English

Deep VULMAN: A Deep Reinforcement Learning-Enabled Cyber Vulnerability Management Framework

Artificial Intelligence 2022-10-26 v2 Cryptography and Security Neural and Evolutionary Computing

Abstract

Cyber vulnerability management is a critical function of a cybersecurity operations center (CSOC) that helps protect organizations against cyber-attacks on their computer and network systems. Adversaries hold an asymmetric advantage over the CSOC, as the number of deficiencies in these systems is increasing at a significantly higher rate compared to the expansion rate of the security teams to mitigate them in a resource-constrained environment. The current approaches are deterministic and one-time decision-making methods, which do not consider future uncertainties when prioritizing and selecting vulnerabilities for mitigation. These approaches are also constrained by the sub-optimal distribution of resources, providing no flexibility to adjust their response to fluctuations in vulnerability arrivals. We propose a novel framework, Deep VULMAN, consisting of a deep reinforcement learning agent and an integer programming method to fill this gap in the cyber vulnerability management process. Our sequential decision-making framework, first, determines the near-optimal amount of resources to be allocated for mitigation under uncertainty for a given system state and then determines the optimal set of prioritized vulnerability instances for mitigation. Our proposed framework outperforms the current methods in prioritizing the selection of important organization-specific vulnerabilities, on both simulated and real-world vulnerability data, observed over a one-year period.

Keywords

Cite

@article{arxiv.2208.02369,
  title  = {Deep VULMAN: A Deep Reinforcement Learning-Enabled Cyber Vulnerability Management Framework},
  author = {Soumyadeep Hore and Ankit Shah and Nathaniel D. Bastian},
  journal= {arXiv preprint arXiv:2208.02369},
  year   = {2022}
}

Comments

12 pages, 3 figures

R2 v1 2026-06-25T01:27:49.705Z