EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Vulnerability Selection for Remediation: An Empirical Analysis

Ankit Shah, Katheryn A. Farris, Rajesh Ganesan and Sushil Jajodia

The Journal of Defense Modeling and Simulation, 2022, vol. 19, issue 1, 13-22

Abstract: Vulnerabilities are security flaws in software and network systems that criminal hackers can exploit to gain an asymmetric advantage. Cyber-Security Operations Centers must routinely triage and patch vulnerabilities in their system(s) to minimize external exposure to attackers. The personnel resources required to address vulnerability remediation tasks are limited and constrained, thus motivating the need for optimization approaches to improve the efficiency of the vulnerability selection process. This paper investigates two different approaches to vulnerability selection for mitigation through (a) Individual Attribute Value Optimization and (b) Multiple Attribute Value Optimization. The former approach presents a methodology that optimizes the selection of vulnerabilities for mitigation with respect to an individual attribute, while the latter approach considers multiple attributes in the vulnerability selection decision-making. Real scan data from a Cyber-Security Operations Center are used to compare the results between the two mathematical approaches. Furthermore, comparisons are made with the results obtained from (a) the actual (baseline) Cyber-Security Operations Center performance, and (b) a vulnerability prioritization algorithm called VULCON that appeared in recent literature.

Keywords: Vulnerability management; vulnerability remediation; cyber-security operations center; multiple attribute value optimization; mixed integer programming (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://journals.sagepub.com/doi/10.1177/1548512919874129 (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:sae:joudef:v:19:y:2022:i:1:p:13-22

DOI: 10.1177/1548512919874129

Access Statistics for this article

More articles in The Journal of Defense Modeling and Simulation
Bibliographic data for series maintained by SAGE Publications ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:sae:joudef:v:19:y:2022:i:1:p:13-22