Assessing the Vulnerabilities of the Open Source AI Landscape
Aishwarya Nair
Undergraduate Researcher
Management Major (Kelley School of Business)
Sagar Samtani
Faculty Mentor
Sagar Samtani (Kelley School of Business)
Project Description
Cybersecurity has undoubtedly become a significant societal concern. The growing emphasis that many organizations place on open source software has shifted the focus of the conventional asset acquisition process. Increasingly, many hackers and attackers are poisoning or injecting vulnerabilities into significant, major open source software repositories that are used as the basis for many modern software packages. As a result, hackers can effectively conduct software supply chain attacks. The focus of this project is analyzing large open source repositories (specifically GitHub) of source code to identify vulnerabilities and how the vulnerabilities have propagated as a result of pull/push/fork events. This project will provide valuable opportunities to produce network science and graph neural network based approaches to execute these tasks.
Technology or Computational Component
The student would be involved in most aspects of the project, especially those as it pertains to their long-term interests. In general, the technology requirement would include: -GitHub API access to collect GitHub repositories about AI. -Use of automated vulnerability assessment tools to assess the flaws in collected GitHub repositories. -Use of Python based AI-enabled analytics tools, namely scikit-learn, networkx, igraph, and/or Keras.