Software plays a vital role in supporting scientific communities. Yanfang (Fanny) Ye, assistant professor of computer science and electrical engineering at West Virginia University, has been awarded a grant from the National Science Foundation in support of her work to enhance security for modern software programming cyberinfrastructure. The award comes with $649,156 in funding over a three-year period.
Modern software programming cyberinfrastructure, consisting of online discussion platforms like Stack Overflow and social coding repositories such as Github, offers an open-source and collaborative environment for scientific communities to expedite the process of software development. Within this ecosystem, researchers and developers can reuse code snippets and libraries, or adapt existing ready-to-use software to solve their own problems. One such example, CycleGAN, a software developed by computer vision researchers, has been shared by research the community to expedite the development of novel image processing applications.
“Despite the apparent benefits of this new social coding paradigm, its potential security-related risks have been largely overlooked; insecure or malicious codes could be easily embedded and distributed, which could severely damage the scientific credibility of CI,” said Ye. “For instance, as cryptocurrency has grown in popularity, attackers have injected malicious mining code into GitHub. It’s predicted that 2018 could be a year of cyberattacks on critical infrastructure with colleges and universities becoming the primary targets of these attacks. There is an urgent need for developing scalable techniques and tools to automatically detect these open-source insecure or malicious codes.”
Ye will focus her efforts on the development of new techniques by exploring innovative links between artificial intelligence and cybersecurity to automate the detection of insecure and malicious codes on social coding platforms. Her proposed techniques will benefit scientific communities and society as a whole by promoting the efficiency of cyber-enabled software development without sacrificing the security.
Ye has extensive research and development experience in Internet security solutions. Before joining WVU, she was the principal scientist in Comodo Security Solutions, Inc., a provider of computer software and SSL digital certificates, and deputy director at Kingsoft Internet Security Corporation, the second biggest Internet security company in China. Ye proposed and developed cloud-based solutions for mining big data in the area of Internet security, especially for malware detection and phishing fraud detection. Her developed algorithms and systems have been incorporated into popular commercial products, including Comodo Internet Security and Kingsoft Antivirus that serve millions of users worldwide.
She also recently received the prestigious ACM SIGKDD 2017’s Best Paper and Best Student Paper awards (Applied Data Science Track), the IEEE EISIC 2017 Best Paper Award and the 2017 New Researcher of the Year Award from the Statler College.
As part of the grant, Ye, in collaboration with Xin Li, professor of computer science and electrical engineering, and Brian Woerner, chair and professor of computer science and electrical engineering, will design and deploy the proposed techniques and developed tools for scientific and engineering communities to enhance code security spanning the entire CI ecosystem. The team will also establish a Cybersecurity Lab at WVU, which will become a playground for cybersecurity training for both students and professionals.
Mary C. Dillon, Statler College of Engineering and Mineral Resources
Follow @WVUToday on Twitter.