Utilization of Machine Learning in an Automated Framework for Evaluation and Management of Information Security Risk

During the internship in collaboration with RootCellar Technologies, research will be conducted towards the design of an adaptive machine-learning solution and its integration with the existing RootCellar framework for automated evaluation and management of information security risk in small and medium size enterprise networks. The existing framework is very advanced in terms of end-point risk monitoring as well as its compliance with the NIST CVSS System. However, the part of the framework that deals with the final aggregation and ranking of individual risk-scores is suboptimal in its design and does not allow for an easy integration of feedback/expertise provided by the end-user. The objective of this research is to make the existing framework: 1) network adaptive: by arriving at the most optimal risk-score aggregation/ranking model for each particular network, and 2) time adaptive: by allowing that the risk-score aggregation/ranking model of each network be easily updated as new data becomes available. These improvements would result in a significant enhancement of the company’s present-day product. TO BE CONT'D

Pooria Madani
Faculty Supervisor: 
Natalija Vlajic
Partner University: