Cyber Vulnerability Triage and Mitigation
Cyber vulnerabilities refer to security weaknesses in computer and network systems of organizations, which can be exploited by malicious actors to inflict significant harm. The existing resources dedicated to addressing these vulnerabilities are insufficient. In addition, security personnel possess varying levels of expertise and technical proficiencies with different computer and network devices. As a result, systems often remain unpatched, leaving them exposed to security breaches. The consequences of exploiting a vulnerability vary depending on the context and severity, which can differ across networks and organizations. There is a critical need to develop a resource-constrained approach to effectively identify and mitigate context-sensitive cyber vulnerabilities.
This study addresses this gap by developing an advanced analytics and mathematical optimization approach. First, a machine learning- (ML-)based vulnerability priority scoring system is developed that calculates priority scores for each vulnerability discovered within an organization's network. This system also quantifies the vulnerability exposure based on the organizational context. Second, a decision-support system consisting of a two-step sequential optimization approach is developed. This system optimally allocates the prioritized vulnerability instances to security personnel who possess the required skills for effective mitigation. Finally, by combining the strengths of deep reinforcement learning and integer programming, a novel artificial intelligence- (AI-)enabled framework is developed to optimally manage the resources. Overall, this study aims to strengthen the security posture of an organization with a dynamic cyber vulnerability management strategy by leveraging AI/ML and optimization techniques.
Related papers:
Towards Optimal Triage and Mitigation of Context-sensitive Cyber Vulnerabilities
Deep VULMAN: A Deep Reinforcement Learning-enabled Cyber Vulnerability Management Framework