A Machine Learning-based Approach for Automated Vulnerability Remediation Analysis

Zhang, Fengli; Huff, Philip; McClanahan, Kylie; Li, Qinghua

doi:10.1109/cns48642.2020.9162309

Cited by 14 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some studies [14]- [19] have reported the need for human expertise in PM due to the increased complexity of security patching and the limitations of the current technologies to provide solutions covering the entire process. However, the authors in [14], [18], [20]- [23] highlighted the significant gap in the required skills and knowledge expertise in PM.…”

Section: Background and Related Workmentioning

confidence: 99%

Automated Patch Management: An Empirical Evaluation Study

Mehri,

Arlos,

Casalicchio

2023

2023 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

Vulnerability patch management is one of IT organizations' most complex issues due to the increasing number of publicly known vulnerabilities and explicit patch deadlines for compliance. Patch management requires human involvement in testing, deploying, and verifying the patch and its potential side effects. Hence, there is a need to automate the patch management procedure to keep the patch deadline with a limited number of available experts. This study proposed and implemented an automated patch management procedure to address mentioned challenges. The method also includes logic to automatically handle errors that might occur in patch deployment and verification. Moreover, the authors added an automated review step before patch management to adjust the patch prioritization list if multiple cumulative patches or dependencies are detected. The result indicated that our method reduced the need for human intervention, increased the ratio of successfully patched vulnerabilities, and decreased the execution time of vulnerability risk management.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Automated Patch Management: An Empirical Evaluation Study

Mehri,

Arlos,

Casalicchio

2023

2023 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

show abstract

“…Many studies have applied machine-learning-based solutions to predict remediation decisions and classify the type of vulnerability in different domains such as power grid and software development. For example, authors in [20] built their decision tree based on data of the asset and vulnerability features for a power grid and reached 97% accuracy. However, their solution is domain-specific and requires manual verification on the small prediction portion to reduce false negatives.…”

Section: Related Workmentioning

confidence: 99%

Automated Context-Aware Vulnerability Risk Management for Patch Prioritization

2022

View full text Add to dashboard Cite

The information-security landscape continuously evolves by discovering new vulnerabilities daily and sophisticated exploit tools. Vulnerability risk management (VRM) is the most crucial cyber defense to eliminate attack surfaces in IT environments. VRM is a cyclical practice of identifying, classifying, evaluating, and remediating vulnerabilities. The evaluation stage of VRM is neither automated nor cost-effective, as it demands great manual administrative efforts to prioritize the patch. Therefore, there is an urgent need to improve the VRM procedure by automating the entire VRM cycle in the context of a given organization. The authors propose automated context-aware VRM (ACVRM), to address the above challenges. This study defines the criteria to consider in the evaluation stage of ACVRM to prioritize the patching. Moreover, patch prioritization is customized in an organization’s context by allowing the organization to select the vulnerability management mode and weigh the selected criteria. Specifically, this study considers four vulnerability evaluation cases: (i) evaluation criteria are weighted homogeneously; (ii) attack complexity and availability are not considered important criteria; (iii) the security score is the only important criteria considered; and (iv) criteria are weighted based on the organization’s risk appetite. The result verifies the proposed solution’s efficiency compared with the Rudder vulnerability management tool (CVE-plugin). While Rudder produces a ranking independent from the scenario, ACVRM can sort vulnerabilities according to the organization’s criteria and context. Moreover, while Rudder randomly sorts vulnerabilities with the same patch score, ACVRM sorts them according to their age, giving a higher security score to older publicly known vulnerabilities.

show abstract

“…The authors note that evaluation dynamics depend on the time metrics CVSS [2], as well as on the likelihood of vulnerability exploitation. In work [7], the authors developed a vulnerability analysis system based on machine learning (decision tree) in order to prioritize the release of patches. The inputs to the model are CVSS metrics and assets characteristics based on the CVSS baseline metrics.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

“…Studies [4][5][6][7], when solving the problem of prioritizing vulnerabilities, highlight the existence and possibility of exploitation as the main characteristic for increasing the threat where X i is the set of strategic vulnerability characteristics that do not depend on the target computer system and can be obtained through publicly accessible databases:…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

Constructing a model for the dynamic evaluation of vulnerability in software based on public sources

Tatarinova¹,

Sinelnikova

2021

EEJET

View full text Add to dashboard Cite

One of the key processes in software development and information security management is the evaluation of vulnerability risks. Analysis and evaluation of vulnerabilities are considered a resource-intensive process that requires high qualifications and a lot of technical information. The main opportunities and drawbacks of existing systems for evaluation of vulnerability risks in software, which include the lack of consideration of the impact of trends and the degree of popularity of vulnerability on the final evaluation, were analyzed. During the study, the following information was analyzed in the structured form: the vector of the general system of vulnerability evaluation, the threat type, the attack vector, the existence of the original code with patches, exploitation programs, and trends. The obtained result made it possible to determine the main independent characteristics, the existence of a correlation between the parameters, the order, and schemes of the relationships between the basic magnitudes that affect the final value of evaluation of vulnerability impact on a system. A dataset with formalized characteristics, as well as expert evaluation for further construction of a mathematical model, was generated. Analysis of various approaches and methods for machine learning for construction of a target model of dynamic risk evaluation was carried out: neuro-fuzzy logic, regression analysis algorithms, neuro-network modeling. A mathematical model of dynamic evaluation of vulnerability risk in software, based on the dynamics of spreading information about a vulnerability in open sources and a multidimensional model with an accuracy of 88.9 %, was developed. Using the obtained model makes it possible to reduce the analysis time from several hours to several minutes and to make a more effective decision regarding the establishment of the order of patch prioritization, to unify the actions of experts, to reduce the cost of managing information security risks

show abstract

A Machine Learning-based Approach for Automated Vulnerability Remediation Analysis

Cited by 14 publications

References 17 publications

Automated Patch Management: An Empirical Evaluation Study

Automated Patch Management: An Empirical Evaluation Study

Automated Context-Aware Vulnerability Risk Management for Patch Prioritization

Constructing a model for the dynamic evaluation of vulnerability in software based on public sources

Contact Info

Product

Resources

About