@inproceedings{d75bfb375f5643019bd214a512c2a8f8,
title = "Identifying Vulnerable GitHub Repositories and Users in Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach",
abstract = "The scientific cyberinfrastructure community heavily relies on public internet-based systems (e.g., GitHub) to share resources and collaborate. GitHub is one of the most powerful and popular systems for open source collaboration that allows users to share and work on projects in a public space for accelerated development and deployment. Monitoring GitHub for exposed vulnerabilities can save financial cost and prevent misuse and attacks of cyberinfrastructure. Vulnerability scanners that can interface with GitHub directly can be leveraged to conduct such monitoring. This research aims to proactively identify vulnerable communities within scientific cyberinfrastructure. We use social network analysis to construct graphs representing the relationships amongst users and repositories. We leverage prevailing unsupervised graph embedding algorithms to generate graph embeddings that capture the network attributes and nodal features of our repository and user graphs. This enables the clustering of public cyberinfrastructure repositories and users that have similar network attributes and vulnerabilities. Results of this research find that major scientific cyberinfrastructures have vulnerabilities pertaining to secret leakage and insecure coding practices for high-impact genomics research. These results can help organizations address their vulnerable repositories and users in a targeted manner.",
keywords = "GitHub, graph embedding, scientific cyberinfrastructure, vulnerability scanning",
author = "Ben Lazarine and Sagar Samtani and Mark Patton and Hongyi Zhu and Steven Ullman and Benjamin Ampel and Hsinchun Chen",
note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 18th IEEE International Conference on Intelligence and Security Informatics, ISI 2020 ; Conference date: 09-11-2020 Through 10-11-2020",
year = "2020",
month = nov,
day = "9",
doi = "10.1109/ISI49825.2020.9280544",
language = "English (US)",
series = "Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020",
}