Review into State of the Art of Vulnerability Assessment using Artificial Intelligence

Abstract

Vulnerability assessment is the essential and well established process of probing security flaws, weaknesses and inadequacies in a computing infrastructure. The process helps organisations to eliminate security issues before attackers can ex- ploit them for monetary gains or other malicious purposes. The significant advance- ments in desktop, web and mobile computing technologies have widened the range of security-related complications. It has become an increasingly crucial challenge for security analysts to devise comprehensive security evaluation and mitigation tools that can protect the business critical operations. Researchers have proposed a variety of methods for vulnerability assessment, which can be broadly categorised into manual, assistive and fully-automated. Manual vulnerability assessment is per- formed by a human expert, based on a specific set of instructions that are aimed at finding the security vulnerability. This method requires a large amount of time, effort and resources, and it is heavily reliant on expert knowledge, something that is widely attributed to being in short supply. The assistive vulnerability assessment is conducted with the help of scanning tools or frameworks that are usually up-to-date and look for the most relevant security weakness. However the lack of flexibility, compatibility and regular maintenance of tools, as they contain static knowledge, renders them outdated and do not provide the beneficial information (in terms of depth and scope of tests) about the state of security. Fully automated vulnerability assessment leverage artificial intelligence techniques to produce expert-like deci- sions without human assistance, and is by far considered as the most desirable (due to time and financial reduction for the end-user) method of evaluating a systems’ security. Although being highly desirable, such techniques requires additional re- search in improving automated knowledge acquisition, representation and learning mechanisms. Further research is also needed to develop automated vulnerability mitigation techniques that are capable of actually securing the computing platform. The volume of research being performed into the use of artificial intelligence tech- niques in vulnerability assessment is increasing and there is a need to provide a survey into state-of-the-art.