ILLATION: Improving Vulnerability Risk Prioritization by Learning From Network

Zhen Zeng, Dijiang Huang, Guoliang Xue, Yuli Deng, Neha Vadnere, Liguang Xie

Research output: Contribution to journalArticlepeer-review

Abstract

Network administrators face the challenge of efficiently patching overwhelming volumes of vulnerabilities with limited time and resources. To address this issue, they must prioritize vulnerabilities based on the associated risk/severity measurements (i.e., CVSS). Existing solutions struggle to efficiently patch thousands of vulnerabilities on a network. This article presents ILLATION, a proof-of-concept model that provides network-specific vulnerability risk prioritization to support efficient patching. ILLATION integrates AI techniques, such as neural networks and logical programming, to learn risk patterns from adversaries, vulnerability severity, and the network environment. It provides an integrated solution that learns and infers adversaries' motivation and ability in a network while also learning the constraints that restrict interactions between vulnerabilities and network elements. An evaluation of ILLATION against CVSS base and environmental metrics shows that it reflects changes in vulnerability scores and prioritization ranks as the same pattern as the CVSS model while identifying vulnerabilities with similar risk patterns to given adversaries better. On a simulated network with up to 10 k vulnerable hosts and vulnerabilities, ILLATION can assess 1 k vulnerabilities in about 4.5 minutes total, with an average running time of 0.19 seconds per vulnerability on a general-purpose computer.

Original languageEnglish (US)
Pages (from-to)1890-1901
Number of pages12
JournalIEEE Transactions on Dependable and Secure Computing
Volume21
Issue number4
DOIs
StatePublished - 2024

Keywords

  • Vulnerability prioritization
  • cloud security
  • logic reasoning
  • network security

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'ILLATION: Improving Vulnerability Risk Prioritization by Learning From Network'. Together they form a unique fingerprint.

Cite this