Web Science and Digital Libraries Research Group

Fig. 1: Fig. 1 (Click on image to expand): Story Attention Dynamics chart illustrating the life-cycle of two top news stories from May 18, 2018 -- May 19, 2018. Each line (red or blue) represents a top news story. The x-axis represents time while the y-axis represents the average degree of Connected Components (representation of story). Within our window of observation, the  Santa Fe High School Shooting   story received peak attention on Friday May 18, 2018 at 4:40PM, this attention waned with the lowest point coinciding with the rise of a new story, the  Royal Wedding of Prince Harry and Meghan Markle . News stories are born expected or unexpected, big or small, compete for attention with sibling stories or enjoy the spotlight alone, live short or long lives, and exit through death or hibernation.  Since August 2017, every 10-minutes, StoryGraph has been quantifying the attention given to news stories. In the past three years, we have seen threats of war , hurricanes Harvey / Irma /

On April 14, the Web Science and Digital Libraries (WS-DL) Research Group held our 2021 Research Expo.  The occasion was that we had two students who needed to give their MS project presentations, which we would have normally just handled internal within the department.  But since everything is on Zoom now anyway, we decided to allow the other professors in the group nominate one of their students to give a short research update.  All the materials (slides, software, data, etc.) are linked from the GitHub repo for the Research Expo, but the five presentations were: Abigail Mabe , " Extending Chromium: Memento-aware Web Browser " Dhruv Patel , " What Did It Look Like: A service for creating website timelapses using the Memento framework " Muntabir Choudhury , " A Supervised Learning Approach with Visual Features to Extract Metadata from Scanned Electronic Theses and Dissertations (ETDs) " Yasith Jayawardana , " Re-Streaming and Synthesis for Real-Tim

A critique of the summary of "Latent Feature Vulnerability Rankings of CVSS Vectors" (cc @correnmccoy https://t.co/Hmjph1CfNv — Sciuridae Hero (@attritionorg) January 20, 2021 When an academic researcher must condense months or even years of work into a few pages for peer-reviewed publication, some degree of selectivity is required in terms of what to include. A paper summary, like the one I presented in my blog post Summary of "Latent Feature Vulnerability Ranking of CVSS Vectors" can even further condense the original content and perhaps lead to additional questions. Sciuridae Hero ( @attritionorg ), also known as Brian Martin (industry expert on security topics), took note of my paper summary and offered a thoughtful critique via Twitter and his own detailed blog entries. In this posting, I would like to take a deeper look at each of Mr. Martin's bulleted comments and observations to 1) make sure I adequately represented the authors' original intent,

Figure 1: Overview of 110,766 CVEs reported from 1998 to 2018 obtained from the NVD. Layers are severity classification: low, medium, high, and critical. (Source: Pham et al.) Computing network facilities and data storages in national, industry, academic research labs, and offices are all possible targets of cyber attacks. A network vulnerability analysis, remediation, and alerting tool that can help enhance the security against cyber attacks caused by human error can potentially reduce network vulnerabilities. Even though human error is the most significant cybersecurity vulnerability (e.g., falling for phishing , unrestrained web browsing, and weak passwords ), most commercial  vulnerability scanners are not designed to detect vulnerabilities introduced by humans interacting with the system. In their paper, CVExplorer: Multidimensional Visualization for Common Vulnerabilities and Exposures , Pham et al. introduce a novel interactive system for visualizing cybersecurity threats

Figure 1: CVSS Score Metrics. (Source: Balbix ) The Common Vulnerability Scoring System ( CVSS ) is an open framework for communicating the characteristics and severity of software vulnerabilities. These severity scores, ranging from 0 (low) to 10 (high),  have been directly used to prioritize vulnerability mitigation strategies . However, CVSS scores are not strongly linked to known  cybersecurity exploits  and analysts can be overwhelmed by the volume of vulnerabilities that have similar high scores. This simple ranking approach could be improved if more detailed information on vulnerabilities and exploits were available. In their paper " Latent feature vulnerability ranking of CVSS vectors ", Ross et al. seek to improve upon the CVSS score ranking by exploring the latent feature space described by a Jaccard similarity metric . Their goal is to provide a data-driven and alternative ranking approach using features in the CVSS base and temporal metric groups, Figure 1, enum

Figure 1: Visualization of BRON with Vulnerabilities and Affected Product Configurations (Source: Hemberg et al.) Cyber threats, like the recent SolarWinds Sunburst attack, are harmful and hard to defend against. However, multiple sources of information about potential threats and vulnerabilities are publicly available to help. These kinds of sources are intended to be used by cyber security specialists and threat hunters to develop cyber defense strategies, operations, and tactics. The definitions of a few key terms will provide context for the research concepts discussed in this post. Tactic . A general, beginning-to-end strategy an adversary might use to gain access to valuable systems and information. Technique : Describes how an adversary achieves a tactical objective. Attack Pattern : A series of repeatable steps that can be applied to simulate an attack against the security of a system. Weakness : An error in software code that might lead to a vulnerability. Vulnerability : A