Spotlight
in
Workshop: ICML workshop on Machine Learning for Cybersecurity (ICML-ML4Cyber)
An Artificial Intelligence-Enabled Framework for Optimizing the Dynamic Cyber Vulnerability Management Process
Soumyadeep Hore · Ankit Shah · Nathaniel Bastian
Cyber vulnerability management is a critical function performed by a cybersecurity operations center (CSOC) that helps protect organizations against cyber-attacks on their computer and network systems. Adversaries hold an asymmetric advantage over the CSOC, as the number of deficiencies in these systems is increasing at a significantly higher rate compared to the rate at which the security teams are expanding to mitigate them in a resource-constrained CSOC environment. The current approaches employed at the CSOCs and recently published in the literature are deterministic and one-time decision-making methods, which do not consider future uncertainties when prioritizing and selecting vulnerabilities for mitigation. In addition, these approaches are constrained by the sub-optimal distribution of resources, providing no flexibility to the security team to adjust their response to fluctuations in vulnerability arrivals and thereby, weakening their security posture. We propose a novel artificial intelligence-enabled framework, Deep VULMAN, which consists of a deep reinforcement learning agent and an integer programming method to fill this gap in the cyber vulnerability management process. Our sequential decision-making framework, first, determines the near-optimal amount of resources to be allocated for mitigation under uncertainty, given an observed state of the system, and then determines the optimal set of prioritized vulnerability instances selected for mitigation. Our proposed framework outperforms the current methods in prioritizing the selection of important organization-specific vulnerabilities on real-world vulnerability data observed over a one-year period.