Publication:
Risk-ranking matrix for security patching of exploitable vulnerabilities

Simple item page
dc.citedby0
dc.contributor.authorHoque M.S.en_US
dc.contributor.authorJamil N.en_US
dc.contributor.authorAmin N.en_US
dc.contributor.authorMansor M.en_US
dc.contributor.authorid57220806665en_US
dc.contributor.authorid36682671900en_US
dc.contributor.authorid7102424614en_US
dc.contributor.authorid6701749037en_US
dc.date.accessioned2024-10-14T03:18:32Z
dc.date.available2024-10-14T03:18:32Z
dc.date.issued2023
dc.description.abstractA vulnerability in cybersecurity can be any weakness within a software or hardware of any information systems, internal controls, network or system processes that can be exploited to cause damage, or allow an attacker to manipulate the system in some way. Since the late 1980s cyberattacks through exploiting vulnerabilities started to evolve and increasingly becoming sophisticated and dangerous. Successful cyber-attacks are primarily takes place through the exploitation of vulnerabilities. Although thousands of vulnerabilities are being detected and registered each year it has been observed that only few of them get exploited by threat actors. Hence, there is a need to utilize machine learning to develop a model to predict the highly exploitable vulnerabilities by the threat actors and a model to predict the number of future vulnerability to support a cost-effective cyber security management. Subsequently, the predicted exploitable vulnerabilities need to be ranked to understand their severity impact, if the exploitation is realized. The literature reviews show that all the existing machine learning models primarily have utilized United States (U.S) vulnerability database, the largest in its kind, as the source of vulnerability data. The literature review shows that there are existing research works with machine learning approaches to forecast the number of future vulnerabilities and to predict the highly exploitable vulnerabilities, but the literature shows that a risk ranking matrix is missing in this domain. Hence, the need to fill up this gap is of urgent need. The aim of this research is to develop a novel risk matrix that ranks the severity impact of highly exploitable vulnerabilities. To achieve this scope we have developed machine learning based model to predict the highly exploitable vulnerabilities to work as background engines to find the most exploitable vulnerabilities out of published known vulnerabilities. Unlike few existing research works, our proposed risk ranking matrix for most exploitable vulnerabilities aggregated all the relevant attributes for base CVSS scoring and the CVSS score itself, the proposed algorithm has ten risk levels which are highly granular and flexible. Furthermore, those risk levels can be redefined and scaled to meet any specific security needs. Finally, a proof of concept tool is also developed to demonstrate the proposed vulnerability prediction framework. The proposed risk ranking matrix can significantly support the security patching management in a proactive and cost-effective way. Moreover, the proposed models need much less computational resources and time, making it suitable for the usage of any scale. � 2023 Author(s).en_US
dc.description.natureFinalen_US
dc.identifier.ArtNo50004
dc.identifier.doi10.1063/5.0134560
dc.identifier.scopus2-s2.0-85161482298
dc.identifier.urihttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85161482298&doi=10.1063%2f5.0134560&partnerID=40&md5=dd6dc5b5bdc216618c5ee8137b3c41bf
dc.identifier.urihttps://irepository.uniten.edu.my/handle/123456789/34231
dc.identifier.volume2808
dc.publisherAmerican Institute of Physics Inc.en_US
dc.sourceScopus
dc.sourcetitleAIP Conference Proceedings
dc.titleRisk-ranking matrix for security patching of exploitable vulnerabilitiesen_US
dc.typeConference Paperen_US
dspace.entity.typePublication
Files
Collections
SCOPUS