Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Enhancing Vulnerability Management in Large Organisations through Machine Learning - Based Prioritisation: A Case Study
University West, Department of Health Sciences.
2023 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

The number of vulnerabilities is increasing daily, and organisations are flooded by vulnerabilities in their IT environment. The increasing number of vulnerabilities in organisations' IT environments presents a significant challenge, requiring effective identification and prioritisation of critical vulnerabilities. Different techniques exist to this date, such as CVSS scoring or Risk-based scoring from solution providers to perform prioritisation of vulnerabilities. However, large industries with extensive assets often face difficulty in managing and fixing a large pool of vulnerabilities, as traditional techniques tend to classify numerous vulnerabilities as high or critical. This study proposes a machine learning model based on the K-means++clustering technique that leverages vulnerability data and asset financial value assessments to find patterns within vulnerability and group the most critical vulnerabilities. Our study successfully determined a group of the most critical vulnerabilities from a sample dataset of vulnerabilities from one of the large organisations. By considering the financial value of assets, our solution demonstrates a more accurate prioritisation, enabling organisations to allocate resources effectively and address the most critical vulnerabilities first. This study enhances vulnerability management practices in large organisations and serves as a foundation for further research and development in vulnerability prioritisation using machine learning techniques

Place, publisher, year, edition, pages
2023. , p. 38
Keywords [en]
Vulnerability Prioritisation, Machine learning, Vulnerability Management, CVSS, Risk-based prioritisation
National Category
Embedded Systems
Identifiers
URN: urn:nbn:se:hv:diva-20794Local ID: EXD600OAI: oai:DiVA.org:hv-20794DiVA, id: diva2:1798788
Subject / course
Computer engineering
Educational program
Master in Cybersecurity
Supervisors
Examiners
Available from: 2023-10-04 Created: 2023-09-20 Last updated: 2023-10-04Bibliographically approved

Open Access in DiVA

No full text in DiVA

By organisation
Department of Health Sciences
Embedded Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 160 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf