Top

Published in:

2018 | OriginalPaper | Chapter

Review into State of the Art of Vulnerability Assessment using Artificial Intelligence

Authors : Saad Khan, Simon Parkinson

Published in: Guide to Vulnerability Analysis for Computer Networks and Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Vulnerability assessment is the essential and well-established process of probing security flaws, weaknesses and inadequacies in a computing infrastructure. The process helps organisations to eliminate security issues before attackers can exploit them for monetary gains or other malicious purposes. The significant advancements in desktop, Web and mobile computing technologies have widened the range of security-related complications. It has become an increasingly crucial challenge for security analysts to devise comprehensive security evaluation and mitigation tools that can protect the business-critical operations. Researchers have proposed a variety of methods for vulnerability assessment, which can be broadly categorised into manual, assistive and fully automated. Manual vulnerability assessment is performed by a human expert, based on a specific set of instructions that are aimed at finding the security vulnerability. This method requires a large amount of time, effort and resources, and it is heavily reliant on expert knowledge, something that is widely attributed to being in short supply. The assistive vulnerability assessment is conducted with the help of scanning tools or frameworks that are usually up-to-date and look for the most relevant security weakness. However, the lack of flexibility, compatibility and regular maintenance of tools, as they contain static knowledge, renders them outdated and does not provide the beneficial information (in terms of depth and scope of tests) about the state of security. Fully automated vulnerability assessment leverages artificial intelligence techniques to produce expert-like decisions without human assistance and is by far considered as the most desirable (due to time and financial reduction for the end-user) method of evaluating a systems’ security. Although being highly desirable, such techniques require additional research in improving automated knowledge acquisition, representation and learning mechanisms. Further research is also needed to develop automated vulnerability mitigation techniques that are capable of actually securing the computing platform. The volume of research being performed into the use of artificial intelligence techniques in vulnerability assessment is increasing, and there is a need to provide a survey into the state of the art.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter A Survey of Machine Learning Algorithms and Their Application in Information Security

https://www.manageengine.com/products/eventlog/

https://www.solarwinds.com/log-event-manager

http://www.logalyze.com/

https://www.netvizura.com/

http://www.openvas.org/

https://www.tenable.com/products/nessus-vulnerability-scanner

http://samuraism.jp/samurai/en/index.html

https://cirt.net/Nikto2

Sadeghi A, Bagheri H, Garcia J Malek S (2017) A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans Softw Eng 43(6):492–530

Cherdantseva Y, Hilton J (2013) A reference model of information assurance and security. In: 2013 eighth international conference on availability, reliability and security (ARES), IEEE, pp 546–555

Smith GS (2004) Recognizing and preparing loss estimates from cyber-attacks. Inf Syst Sec 12(6):46–57

Jerman-Blažič B et al (2008) An economic modelling approach to information security risk management. Int J Inf Manag 28(5):413–422CrossRef

Butler, S.A (2002) Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the 24th international conference on software engineering, ACM, pp 232–240

Romanosky S, Telang R, Acquisti A (2011) Do data breach disclosure laws reduce identity theft? J Policy Anal Manag 30(2):256–286CrossRef

O’dowd A (2017) Major global cyber-attack hits NHS and delays treatment. BMJ: British Med J (Online) 357

Shahzad M, Shafiq MZ, Liu AX (2012) A large scale exploratory analysis of software vulnerability life cycles. In: Proceedings of the 34th international conference on software engineering, IEEE Press, pp 771–781

Lystrup O (2017) Customer loss after a breach is real, but dont lose focus. https://continuum.cisco.com/2017/02/06/customer-loss-after-a-breach-is-real-but-dont-lose-focus/. Accessed 04 Dec 2017

10.

Ablon L, Heaton P, Lavery DC, Romanosky S (2016) Consumer attitudes toward data breach notifications and loss of personal information. Rand Corporation, CaliforniaCrossRef

11.

Keller S, Powell A, Horstmann B, Predmore C, Crawford M (2005) Information security threats and practices in small businesses. Inf Syst Manag 22(2):7CrossRef

12.

Parkinson S (2017) Use of access control to minimise ransomware impact. Netw Sec 7:5–8CrossRef

13.

Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the gordian knot: a look under the hood of ransomware attacks. In: International conference on detection of intrusions and malware, and vulnerability assessment, Springer, pp 3–24

14.

Kamongi P, Kotikela S, Kavi K, Gomathisankaran M, Singhal A (2013) Vulcan: Vulnerability assessment framework for cloud computing. In: 2013 IEEE 7th international conference on software security and reliability (SERE), IEEE, pp 218–226

15.

Jøsang A, AlFayyadh B, Grandison T, AlZomai M, McNamara J (2007) Security usability principles for vulnerability analysis and risk assessment. In: Twenty-third annual computer security applications conference, 2007. ACSAC 2007, IEEE, pp 269–278

16.

Baker GH (2005) A vulnerability assessment methodology for critical infrastructure sites. In: DHS symposium: R and D partnerships in homeland security

17.

Benton K, Camp LJ, Small C (2013) Openflow vulnerability assessment. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, ACM, pp 151–152

18.

Ristov S, Gusev M, Donevski A (2014) Security vulnerability assessment of openstack cloud. In: 2014 sixth international conference on computational intelligence, communication systems and networks (CICSyN), IEEE, pp 95–100

19.

Khan S, Parkinson S, Crampton A (2017) A multi-layered cloud protection framework. In: Companion proceedings of The 10th international conference on utility and cloud computing, ACM, pp 233–238

20.

Gomez-Barrero M, Galbally J, Fierrez J (2014) Efficient software attack to multimodal biometric systems and its application to face and iris fusion. Pattern Recognit Lett 36:243–253CrossRef

21.

Cherdantseva Y, Burnap P, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K (2016) A review of cyber security risk assessment methods for scada systems. Comput Sec 56:1–27CrossRef

22.

Shabtai A, Fledel Y, Kanonov U, Elovici Y, Dolev S, Glezer C (2010) Google android: a comprehensive security assessment. IEEE Sec Privacy 8(2):35–44CrossRef

23.

Wang H, Zhang Y, Li J, Liu H, Yang W, Li B, Gu D (2015) Vulnerability assessment of oauth implementations in android applications. In: Proceedings of the 31st annual computer security applications conference, ACM, pp 61–70

24.

Zhang C, Sun J, Zhu X, Fang Y (2010) Privacy and security for online social networks: challenges and opportunities. IEEE Netw 24(4)

25.

Zhao J, Zhao SY (2015) Security and vulnerability assessment of social media sites: an exploratory study. J Educ Busin 90(8):458–466CrossRef

26.

Zhao JJ (2010) Zhao SY (2010) Opportunities and threats: a security assessment of state e-government websites. Gov Inf Q 27(1):49–56CrossRef

27.

Barrere M, Badonnel R, Festor O (2014) Vulnerability assessment in autonomic networks and services: a survey. IEEE Commun Surv Tutor 16(2):988–1004CrossRef

28.

Movassaghi S, Abolhasan M, Lipman J, Smith D, Jamalipour A (2014) Wireless body area networks: a survey. IEEE Commun Surv Tutor 16(3):1658–1686CrossRef

29.

Khan S, Parkinson S, Qin Y (2017) Fog computing security: a review of current applications and security solutions. J Cloud Comput 6(1):19CrossRef

30.

Parkinson S, Qin Y, Khan S, Vallati M (2017) Security auditing in the fog. In: Proceedings of the second international conference on internet of things and cloud computing, ACM, p 191

31.

Hahn A, Ashok A, Sridhar S, Govindarasu M (2013) Cyber-physical security testbeds: architecture, application, and evaluation for smart grid. IEEE Trans Smart Grid 4(2):847–855CrossRef

32.

Kumar SA, Xu B (2017) Vulnerability assessment for security in aviation cyber-physical systems. In: 2017 IEEE 4th international conference on cyber security and cloud computing (CSCloud), IEEE, pp 145–150

33.

Saripalli P, Walters B (2010) Quirc: A quantitative impact and risk assessment framework for cloud security. In: 2010 IEEE 3rd international conference on cloud computing (CLOUD), IEEE, pp 280–288

34.

Hartmann, K, Steup, C (2013) The vulnerability of UAVS to cyber attacks-an approach to the risk assessment. In: 2013 5th international conference on cyber conflict (CyCon), IEEE, pp 1–23

35.

Gruss D, Maurice C, Mangard S (2016) Rowhammer. js: a remote software-induced fault attack in javascript. Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, pp 300–321

36.

Ma S, Hellerstein JL (2001) Mining partially periodic event patterns with unknown periods. In: 17th international conference on data engineering, 2001. Proceedings, IEEE, pp 205–214

37.

Li W (2013) Automatic log analysis using machine learning: awesome automatic log analysis version 2.0. Uppsala universitet

38.

Anthony R (2013) Detecting security incidents using windows workstation event logs. SANS Institute, InfoSec Reading Room Paper

39.

Mehdiyev N, Krumeich J, Enke D, Werth D, Loos P (2015) Determination of rule patterns in complex event processing using machine learning techniques. Proc Comput Sci 61:395–401CrossRef

40.

Clarke-Salt J (2009) SQL injection attacks and defense. Elsevier, Amsterdam

41.

OWASP T (2013) Top 10-2013. The ten most critical web application security risks

42.

Kindy DA, Pathan A-SK (2011) A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques. In: 2011 IEEE 15th international symposium on consumer electronics (ISCE), IEEE, pp 468–471

43.

Gavas E, Memon N, Britton D (2012) Winning cybersecurity one challenge at a time. IEEE Sec Privacy 10(4):75–79

44.

Halfond WG, Orso A (2005) Amnesia: analysis and monitoring for neutralizing SQL-injection attacks. In: Proceedings of the 20th IEEE/ACM international conference on automated software engineering, ACM, pp 174–183

45.

Holik F, Horalek J, Marik O, Neradova S, Zitta S (2014) Effective penetration testing with metasploit framework and methodologies. In: 2014 IEEE 15th international symposium on computational intelligence and informatics (CINTI), IEEE, pp 237–242

46.

dOtreppe, T (2013) Aircrack-ng

47.

Lyon GF (2009) Nmap network scanning: the official nmap project guide to network discovery and security scanning. Insecure, USA

48.

Garn B, Kapsalis I, Simos DE, Winkler S (2014) On the applicability of combinatorial testing to web application security testing: a case study. In: Proceedings of the 2014 workshop on joining academia and industry contributions to test automation and model-based testing, ACM, pp 16–21

49.

Damele B, Stampar M (2012) Sqlmap. http://sqlmap.org

50.

Chappell L, Combs G (2010) Wireshark network analysis: the official wireshark certified network analyst study guide. Chappell University, USA, Protocol Analysis Institute

51.

Webb EM, Boscolo CD, Gilde RG (2016) Network appliance for vulnerability assessment auditing over multiple networks. Google patents. US Patent App. 15/079,224

52.

Gleichauf R, Shanklin S, Waddell S, Ziese K (2001) System and method for rules-driven multi-phase network vulnerability assessment. Google patents. US Patent 6,324,656

53.

Bunker N, Laizerovich D, Bunker E, Van Schuyver J (2001) Network vulnerability assessment system and method. Google patents. US Patent App. 09/861,001

54.

Taylor P, Mewett S, Brass PC, Doty TR (2007) Vulnerability assessment and authentication of a computer by a local scanner. Google patents. US Patent 7,178,166

55.

Cooper G, Valente LFP, Pearcy DP, Richardson HA (2008) Policy-based vulnerability assessment. Google patents. US Patent 7,451,488

56.

Oberheide J, Song D, Goodman A (2016) System and method for assessing vulnerability of a mobile device. Google patents. US Patent 9,467,463

57.

Tyugu E (2011) Artificial intelligence in cyber defense. In: 3rd international conference on cyber conflict (ICCC), IEEE, pp 1–11

58.

Harel Y, Gal IB, Elovici Y (2017) Cyber security and the role of intelligent systems in addressing its challenges. ACM Trans Intell Syst Technol (TIST) 8(4):49

59.

Bareiss R (2014) Exemplar-based knowledge acquisition: a unified approach to concept representation, classification, and learning, vol 2. Academic Press, CambridgeMATH

60.

Saad K, Simon P (2016) Towards a multi-tiered knowledge-based system for autonomous cloud security auditing. AAAI

61.

Li T, Hankin C (2016) Effective defence against zero-day exploits using Bayesian networks. In: International conference on critical information infrastructures security, Springer

62.

Doupé A, Cova M, Vigna G (2010) Why johnny cant pentest: an analysis of black-box web vulnerability scanners. In: International conference on detection of intrusions and malware, and vulnerability assessment, Springer, pp 111–131

63.

Edkrantz M, Said A (2015) Predicting exploit likelihood for cyber vulnerabilities with machine learning. Unpublished Masters Thesis, Chalmers Unıversıty of Technology Department of Computer Science and Engineering, Gothenburg, Sweden

64.

Feng N, Wang HJ , Li M (2014) A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis. Inf Sci 256:57–73

65.

de Gusmão APH , e Silva LC, Silva MM, Poleto T, Costa APCS (2016) Information security risk analysis model using fuzzy decision theory. Int J Inf Manag 36(1):25–34

66.

Corral G, Armengol E, Fornells A, Golobardes E (2007) Data security analysis using unsupervised learning and explanations. Innovations in hybrid intelligent systems. Springer, Berlin, pp 112–119CrossRef

67.

Poolsappasit N, Dewri R, Ray I (2012) Dynamic security risk management using bayesian attack graphs. IEEE Trans Depend Sec Comput 9(1):61–74CrossRef

68.

Lo C-C, Chen W-J (2012) A hybrid information security risk assessment procedure considering interdependences between controls. Expert Syst Appl 39(1):247–257CrossRef

69.

Bozorgi M, Saul LK, Savage S, Voelker GM (2010) Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD international conference on knowledge discovery and data mining, ACM, pp 105–114

70.

Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N (2012) Gritzalis S (2012) Evaluation of anomaly-based ids for mobile devices using machine learning classifiers. Secur Commun Netw 5(1):3–14CrossRef

71.

Cepeda, J, Colomé, D, Castrillón N (2011) Dynamic vulnerability assessment due to transient instability based on data mining analysis for smart grid applications. In: IEEE PES conference on innovative smart grid technologies (ISGT latin America), IEEE, pp 1–7

72.

Uwagbole SO, Buchanan WJ, Fan L (2017) Applied machine learning predictive analytics to SQL injection attack detection and prevention, pp 1–4

73.

Ndibwile JD, Govardhan A, Okada K, Kadobayashi Y (2015) Web server protection against application layer ddos attacks using machine learning and traffic authentication. In: Computer software and applications conference (COMPSAC), 2015 IEEE 39th annual, vol 3, IEEE, pp 261–267

74.

Benjamin P (2010) System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning. Google patents. US Patent 7,784,099

75.

Titonis TH, Manohar-Alers NR, Wysopal CJ (2017) Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security. Google patents. US Patent 9,672,355

76.

Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (SP), IEEE, pp 305–316

77.

Huang L, Joseph AD, Nelson B, Rubinstein BI, Tygar J (2011) Adversarial machine learning. In: Proceedings of the 4th ACM workshop on security and artificial intelligence, ACM, pp 43–58

78.

Grieco G, Grinblat GL, Uzal L, Rawat S, Feist J, Mounier L (2016) Toward large-scale vulnerability discovery using machine learning. In: Proceedings of the sixth ACM conference on data and application security and privacy, ACM, pp 85–96

79.

Holm H, Sommestad T, Almroth J, Persson M (2011) A quantitative evaluation of vulnerability scanning. Inf Manag Comput Secur 19(4):231–247CrossRef

80.

Khan S, Parkinson S (2017) Towards automated vulnerability assessment

81.

Ghallab M, Nau D, Traverso P (2004) Automated planning: theory and practice. Elsevier, AmsterdamMATH

82.

McDermott D, Ghallab M, Howe A, Knoblock C, Ram A, Veloso M, Weld D, Wilkins D (1998) Pddl-the planning domain definition language

83.

Hoffmann J (2003) The metric-ff planning system: translating “ignoring delete lists” to numeric state variables. J Artif Intell Res 20:291–341

84.

Valenzano R.A, Sturtevant N, Schaeffer J, Buro K, Kishimoto A (2010) Simultaneously searching with multiple settings: an alternative to parameter tuning for suboptimal single-agent search algorithms. In: Third annual symposium on combinatorial search

85.

Amos-Binks A, Clark J, Weston K, Winters M, Harfoush K (2017) Efficient attack plan recognition using automated planning. In: 2017 IEEE symposium on computers and communications (ISCC), pp 1001–1006

86.

Singhal A, Ou X (2017) Security risk analysis of enterprise networks using probabilistic attack graphs. Network security metrics. Springer, Berlin, pp 53–73CrossRef

87.

Kotenko I, Doynikova E (2014) Security assessment of computer networks based on attack graphs and security events. In: Information and Communication Technology-EurAsia Conference, Springer, pp 462–471

88.

Boddy MS, Gohde J, Haigh T, Harp SA (2005) Course of action generation for cyber security using classical planning. In: ICAPS, pp 12–21

89.

Riabov A, Sohrabi S, Udrea O, Hassanzadeh O (2016) Efficient high quality plan exploration for network security. In: International scheduling and planning applications workshop (SPARK)

90.

Obes JL, Sarraute C, Richarte G (2013) Attack planning in the real world. arXiv preprint arXiv:1306.4044

91.

Shmaryahu D (2016) Constructing plan trees for simulated penetration testing. In: The 26th international conference on automated planning and scheduling, p 121

92.

Sarraute C, Buffet O, Hoffmann J (2013) Penetration testing== pomdp solving? arXiv preprint arXiv:1306.4714

93.

Sarraute C, Buffet O, Hoffmann J (2013) Pomdps make better hackers: accounting for uncertainty in penetration testing. arXiv preprint arXiv:1307.8182

94.

Hoffmann J (2015) Simulated penetration testing: from “dijkstra” to “turing test++”. In: ICAPS, pp 364–372

95.

Shah S, Mehtre BM (2015) An overview of vulnerability assessment and penetration testing techniques. J Comput Virol Hacking Tech 11(1):27–49CrossRef

96.

Sohrabi S, Udrea O, Riabov AV (2013) Hypothesis exploration for malware detection using planning. Edited By: Nicola Policella and Nilufer Onder, 29

97.

Sohrabi S, Riabov A, Udrea O, Hassanzadeh O (2016) Finding diverse high-quality plans for hypothesis generation. In: Proceedings of the 22nd European conference on artificial intelligence (ECAI)

98.

Sarraute C, Richarte G, Lucángeli Obes J (2011) An algorithm to find optimal attack paths in nondeterministic scenarios. In: Proceedings of the 4th ACM workshop on security and artificial intelligence, ACM, pp 71–80

99.

Shah M, Chrpa L, Jimoh F, Kitchin D, McCluskey T, Parkinson S, Vallati M (2013) Knowledge engineering tools in planning: state-of-the-art and future challenges. Knowl Eng Plan Sched 53

100.

Liao S-H (2005) Expert system methodologies and applicationsa decade review from 1995 to 2004. Expert Syst Appl 28(1):93–103

101.

Sharma T, Tiwari N, Kelkar D (2012) Study of difference between forward and backward reasoning. Int J Emerg Technol Adv Eng 2(10):271–273

102.

Al-Ajlan A (2015) The comparison between forward and backward chaining. Int J Mach Learn Comput 5(2):106CrossRef

103.

Uren V, Cimiano P, Iria J, Handschuh S, Vargas-Vera M, Motta E, Ciravegna F (2006) Semantic annotation for knowledge management: requirements and a survey of the state of the art. Web Semant Sci Serv agents World Wide Web 4(1):14–28CrossRef

104.

Holm H, Shahzad K, Buschle M, Ekstedt M (2015) P2cysemol: Predictive, probabilistic cyber security modeling language. IEEE Trans Depend Sec Comput 12(6):626–639CrossRef

105.

Holm H, Sommestad T, Ekstedt M, Nordstro ML (2013) Cysemol: a tool for cyber security analysis of enterprises. In: 22nd international conference and exhibition on electricity distribution (CIRED 2013), IET, pp 1–4

106.

X-z Chen, J-h Li (2007) A novel vulnerability assessment system based on oval. Minimicro Syst-Shenyang- 28(9):1554

107.

O’Reilly PD (2009) National vulnerability database (NVD)

108.

Chen X, Zheng Q, Guan X (2008) An oval-based active vulnerability assessment system for enterprise computer networks. Inf Syst Front 10(5):573–588CrossRef

109.

Wu B, Wang AJA (2011) Evmat: an oval and nvd based enterprise vulnerability modeling and assessment tool. In: Proceedings of the 49th annual southeast regional conference, ACM, pp 115–120

110.

Ou X, Govindavajhala S, Appel AW (2005) Mulval: a logic-based network security analyzer. In: USENIX security symposium, pp 8–8, Baltimore

111.

Jajodia S, Noel S, OBerry B (2005) Topological analysis of network attack vulnerability. Managing cyber threats. Springer, Berlin, pp 247–266

112.

Lippmann R, Scott C, Kratkiewicz K, Artz M, Ingols KW (2007) Network security planning architecture. Google patents. US Patent 7,194,769

113.

Klir G, Yuan B (1998) Fuzzy sets and fuzzy logic, vol 4. Prentice Hall, New JerseyMATH

114.

Aleksić A, Stefanović M, Tadić D, Arsovski S (2014) A fuzzy model for assessment of organization vulnerability. Measurement 51:214–223

115.

Fox K, Henning R, Farrell J, Miller C (2007) System and method for assessing the security posture of a network and having a graphical user interface. Google patents. CA Patent 2,396,988. https://www.google.ch/patents/CA2396988C?cl=en

116.

Szwed P, Skrzyński P (2014) A new lightweight method for security risk assessment based on fuzzy cognitive maps. Int J Appl Math Comput Sci 24(1):213–225

117.

Shahriar H, Haddad H (2014) Risk assessment of code injection vulnerabilities using fuzzy logic-based system. In: Proceedings of the 29th annual ACM symposium on applied computing, ACM, pp 1164–1170

118.

Yao Y, Ma X, Liu H, Yi J, Zhao X, Liu L (2014) A semantic knowledge base construction method for information security. In: 2014 IEEE 13th international conference on trust, security and privacy in computing and communications (TrustCom), IEEE, pp 803–808

119.

Singhal A, Wijesekera D (2010) Ontologies for modeling enterprise level security metrics. In: Proceedings of the sixth annual workshop on cyber security and information intelligence research, ACM, p 58

120.

Wang JA, Guo M (2009) Security data mining in an ontology for vulnerability management. In: International joint conference on bioinformatics, systems biology and intelligent computing, 2009. IJCBS’09. IEEE, New York, pp 597–603

121.

Khazai B, Kunz-Plapp T, Büscher C, Wegner A (2014) Vuwiki: an ontology-based semantic wiki for vulnerability assessments. Int J Disaster Risk Sci 5(1):55–73CrossRef

122.

Wang JA, Guo M (2009) OVM: an ontology for vulnerability management. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and strategies, ACM, p 34

123.

Dietterich T (1995) Overfitting and undercomputing in machine learning. ACM Comput Surv (CSUR) 27(3):326–327CrossRef

124.

Bengio Y, Grandvalet Y (2004) No unbiased estimator of the variance of k-fold cross-validation. J Mach Learn Res 5:1089–1105MathSciNetMATH

125.

Domingos P (2012) A few useful things to know about machine learning. Commun ACM 55(10):78–87

126.

Bishop CM (2006) Pattern recognition and machine learning. Springer, Berlin

127.

Li A, Shan S, Gao W (2012) Coupled bias-variance tradeoff for cross-pose face recognition. IEEE Trans Image Process 21(1):305–315

128.

Srivastava N, Hinton GE, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(1):1929–1958MathSciNetMATH

129.

Le QV (2013) Building high-level features using large scale unsupervised learning. In: 2013 IEEE international conference on acoustics, speech and signal processing (ICASSP), IEEE, pp 8595–8598

130.

Angelov P (2012) Autonomous learning systems: from data streams to knowledge in real-time. Wiley, New JerseyCrossRef

131.

Zhuo HH (2015) Crowdsourced action-model acquisition for planning. In: AAAI, pp 3439–3446

132.

Long K, Radhakrishnan J, Shah R, Ram A (2009) Learning from human demonstrations for real-time case-based planning

133.

Khan S, Parkinson S (2017) Causal connections mining within security event logs. In: The 9th international conference on knowledge capture, ACM

134.

Zhu Y, Fathi A, Fei-Fei L (2014) Reasoning about object affordances in a knowledge base representation. In: European conference on computer vision, pp 408–424, Springer

135.

Neelakantan A, Roth B, McCallum A (2015) Compositional vector space models for knowledge base inference. In: 2015 AAAI spring symposium series

Title: Review into State of the Art of Vulnerability Assessment using Artificial Intelligence
Authors: Saad Khan
Simon Parkinson
Publisher: Springer International Publishing
Book: Guide to Vulnerability Analysis for Computer Networks and Systems
Print ISBN: 978-3-319-92623-0

Electronic ISBN: 978-3-319-92624-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-92624-7_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner