Research Article
Towards Automated Assessment of Vulnerability Exposures in Security Operations
@INPROCEEDINGS{10.1007/978-3-030-90019-9_4, author={Philip Huff and Qinghua Li}, title={Towards Automated Assessment of Vulnerability Exposures in Security Operations}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2021}, month={11}, keywords={Software vulnerability Risk analysis Artificial intelligence}, doi={10.1007/978-3-030-90019-9_4} }
- Philip Huff
Qinghua Li
Year: 2021
Towards Automated Assessment of Vulnerability Exposures in Security Operations
SECURECOMM
Springer
DOI: 10.1007/978-3-030-90019-9_4
Abstract
Current approaches for risk analysis of software vulnerabilities using manual assessment and numeric scoring do not complete fast enough to keep pace with the maintenance work rate to patch and mitigate the vulnerabilities. This paper proposes a new approach to modeling software vulnerability risk in the context of the network environment and firewall configuration. In the approach, vulnerability features are automatically matched up with networking, target asset, and adversary features to determine whether adversaries can exploit a vulnerability. The ability of adversaries to reach a vulnerability is modeled by automatically identifying the network services associated with vulnerabilities through a pipeline of machine learning and natural language processing and automatically analyzing network reachability. Our results show that the pipeline can identify network services accurately. We also find that only a small number of vulnerabilities pose real risks to a system. However, if left unmitigated, adversarial reach to vulnerabilities may extend to nullify the effect of firewall countermeasures.