A vulnerability in cybersecurity can be any weakness within a software or hardware of any information systems, internal controls, network or system processes that can be exploited to cause damage, or allow an attacker to manipulate the system in some way. Since the late 1980s cyberattacks through exploiting vulnerabilities started to evolve and increasingly becoming sophisticated and dangerous. Successful cyber-attacks are primarily takes place through the exploitation of vulnerabilities. Although thousands of vulnerabilities are being detected and registered each year it has been observed that only few of them get exploited by threat actors. Hence, there is a need to utilize machine learning to develop a model to predict the highly exploitable vulnerabilities by the threat actors and a model to predict the number of future vulnerability to support a cost-effective cyber security management. Subsequently, the predicted exploitable vulnerabilities need to be ranked to understand their severity impact, if the exploitation is realized. The literature reviews show that all the existing machine learning models primarily have utilized United States (U.S) vulnerability database, the largest in its kind, as the source of vulnerability data. The literature review shows that there are existing research works with machine learning approaches to forecast the number of future vulnerabilities and to predict the highly exploitable vulnerabilities, but the literature shows that a risk ranking matrix is missing in this domain. Hence, the need to fill up this gap is of urgent need. The aim of this research is to develop a novel risk matrix that ranks the severity impact of highly exploitable vulnerabilities. To achieve this scope we have developed machine learning based model to predict the highly exploitable vulnerabilities to work as background engines to find the most exploitable vulnerabilities out of published known vulnerabilities. Unlike few existing research works, our proposed risk ranking matrix for most exploitable vulnerabilities aggregated all the relevant attributes for base CVSS scoring and the CVSS score itself, the proposed algorithm has ten risk levels which are highly granular and flexible. Furthermore, those risk levels can be redefined and scaled to meet any specific security needs. Finally, a proof of concept tool is also developed to demonstrate the proposed vulnerability prediction framework. The proposed risk ranking matrix can significantly support the security patching management in a proactive and cost-effective way. Moreover, the proposed models need much less computational resources and time, making it suitable for the usage of any scale.
Skip Nav Destination
Article navigation
22 May 2023
PROCEEDINGS OF THE 1ST INTERNATIONAL CONFERENCE ON FRONTIER OF DIGITAL TECHNOLOGY TOWARDS A SUSTAINABLE SOCIETY
26–27 January 2022
Cyberjaya, Malaysia
Research Article|
May 22 2023
Risk-ranking matrix for security patching of exploitable vulnerabilities
Mohammad Shamsul Hoque;
Mohammad Shamsul Hoque
a)
1
College of Computing and Informatics, Universiti Tenaga Nasional
, Kajang, Selangor, Malaysia
a)Corresponding author: [email protected]
Search for other works by this author on:
Norziana Jamil;
Norziana Jamil
b)
1
College of Computing and Informatics, Universiti Tenaga Nasional
, Kajang, Selangor, Malaysia
Search for other works by this author on:
Nowshad Amin;
Nowshad Amin
c)
2
Institute of Sustainable Energy, Universiti Tenaga Nasional
, Kajang, Selangor, Malaysia
Search for other works by this author on:
Muhamad Mansor
Muhamad Mansor
d)
3
Institute of Power Engineering, Universiti Tenaga Nasional
, Kajang, Selangor, Malaysia
Search for other works by this author on:
a)Corresponding author: [email protected]
AIP Conf. Proc. 2808, 050004 (2023)
Citation
Mohammad Shamsul Hoque, Norziana Jamil, Nowshad Amin, Muhamad Mansor; Risk-ranking matrix for security patching of exploitable vulnerabilities. AIP Conf. Proc. 22 May 2023; 2808 (1): 050004. https://doi.org/10.1063/5.0134560
Download citation file:
Pay-Per-View Access
$40.00
Sign In
You could not be signed in. Please check your credentials and make sure you have an active account and try again.
38
Views
Citing articles via
Inkjet- and flextrail-printing of silicon polymer-based inks for local passivating contacts
Zohreh Kiaee, Andreas Lösel, et al.
Design of a 100 MW solar power plant on wetland in Bangladesh
Apu Kowsar, Sumon Chandra Debnath, et al.
Production and characterization of corncob biochar for agricultural use
Praphatsorn Rattanaphaiboon, Nigran Homdoung, et al.
Related Content
A prediction of operating systems vulnerabilities using machine learning algorithms
AIP Conf. Proc. (May 2024)
An effectual mechanism for injected vulnerability scrutiny of web application using hybrid aco algorithm
AIP Conf. Proc. (August 2023)
Employing the generalized Lasso model to evaluate key determinants of livelihood vulnerability in the Southwestern coastal Bangladesh
AIP Conf. Proc. (February 2025)
A review for vegetation vulnerability using artificial intelligent (AI) techniques
AIP Conf. Proc. (March 2024)
Scoping review of methodologies for assessing building vulnerabilities and Tsunami-induced damages
AIP Conference Proceedings (October 2021)