federal funding agencies such as the National Science Foundation have invested billions of dollars into developing high-...
Saved in:
| Published in: | Journal of management information systems 2024-07, Vol.41 (3), p.708-743 |
|---|---|
| Main Authors: | , , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | cdi_FETCH-LOGICAL-c216t-2e1077c9213ed6dfe61236ed17645c2e05b80a2e0e447b45b44bebb6261c10a3 |
| container_end_page | 743 |
| container_issue | 3 |
| container_start_page | 708 |
| container_title | Journal of management information systems |
| container_volume | 41 |
| creator | Ullman, Steven Samtani, Sagar Zhu, Hongyi Lazarine, Ben Chen, Hsinchun Nunamaker, Jay F. |
| description | Cybersecurity is a present and growing concern that needs to be addressed with both behavioral and design-oriented research. Public cloud providers such as Amazon Web Services and federal funding agencies such as the National Science Foundation have invested billions of dollars into developing high-performance computing resources accessible to users through configurable virtual machine (VM) images. This approach offers users the flexibility of changing and updating their environment for their computational needs. Despite the substantial benefits, users often introduce thousands of vulnerabilities by installing open-source software packages and misconfiguring file systems. Given the scale of vulnerabilities, security personnel struggle to identify and prioritize vulnerable assets for remediation. In this research, we designed a novel unsupervised deep learning-based Multi-View Combinatorial-Attentive Autoencoder (MV-CAAE) to capture multi-dimensional vulnerability data and automatically identify groups of similar vulnerable compute instances to help facilitate the development of targeted remediation strategies. We rigorously evaluated the proposed MV-CAAE against state-of-the-art methods in three technical clustering experiments. Experiment results indicate that the MV-CAAE achieves V-measure scores (metric of cluster quality) 8 percent-48 percent higher than benchmark methods. We demonstrated the practical value through a comprehensive case study by clustering vulnerable VMs and gathering qualitative feedback from experienced security professionals through semi-structured interviews. The results indicated that clustering vulnerable assets can help prioritize vulnerable instances for remediation and enhance decision-making tasks. The present design-research work also contributes to our theoretical knowledge of cyber-defense. |
| doi_str_mv | 10.1080/07421222.2024.2376384 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1080_07421222_2024_2376384</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3100768914</sourcerecordid><originalsourceid>FETCH-LOGICAL-c216t-2e1077c9213ed6dfe61236ed17645c2e05b80a2e0e447b45b44bebb6261c10a3</originalsourceid><addsrcrecordid>eNp9kF1LwzAUhoMoOKc_QSh43ZmkadLeKWN-wESRObwLSXuqGV1S05Qxf72tnbfenPfmed8DD0KXBM8IzvA1FowSSumMYspmNBE8ydgRmpA0FXFOs_djNBmYeIBO0VnbbjDGJKf5BOmF_VS2MPYjWne1Ba-0qU3YRy_eOG-C-VbBOBsZG81r15XR3G2bLgz8Wzvcp64OJl4b2EWv0HhowYaxsgTlbY-co5NK1S1cHHKKVneL1fwhXj7fP85vl3FBCQ8xBYKFKHJKEih5WQEnNOFQEsFZWlDAqc6w6hMYE5qlmjENWnPKSUGwSqboapxtvPvqoA1y4zpv-48yIRgLnuWE9VQ6UoV3beuhko03W-X3kmA52JR_NuVgUx5s9r2bsWds5fxW7ZyvSxnUvna-8oPB3zf_TfwAhpB8uQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3100768914</pqid></control><display><type>article</type><title>Enhancing Vulnerability Prioritization in Cloud Computing Using Multi-View Representation Learning</title><source>International Bibliography of the Social Sciences (IBSS)</source><source>Business Source Ultimate</source><source>Taylor & Francis</source><creator>Ullman, Steven ; Samtani, Sagar ; Zhu, Hongyi ; Lazarine, Ben ; Chen, Hsinchun ; Nunamaker, Jay F.</creator><creatorcontrib>Ullman, Steven ; Samtani, Sagar ; Zhu, Hongyi ; Lazarine, Ben ; Chen, Hsinchun ; Nunamaker, Jay F.</creatorcontrib><description>Cybersecurity is a present and growing concern that needs to be addressed with both behavioral and design-oriented research. Public cloud providers such as Amazon Web Services and federal funding agencies such as the National Science Foundation have invested billions of dollars into developing high-performance computing resources accessible to users through configurable virtual machine (VM) images. This approach offers users the flexibility of changing and updating their environment for their computational needs. Despite the substantial benefits, users often introduce thousands of vulnerabilities by installing open-source software packages and misconfiguring file systems. Given the scale of vulnerabilities, security personnel struggle to identify and prioritize vulnerable assets for remediation. In this research, we designed a novel unsupervised deep learning-based Multi-View Combinatorial-Attentive Autoencoder (MV-CAAE) to capture multi-dimensional vulnerability data and automatically identify groups of similar vulnerable compute instances to help facilitate the development of targeted remediation strategies. We rigorously evaluated the proposed MV-CAAE against state-of-the-art methods in three technical clustering experiments. Experiment results indicate that the MV-CAAE achieves V-measure scores (metric of cluster quality) 8 percent-48 percent higher than benchmark methods. We demonstrated the practical value through a comprehensive case study by clustering vulnerable VMs and gathering qualitative feedback from experienced security professionals through semi-structured interviews. The results indicated that clustering vulnerable assets can help prioritize vulnerable instances for remediation and enhance decision-making tasks. The present design-research work also contributes to our theoretical knowledge of cyber-defense.</description><identifier>ISSN: 0742-1222</identifier><identifier>EISSN: 1557-928X</identifier><identifier>DOI: 10.1080/07421222.2024.2376384</identifier><language>eng</language><publisher>Abingdon: Routledge</publisher><subject>asset clustering ; Assets ; attention mechanisms ; Cloud computing ; Clustering ; Combinatorial analysis ; Computer security ; cyberinfrastructure ; Cybersecurity ; Decision making ; Deep learning ; design science ; Image enhancement ; Learning ; multi-view representation learning ; Multidimensional methods ; Online vulnerability ; Open source software ; Remediation ; Security personnel ; State-of-the-art reviews ; Virtual environments ; Vulnerability ; Web services</subject><ispartof>Journal of management information systems, 2024-07, Vol.41 (3), p.708-743</ispartof><rights>2024 Taylor & Francis Group, LLC 2024</rights><rights>2024 Taylor & Francis Group, LLC</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c216t-2e1077c9213ed6dfe61236ed17645c2e05b80a2e0e447b45b44bebb6261c10a3</cites><orcidid>0000-0003-2393-8440</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925,33223</link.rule.ids></links><search><creatorcontrib>Ullman, Steven</creatorcontrib><creatorcontrib>Samtani, Sagar</creatorcontrib><creatorcontrib>Zhu, Hongyi</creatorcontrib><creatorcontrib>Lazarine, Ben</creatorcontrib><creatorcontrib>Chen, Hsinchun</creatorcontrib><creatorcontrib>Nunamaker, Jay F.</creatorcontrib><title>Enhancing Vulnerability Prioritization in Cloud Computing Using Multi-View Representation Learning</title><title>Journal of management information systems</title><description>Cybersecurity is a present and growing concern that needs to be addressed with both behavioral and design-oriented research. Public cloud providers such as Amazon Web Services and federal funding agencies such as the National Science Foundation have invested billions of dollars into developing high-performance computing resources accessible to users through configurable virtual machine (VM) images. This approach offers users the flexibility of changing and updating their environment for their computational needs. Despite the substantial benefits, users often introduce thousands of vulnerabilities by installing open-source software packages and misconfiguring file systems. Given the scale of vulnerabilities, security personnel struggle to identify and prioritize vulnerable assets for remediation. In this research, we designed a novel unsupervised deep learning-based Multi-View Combinatorial-Attentive Autoencoder (MV-CAAE) to capture multi-dimensional vulnerability data and automatically identify groups of similar vulnerable compute instances to help facilitate the development of targeted remediation strategies. We rigorously evaluated the proposed MV-CAAE against state-of-the-art methods in three technical clustering experiments. Experiment results indicate that the MV-CAAE achieves V-measure scores (metric of cluster quality) 8 percent-48 percent higher than benchmark methods. We demonstrated the practical value through a comprehensive case study by clustering vulnerable VMs and gathering qualitative feedback from experienced security professionals through semi-structured interviews. The results indicated that clustering vulnerable assets can help prioritize vulnerable instances for remediation and enhance decision-making tasks. The present design-research work also contributes to our theoretical knowledge of cyber-defense.</description><subject>asset clustering</subject><subject>Assets</subject><subject>attention mechanisms</subject><subject>Cloud computing</subject><subject>Clustering</subject><subject>Combinatorial analysis</subject><subject>Computer security</subject><subject>cyberinfrastructure</subject><subject>Cybersecurity</subject><subject>Decision making</subject><subject>Deep learning</subject><subject>design science</subject><subject>Image enhancement</subject><subject>Learning</subject><subject>multi-view representation learning</subject><subject>Multidimensional methods</subject><subject>Online vulnerability</subject><subject>Open source software</subject><subject>Remediation</subject><subject>Security personnel</subject><subject>State-of-the-art reviews</subject><subject>Virtual environments</subject><subject>Vulnerability</subject><subject>Web services</subject><issn>0742-1222</issn><issn>1557-928X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>8BJ</sourceid><recordid>eNp9kF1LwzAUhoMoOKc_QSh43ZmkadLeKWN-wESRObwLSXuqGV1S05Qxf72tnbfenPfmed8DD0KXBM8IzvA1FowSSumMYspmNBE8ydgRmpA0FXFOs_djNBmYeIBO0VnbbjDGJKf5BOmF_VS2MPYjWne1Ba-0qU3YRy_eOG-C-VbBOBsZG81r15XR3G2bLgz8Wzvcp64OJl4b2EWv0HhowYaxsgTlbY-co5NK1S1cHHKKVneL1fwhXj7fP85vl3FBCQ8xBYKFKHJKEih5WQEnNOFQEsFZWlDAqc6w6hMYE5qlmjENWnPKSUGwSqboapxtvPvqoA1y4zpv-48yIRgLnuWE9VQ6UoV3beuhko03W-X3kmA52JR_NuVgUx5s9r2bsWds5fxW7ZyvSxnUvna-8oPB3zf_TfwAhpB8uQ</recordid><startdate>20240702</startdate><enddate>20240702</enddate><creator>Ullman, Steven</creator><creator>Samtani, Sagar</creator><creator>Zhu, Hongyi</creator><creator>Lazarine, Ben</creator><creator>Chen, Hsinchun</creator><creator>Nunamaker, Jay F.</creator><general>Routledge</general><general>Taylor & Francis Ltd</general><scope>AAYXX</scope><scope>CITATION</scope><scope>8BJ</scope><scope>FQK</scope><scope>JBE</scope><scope>JQ2</scope><orcidid>https://orcid.org/0000-0003-2393-8440</orcidid></search><sort><creationdate>20240702</creationdate><title>Enhancing Vulnerability Prioritization in Cloud Computing Using Multi-View Representation Learning</title><author>Ullman, Steven ; Samtani, Sagar ; Zhu, Hongyi ; Lazarine, Ben ; Chen, Hsinchun ; Nunamaker, Jay F.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c216t-2e1077c9213ed6dfe61236ed17645c2e05b80a2e0e447b45b44bebb6261c10a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>asset clustering</topic><topic>Assets</topic><topic>attention mechanisms</topic><topic>Cloud computing</topic><topic>Clustering</topic><topic>Combinatorial analysis</topic><topic>Computer security</topic><topic>cyberinfrastructure</topic><topic>Cybersecurity</topic><topic>Decision making</topic><topic>Deep learning</topic><topic>design science</topic><topic>Image enhancement</topic><topic>Learning</topic><topic>multi-view representation learning</topic><topic>Multidimensional methods</topic><topic>Online vulnerability</topic><topic>Open source software</topic><topic>Remediation</topic><topic>Security personnel</topic><topic>State-of-the-art reviews</topic><topic>Virtual environments</topic><topic>Vulnerability</topic><topic>Web services</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ullman, Steven</creatorcontrib><creatorcontrib>Samtani, Sagar</creatorcontrib><creatorcontrib>Zhu, Hongyi</creatorcontrib><creatorcontrib>Lazarine, Ben</creatorcontrib><creatorcontrib>Chen, Hsinchun</creatorcontrib><creatorcontrib>Nunamaker, Jay F.</creatorcontrib><collection>CrossRef</collection><collection>International Bibliography of the Social Sciences (IBSS)</collection><collection>International Bibliography of the Social Sciences</collection><collection>International Bibliography of the Social Sciences</collection><collection>ProQuest Computer Science Collection</collection><jtitle>Journal of management information systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ullman, Steven</au><au>Samtani, Sagar</au><au>Zhu, Hongyi</au><au>Lazarine, Ben</au><au>Chen, Hsinchun</au><au>Nunamaker, Jay F.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Enhancing Vulnerability Prioritization in Cloud Computing Using Multi-View Representation Learning</atitle><jtitle>Journal of management information systems</jtitle><date>2024-07-02</date><risdate>2024</risdate><volume>41</volume><issue>3</issue><spage>708</spage><epage>743</epage><pages>708-743</pages><issn>0742-1222</issn><eissn>1557-928X</eissn><abstract>Cybersecurity is a present and growing concern that needs to be addressed with both behavioral and design-oriented research. Public cloud providers such as Amazon Web Services and federal funding agencies such as the National Science Foundation have invested billions of dollars into developing high-performance computing resources accessible to users through configurable virtual machine (VM) images. This approach offers users the flexibility of changing and updating their environment for their computational needs. Despite the substantial benefits, users often introduce thousands of vulnerabilities by installing open-source software packages and misconfiguring file systems. Given the scale of vulnerabilities, security personnel struggle to identify and prioritize vulnerable assets for remediation. In this research, we designed a novel unsupervised deep learning-based Multi-View Combinatorial-Attentive Autoencoder (MV-CAAE) to capture multi-dimensional vulnerability data and automatically identify groups of similar vulnerable compute instances to help facilitate the development of targeted remediation strategies. We rigorously evaluated the proposed MV-CAAE against state-of-the-art methods in three technical clustering experiments. Experiment results indicate that the MV-CAAE achieves V-measure scores (metric of cluster quality) 8 percent-48 percent higher than benchmark methods. We demonstrated the practical value through a comprehensive case study by clustering vulnerable VMs and gathering qualitative feedback from experienced security professionals through semi-structured interviews. The results indicated that clustering vulnerable assets can help prioritize vulnerable instances for remediation and enhance decision-making tasks. The present design-research work also contributes to our theoretical knowledge of cyber-defense.</abstract><cop>Abingdon</cop><pub>Routledge</pub><doi>10.1080/07421222.2024.2376384</doi><tpages>36</tpages><orcidid>https://orcid.org/0000-0003-2393-8440</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0742-1222 |
| ispartof | Journal of management information systems, 2024-07, Vol.41 (3), p.708-743 |
| issn | 0742-1222 1557-928X |
| language | eng |
| recordid | cdi_crossref_primary_10_1080_07421222_2024_2376384 |
| source | International Bibliography of the Social Sciences (IBSS); Business Source Ultimate; Taylor & Francis |
| subjects | asset clustering Assets attention mechanisms Cloud computing Clustering Combinatorial analysis Computer security cyberinfrastructure Cybersecurity Decision making Deep learning design science Image enhancement Learning multi-view representation learning Multidimensional methods Online vulnerability Open source software Remediation Security personnel State-of-the-art reviews Virtual environments Vulnerability Web services |
| title | Enhancing Vulnerability Prioritization in Cloud Computing Using Multi-View Representation Learning |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T19%3A44%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Enhancing%20Vulnerability%20Prioritization%20in%20Cloud%20Computing%20Using%20Multi-View%20Representation%20Learning&rft.jtitle=Journal%20of%20management%20information%20systems&rft.au=Ullman,%20Steven&rft.date=2024-07-02&rft.volume=41&rft.issue=3&rft.spage=708&rft.epage=743&rft.pages=708-743&rft.issn=0742-1222&rft.eissn=1557-928X&rft_id=info:doi/10.1080/07421222.2024.2376384&rft_dat=%3Cproquest_cross%3E3100768914%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c216t-2e1077c9213ed6dfe61236ed17645c2e05b80a2e0e447b45b44bebb6261c10a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=3100768914&rft_id=info:pmid/&rfr_iscdi=true |