Artificial Intelligence-Enabled Vulnerability Analysis and Management for IT Infrastructure: A Computational Design Science Approach

Abstract

Modern Information Technology (IT) infrastructure and open-source software (OSS) have revolutionized our ability to access and process data, enabling us to tackle increasingly complex problems and challenges. While these technologies provide substantial benefits, they often expose users to vulnerabilities that can severely damage individuals and organizations. To combat these risks, cybersecurity teams routinely conduct vulnerability scans and assessments to identify, assess, prioritize, remediate, and mitigate vulnerabilities afflicting their IT assets. However, cybersecurity analysts are often inundated by the sheer volume of vulnerability data stemming from thousands of vulnerabilities across an expansive array of IT assets. Moreover, emerging vulnerabilities are publicly disclosed at an unprecedented rate, scaling to tens of thousands of vulnerabilities discovered annually. The diverse types of IT assets and massive scale of vulnerabilities create a complex vulnerability landscape that necessitates an automated approach.This dissertation comprises three essays that adopt the computational design science paradigm to create novel deep learning-based IT artifacts that enhance vulnerability analysis and management in IT infrastructure. Essay I develops a novel attention-based multi-view autoencoder to automatically identify and prioritize vulnerable IT assets in IT infrastructure. Essay II leverages neural information retrieval and contrastive self-supervised learning to develop a novel transformer that links vulnerability scans with disclosed vulnerabilities containing remediation strategies. Essay III utilizes graph contrastive learning and graph transformers to secure software deployments in IT infrastructure by replacing vulnerable software with secure alternatives. Each essay offers valuable practical implications for cybersecurity analysts, IT auditors, and application security engineers. Collectively, this dissertation contributes numerous design principles to the Information Systems (IS) knowledge base to facilitate future research.