FRAPE: A Framework for Risk Assessment, Prioritization and Explainability of Vulnerabilities

Detalhes bibliográficos
Ano de defesa: 2023
Autor(a) principal: Ponte, Francisco Rodrigo Parente da
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Tese
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Não Informado pela instituição
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Cibersegurança
Gestão de Risco
Aprendizado Ativo
Aprendizado de Máquina
Cybersecurity
Risk Assessment
Active Learning
Machine Learning
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Link de acesso: http://repositorio.ufc.br/handle/riufc/76691
Resumo: Inadequate security practices, such as using single metrics, for instance, considering only the Common Vulnerability Scoring System (CVSS) in the Vulnerability Management (VM) process, can lead to an overestimation of the risk of asset exploitation. Ideally, security analysts should use vulnerability information, threat intelligence, and context to assess the likelihood and risk of exploiting security flaws. The lack of specialized tools makes this task complex and error-prone, as analysts must manually correlate information from multiple security sources with the thousands of assets present in the organization. Although Machine Learning (ML) can help in this task, researchers haven’t thoroughly explored its application in the VM process. Given this context, this thesis proposes FRAPE, a Risk-Based Vulnerability Management (RBVM) framework. FRAPE uses a data labeling technique called Active Learning (AL) combined with a Supervised Learning approach to create an ML model capable of emulating the experience of security experts in analyzing and assessing the risk of exploiting vulnerabilities. FRAPE is composed of 4 modules which are: (i) Data Collection, responsible for aggregating the necessary information for risk assessment; (ii) Vulnerability Labeling, where active learning is used to label vulnerabilities with the most significant characteristics; (iii) Classification and Prioritization of Vulnerabilities, where security flaws will be classified and consequently prioritized for correction considering their risks; and finally, (iv) Results Interpretation, where we provide a detailed analysis of why the vulnerabilities were considered critical. Thus, this work seeks to develop a solution capable of helping security analysts identify the most critical vulnerabilities so that they can defend themselves from potential attacks by malicious users.

Registros relacionados