A Vulnerability Risk Assessment Methodology Using Active Learning.

Inadequate information security practices, such as using single metrics in Vulnerability Management (VM), can cause analysts to underestimate the likelihood and impact of vulnerability exploitation. Ideally, vulnerability, threat intelligence, and context information should be used in this task. Nonetheless, the lack of specialized tools makes this activity impractical since analysts have to manually correlate data from various security sources to identify the most critical vulnerabilities among thousands of organization assets. Although Machine Learning (ML) can assist in this process, its application has been little explored in the literature. Thus, we present a methodology based on Active Learning (AL) to create a supervised model capable of emulating the experience of experts in the Risk Assessment (RA) of vulnerabilities. Our experiments indicated that the proposed solution performed similarly to that of the analysts and achieved an average accuracy of 88% for critical vulnerabilities.