Automated Risk Analysis of a Vulnerability Disclosure Using Active Learning - Archive ouverte HAL Access content directly
Conference Papers Year :

Automated Risk Analysis of a Vulnerability Disclosure Using Active Learning

(1, 2) , (2, 1) , (3)
1
2
3

Abstract

Exhaustively listing the software and hardware components of an information system is non-trivial. This makes it even harder to analyze the risk created by a vulnerability disclosure in the context of a specific information system. Instead of basing the risk analysis of a newly disclosed vulnerability on a possibly obsolete list of components, we focus on the security team members tasked with protecting the information system, by studying how Chief Information Security Officers (CISOs) and their subordinates actually react to vulnerability disclosures. We propose to use active learning to extract the conscious and unconscious knowledge of an information system's security team in order to automate the risk analysis of a newly disclosed vulnerability for a specific information system to be defended.
Fichier principal
Vignette du fichier
2021-cesar_3758460.pdf (484.32 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03515662 , version 1 (06-01-2022)

Identifiers

  • HAL Id : hal-03515662 , version 1

Cite

Clément Elbaz, Louis Rilling, Christine Morin. Automated Risk Analysis of a Vulnerability Disclosure Using Active Learning. C&ESAR 2021 - 28th Computer & Electronics Security Application Rendezvous, Nov 2021, Rennes, France. pp.1-19. ⟨hal-03515662⟩
99 View
143 Download

Share

Gmail Facebook Twitter LinkedIn More