Show simple item record

dc.contributor.authorJacobs, Jayen
dc.contributor.authorRomanosky, Sashaen
dc.contributor.authorAdjerid, Idrisen
dc.contributor.authorBaker, Wadeen
dc.date.accessioned2021-02-08T20:02:36Zen
dc.date.available2021-02-08T20:02:36Zen
dc.date.issued2020-09-14en
dc.identifier.issn2057-2085en
dc.identifier.othertyaa015en
dc.identifier.urihttp://hdl.handle.net/10919/102309en
dc.description.abstractDespite significant innovations in IT security products and research over the past 20 years, the information security field is still immature and struggling. Practitioners lack the ability to properly assess cyber risk, and decision-makers continue to be paralyzed by vulnerability scanners that overload their staff with mountains of scan results. In order to cope, firms prioritize vulnerability remediation using crude heuristics and limited data, though they are still too often breached by known vulnerabilities for which patches have existed for months or years. And so, the key challenge firms face is trying to identify a remediation strategy that best balances two competing forces. On one hand, it could attempt to patch all vulnerabilities on its network. While this would provide the greatest 'coverage' of vulnerabilities patched, it would inefficiently consume resources by fixing low-risk vulnerabilities. On the other hand, patching a few high-risk vulnerabilities would be highly 'efficient', but may leave the firm exposed to many other high-risk vulnerabilities. Using a large collection of multiple datasets together with machine learning techniques, we construct a series of vulnerability remediation strategies and compare how each perform in regard to trading off coverage and efficiency. We expand and improve upon the small body of literature that uses predictions of 'published exploits', by instead using 'exploits in the wild' as our outcome variable. We implement the machine learning models by classifying vulnerabilities according to high- and low-risk, where we consider high-risk vulnerabilities to be those that have been exploited in actual firm networks.en
dc.format.mimetypeapplication/pdfen
dc.language.isoenen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.subjectvulnerability managementen
dc.subjectexploited vulnerabilityen
dc.subjectCVSSen
dc.subjectsecurity risk managementen
dc.subjectmachine learningen
dc.subjectprecisionen
dc.subjectrecallen
dc.titleImproving vulnerability remediation through better exploit predictionen
dc.typeArticle - Refereeden
dc.contributor.departmentBusiness Information Technologyen
dc.title.serialJournal of Cybersecurityen
dc.identifier.doihttps://doi.org/10.1093/cybsec/tyaa015en
dc.identifier.volume6en
dc.identifier.issue1en
dc.type.dcmitypeTexten
dc.type.dcmitypeStillImageen
dc.identifier.eissn2057-2093en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Creative Commons Attribution 4.0 International
License: Creative Commons Attribution 4.0 International