Multi-domain Vulnerability Assessment

Led by Vandana Janeja, Ph. D.

Vandana Janeja is Professor and Chair of the Information Systems department at the University of Maryland Baltimore County (UMBC). She heads the MData lab at UMBC. Her research is in the area of data science with a focus on data heterogeneity across multiple domain datasets. She has published in various refereed conferences such as ACM SIGKDD, SIAM Data Mining, IEEE ICDM, IEEE ISI and journals such as IEEE TKDE, DMKD, KAIS and IDA. Her research has been funded through federal, state and private organizations including NSF, U.S. Army Corps of Engineers, MD State Highway Administration, CISCO. She holds a Ph.D. in Information Technology from Rutgers University. She completed her MBA from Rutgers University and MS in Computer Science from New Jersey Institute of Technology.

Project:

In recent years, the number of disclosed vulnerabilities has been growing exponentially, which subject many services to an increased number of exploits. This flood of vulnerability data has made it difficult for network administrators to keep up with the innovations in preventing and tamping down the vulnerabilities. In addition, most vulnerability data do not have information about its impact in terms of the environment where it is deployed, the scale of impact due to the various interdependencies between software and types of settings it is exploited in. Thus, there is a disconnect between the IT assets and the vulnerability management and alerting systems that can monitor these systems for possible exploit routes into the assets. This need for separate systems leads to missed vulnerabilities, manual lookups, added costs in terms of dollars and time. Dr. Janeja is researching multi-domain methods to enhance vulnerability data with data from additional sources through an AI pipeline that provides the ability to connect open vulnerability databases with the organization’s IT asset inventory without invasive crawling of assets. Dr. Janeja plans to supervise an undergraduate student to achieve two aims (a) Evaluate additional datasets that can be combined with the vulnerability datasets to enhance knowledge about new and existing vulnerabilities. (b) develop methods to discover interdependencies between vulnerabilities. The REU student will also have an opportunity to work with other student teams such as Data Scholars and other students in the MData Lab on related projects in Multi-domain mining.