Intelligent Dynamic Cybersecurity Risk Management Framework with Explainability and Interpretability of AI models for Enhancing Security and Resilience of Digital Infrastructure

The sophistication of cyberattacks has significantly increased, making it almost certain that organizations can be victims of cyberattacks at any time. Managing cybersecurity risk is critical for any organization so that informed decisions can be made to tackle risks before they materialize. Cybersecurity risk management is context-specific and heavily relies on the specific organization’s context. However, performing effective risk management is always challenging due to the constant changes in organizational infrastructure and security posture, including the adoption of new applications and the reconfiguration or updating of existing assets and their dependencies, as well as the potential exploitation of vulnerabilities. Despite the wider adoption of AI enabled cybersecurity risk management, there is a lack of focus on the integration of these systems along with the dynamic elements of the risk management. In this context, this research proposes a novel dynamic Cyber Security Risk Management (d-CSRM)) framework to tackle this challenge by integrating dynamic parameters such as vulnerability exploitation and assets dependencies for assessing and managing the risk. The framework consists of a systemic process and makes use of a hybrid AI-enabled model that combines both linear regression and deep learning, to prioritize the vulnerabilities. Additionally, d-CSRM integrates the explainability and interpretability characteristics of the AI model for explaining model decision making and the inner working parameters. This allows the extraction of the key features that are linked with the risk and informed decision making to tackle the risks. An experiment was performed to prioritize the vulnerabilities from the widely used CVEjoin dataset using the proposed hybrid model to quantify the dynamic risk with explainability. The results show that the hybrid model effectively identifies and prioritizes the most critical vulnerabilities using the selected key features such as exploit type, exploit platform and impact that can further enhance the dynamic risk assessment.