Cyber security research is about protecting our systems against digital threats, like ransomware. By identifying system vulnerabilities, you can prevent this type of threat. But – there are gaps in vulnerability analysis and management. Yuning Jiang, PhD Student at the University of Skövde, has studied how machine learning techniques and semantic models can be used to proactively detect and analyse vulnerabilities.
Digital threats, like ransomware, are common. A successful cyber attack may result in loss of critical information like bank account credentials, or interruption in the production processes. Current cybersecurity research deals with preventing such threats, by identifying related vulnerabilities like having default password settings in the system. Understanding and measuring vulnerability properties of critical infrastructures (CIs) are challenging yet necessary to maintain the normalcy of our daily life.
Previous studies indicate that there are gaps in current vulnerability management, induced by ad-hoc and subjective auditing processes across CIs. The imprecise nature of manual vulnerability assessment operations, and the massive volume of data, causes an unbearable burden for security analysts. Meanwhile, CIs, such as power grids, are very complex cyber-physical and socio-technical systems that make it challenging for cybersecurity experts to decide whether these systems need to be upgraded, and which components to upgrade most urgently. This trend is developing towards an increasingly critical, global need to improve and expand the ability to make vulnerability assessments using different tools.
Shall prevent vulnerabilities from becoming threats
Yuning Jiang's research has focused on CI network security, in terms of vulnerability assessment, to prevent vulnerabilities from developing into serious threats. Her thesis includes several studies in the CI sectors of energy and critical manufacturing, which demonstrate the benefits of applying artificial intelligence tools such as machine learning (ML) techniques and semantic models.
“These findings inspired me to develop an approach that can combine such techniques with human intelligence to proactively detect and analyse vulnerabilities. It can provide security analysts with insights, on which component is most vulnerable and most critical, enabling them to make informed decisions.”
In her thesis, Yuning Jiang proposes approaches that bridge the knowledge gaps between different security functions, such as vulnerability management and report analysis, to correlate vulnerability findings and coordinate mitigation responses in complex CIs. For example, Yuning Jiang delivers semantic modeling to describe complex cyber-physical systems and then automate the collection of vulnerabilities and link them to the right components. Additionally, the thesis provides an ML strategy that self-adapts to the best learning models for specific cybersecurity analysis tasks.
Benefits businesses and cybersecurity stakeholders
The research also contributes to the knowledge of how to perform vulnerability analysis of complex CIs with the support of open data on vulnerabilities, available in various archives and databases. The results can help cybersecurity stakeholders to increase their understanding of vulnerability properties and critical infrastructure dependencies, in order to gain a more complete picture of the security status of their systems. They can also help forecast vulnerability trends in CI environments by using ML tools to identify patterns. For example, the proposed cybersecurity coordination system can help companies asses the severity of various vulnerabilities and decide which vulnerabilities to patch first.
Yuning Jiang defends her thesis "Vulnerability analysis for critical infrastructures" at the University of Skövde on Monday, September 5.