Paper ID: 2202.07466

Perspectives on risk prioritization of data center vulnerabilities using rank aggregation and multi-objective optimization

Bruno Grisci, Gabriela Kuhn, Felipe Colombelli, Vítor Matter, Leomar Lima, Karine Heinen, Mauricio Pegoraro, Marcio Borges, Sandro Rigo, Jorge Barbosa, Rodrigo da Rosa Righi, Cristiano André da Costa, Gabriel de Oliveira Ramos

Nowadays, data has become an invaluable asset to entities and companies, and keeping it secure represents a major challenge. Data centers are responsible for storing data provided by software applications. Nevertheless, the number of vulnerabilities has been increasing every day. Managing such vulnerabilities is essential for building a reliable and secure network environment. Releasing patches to fix security flaws in software is a common practice to handle these vulnerabilities. However, prioritization becomes crucial for organizations with an increasing number of vulnerabilities since time and resources to fix them are usually limited. This review intends to present a survey of vulnerability ranking techniques and promote a discussion on how multi-objective optimization could benefit the management of vulnerabilities risk prioritization. The state-of-the-art approaches for risk prioritization were reviewed, intending to develop an effective model for ranking vulnerabilities in data centers. The main contribution of this work is to point out multi-objective optimization as a not commonly explored but promising strategy to prioritize vulnerabilities, enabling better time management and increasing security.

Submitted: Feb 12, 2022