Dynamic Vulnerability Classification for Enhanced Cyber Situational Awareness

Abstract

Cyber-threat landscape and adversarial capabilities have strengthened significantly due to the digital transformation and increased computational capacity of individuals. To stay ahead in the game, a cyber defender must have full situational awareness of any existing infrastructural vulnerabilities. Lever- aging vulnerability reports from NVD, MITRE, Twitter, etc., is an uphill task as one must find the existing vulnerabilities first, find vulnerability reports for the same, and then prepare a mitigation plan by going through each report individually. Moreover, human attention is needed to understand the context and decide whether the risk is acceptable or actionable. In this work, we architect and implement an AI-based prediction engine for our Cyber-threats and Vulnerability Information Analyzer (CyVIA) framework to classify vulnerability reports based on inferred attack types. This AI-engine speeds up the vulnerability analysis process for cyber defenders by providing the applicable attack types on the evaluated infrastructure. We test various unsupervised and supervised machine learning models to classify vulnerability reports. Furthermore, we compare the results, tune the best-observed models, and propose a final fully trained model with the highest accuracy for classifying new vulnerability reports.