Automating cyber security advisories

Automating cyber security advisories: Supervised machine learning for automated decision making

Weegink, Stefan (TU Delft Electrical Engineering, Mathematics and Computer Science)

Zarras, A. (mentor)

Delft University of Technology

Computer Science

2022-09-27

There is an everlasting struggle for organisations to remediate vulnerabilities in IT systems before being the victim of an exploitation. Organisations try to reduce this struggle by turning to specialized cyber organisations, which use their expertise to recommend resolving a subset of vulnerabilities. Unfortunately, the process of recommending a selection of vulnerabilities is primarily done manually. Manual labour is time consuming and requires skilled personnel. Automating cyber advisories reduces both these problems.

We introduce ACSA, a process designed for the Automation of Cyber Security Advisories. ACSA creates a dataset that can be used by advisory publishers to automate their publications with minimal effort. The dataset contains around 90,000 advisories which are filtered by a machine learning model to the set published by the organisation. We applied the ACSA process and dataset to both the Dutch and Canadian NCSC and found that on average we can already automate the majority of advisories. This constitutes a significant workload reduction in comparison to the situation prior to the automation. Even better results are observed when looking at the performance of ACSA on specific vendors. For some vendors we are able to automate more than 90% of the advisories while creating minimal false positives.

automated advisories
patch prioritization
vulnerability prioritisation
keyword extraction
supervised learning
exploit prediction

http://resolver.tudelft.nl/uuid:008e979d-7683-4810-b1d0-160008e18d95

Student theses

master thesis

© 2022 Stefan Weegink