LICALITY-Likelihood and Criticality: Vulnerability Risk Prioritization Through Logical Reasoning and Deep Learning

Zhen Zeng, Zhun Yang, Dijiang Huang, Chun Jen Chung

Research output: Contribution to journalArticlepeer-review

Abstract

Security and risk assessment aims to prioritize detected vulnerabilities for remediation in a computer networking system. The widely used expert-based risk prioritization approach, e.g., Common Vulnerability Scoring System (CVSS), cannot realistically associate vulnerabilities to the likelihood of exploitation. The CVSS metrics are calculated from static formulas, and cannot easily integrate attackers' motivations and capabilities w.r.t. the network environmental factors. To address this issue, this paper proposes LICALITY, a vulnerability risk prioritization system. LICALITY captures the attacker's preference on exploiting vulnerabilities through a threat modeling method, and learns threat attributes that contribute to the exploitation of vulnerability. LICALITY creatively uses a neuro-symbolic model, with neural network (NN) and probabilistic logic programming (PLP) techniques, to learn such threat attributes. The risk of vulnerability is assessed from the criticality of exploitation and the likelihood of exploitation. LICALITY consolidates these two measurements by using a logic reasoning engine. In the evaluation, the historical threat and future threat are from real attack scenarios. The results reveal that LICALITY reduces the vulnerability remediation work of the future threat required by the CVSS by a factor of 2.89 in the first case study and by a factor of 1.85 in the second case study. Such future threats are identified as the top routinely exploited vulnerabilities and the APT attack chained vulnerabilities reported in the Cybersecurity and Infrastructure Security Agency (CISA) alerts.

Original languageEnglish (US)
Pages (from-to)1746-1760
Number of pages15
JournalIEEE Transactions on Network and Service Management
Volume19
Issue number2
DOIs
StatePublished - Jun 1 2022

Keywords

  • Logical reasoning
  • Neural network
  • Neuro-symbolic
  • Risk prioritization
  • Threat model
  • Vulnerability management

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'LICALITY-Likelihood and Criticality: Vulnerability Risk Prioritization Through Logical Reasoning and Deep Learning'. Together they form a unique fingerprint.

Cite this