Automated Risk Analysis of a Vulnerability Disclosure Using Active Learning
Exhaustively listing the software and hardware components of an information system is non-trivial. This makes even harder to analyze the risk created by a vulnerability disclosure in the context of a specific information system. Instead of basing the risk analysis of a newly disclosed vulnerability on a possibly obsolete list of components, we focus on the security team members tasked with protecting the information system, by studying how Chief Information Security Officers (CISOs) and their subordinates actually react to vulnerability disclosures. We propose to use active learning to extract the conscious and unconscious knowledge of an information system’s security team in order to automate the risk analysis of a newly disclosed (n-day) vulnerability for a specific system to be defended.
Tue 16 NovDisplayed time zone: Brussels, Copenhagen, Madrid, Paris change
13:30 - 15:00 | Cyber Threat IntelligenceCall for Papers at Grand Auditorium Chair(s): Gurvan LE GUERNIC DGA MI & Université de Rennes 1 | ||
13:30 30mTalk | La Threat Intelligence comme vecteur d’automatisation de la Cyberdéfense Call for Papers Media Attached File Attached | ||
14:00 20mTalk | Automatisation de l'analyse de binaires : de la collecte source ouverte à la Threat Intel Call for Papers Media Attached | ||
14:20 20mTalk | Automated Risk Analysis of a Vulnerability Disclosure Using Active Learning Call for Papers Media Attached | ||
14:40 20mTalk | Attack Forecast and Prediction Call for Papers Florian Kaiser Karlsruhe Institute of Technology, Tobias Budig Karlsruhe Institute of Technology, Elisabeth Goebel Karlsruhe Institute of Technology, Tessa Fischer Karlsruhe Institute of Technology, Jurek Muff Karlsruhe Institute of Technology, Marcus Wiens Karlsruhe Institute of Technology, Frank Schultmann Karlsruhe Institute of Technology Media Attached | ||