Abstract
Network administrators face the challenge of efficiently patching overwhelming volumes of vulnerabilities with limited time and resources. To address this issue, they must prioritize vulnerabilities based on the associated risk/severity measurements (i.e., CVSS). Existing solutions struggle to efficiently patch thousands of vulnerabilities on a network. This paper presents ILLATION, a proof-of-concept model that provides network-specific vulnerability risk prioritization to support efficient patching. ILLATION integrates AI techniques, such as neural networks and logical programming, to learn risk patterns from adversaries, vulnerability severity, and the network environment. It provides an integrated solution that learns and infers adversaries' motivation and ability in a network while also learning the constraints that restrict interactions between vulnerabilities and network elements. An evaluation of ILLATION against CVSS base and environmental metrics shows that it reflects changes in vulnerability scores and prioritization ranks as the same pattern as the CVSS model while identifying vulnerabilities with similar risk patterns to given adversaries better. On a simulated network with up to 10k vulnerable hosts and vulnerabilities, ILLATION can assess 1k vulnerabilities in about 4.5 minutes total, with an average running time of 0.19 seconds per vulnerability on a general-purpose computer.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 1-12 |
| Number of pages | 12 |
| Journal | IEEE Transactions on Dependable and Secure Computing |
| DOIs | |
| State | Accepted/In press - 2023 |
Keywords
- Cloud Security
- Cognition
- Computational modeling
- Costs
- Data models
- Logic Reasoning
- Measurement
- Network Security
- Network security
- Risk management
- Vulnerability Prioritization
ASJC Scopus subject areas
- General Computer Science
- Electrical and Electronic Engineering