Multi-objective prioritization for data center vulnerability remediation

Nowadays, one of the most relevant challenges of a data center is to keep its information secure. To avoid data leaks and other security problems, data centers have to manage vulnerabilities, including determining the higher-risk vulnerabilities to prioritize. However, the current literature is scarce in the proposal of intelligent methods for the complex problem of vulnerabilities prioritization. Depending on the adopted metrics, the priority could shift, compromising simple sorting-based approaches and impairing the utilization of conflicting risk assessment metrics. Unlike the related work, this study proposes a multi-objective method that uses user-chosen vulnerabilities assessment metrics to output a complete list of these vulnerabilities ranked by their risk and overall impact in the context of an organization. The method includes a multi-objective large-scale optimization problem representation, a novel population initialization scheme, an expressive fitness function, a post-optimization process, and a custom way to select the best solution among the non-dominated ones. The dataset used in the experiments contains anonymized real-world information about database vulnerabilities obtained from a private organization. The experiments' results indicated that the proposed method can reduce the number of vulnerabilities needed to reach an organization's predefined security targets compared to the baselines simulating a security team's analysis. Multi-objective optimization achieved on average a 48,17% reduction in the vulnerabilities needed to reach the organization's target values compared to the baselines. (AU)