Review into State of the Art of Vulnerability Assessment using Artificial Intelligence

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review


Vulnerability assessment is the essential and well-established process of probing security flaws, weaknesses and inadequacies in a computing infrastructure. The process helps organisations to eliminate security issues before attackers can exploit them for monetary gains or other malicious purposes. The significant advancements in desktop, Web and mobile computing technologies have widened the range of security-related complications. It has become an increasingly crucial challenge for security analysts to devise comprehensive security evaluation and mitigation tools that can protect the business-critical operations. Researchers have proposed a variety of methods for vulnerability assessment, which can be broadly categorised into manual, assistive and fully automated. Manual vulnerability assessment is performed by a human expert, based on a specific set of instructions that are aimed at finding the security vulnerability. This method requires a large amount of time, effort and resources, and it is heavily reliant on expert knowledge, something that is widely attributed to being in short supply. The assistive vulnerability assessment is conducted with the help of scanning tools or frameworks that are usually up-to-date and look for the most relevant security weakness. However, the lack of flexibility, compatibility and regular maintenance of tools, as they contain static knowledge, renders them outdated and does not provide the beneficial information (in terms of depth and scope of tests) about the state of security. Fully automated vulnerability assessment leverages artificial intelligence techniques to produce expert-like decisions without human assistance and is by far considered as the most desirable (due to time and financial reduction for the end-user) method of evaluating a systems’ security. Although being highly desirable, such techniques require additional research in improving automated knowledge acquisition, representation and learning mechanisms. Further research is also needed to develop automated vulnerability mitigation techniques that are capable of actually securing the computing platform. The volume of research being performed into the use of artificial intelligence techniques in vulnerability assessment is increasing, and there is a need to provide a survey into the state of the art.
Original languageEnglish
Title of host publicationGuide to Vulnerability Analysis for Computer Networks and Systems
Subtitle of host publicationAn Artificial Intelligence Approach
EditorsSimon Parkinson, Andrew Crampton, Richard Hill
Place of PublicationCham
PublisherSpringer, Cham
Number of pages30
ISBN (Electronic)9783319926247
ISBN (Print)9783319926230
Publication statusPublished - 9 Oct 2018

Publication series

NameComputer Communications and Networks
ISSN (Print)1617-7975
ISSN (Electronic)2197-8433


Dive into the research topics of 'Review into State of the Art of Vulnerability Assessment using Artificial Intelligence'. Together they form a unique fingerprint.

Cite this