AI-Driven Vulnerability Prioritization for Enterprise Networks: A Quantitative Study Using Attack-Graph Models

Authors

  • Istiaq Ahmed M.S. in Information Technology, Southern New Hampshire University, New Hampshire, USA Author
  • Tanjina Binte Sohrab M.S.in Information Systems Technology, Wilmington University, New Castle, Delaware, USA Author

DOI:

https://doi.org/10.63125/s6qn2t38

Keywords:

AI-Driven Vulnerability Prioritization, Attack Graph Modeling, Machine Learning Cybersecurity, Enterprise Network Security, Risk-Based Vulnerability Assessment

Abstract

This study examined the effectiveness of AI-driven vulnerability prioritization in enterprise networks through the integration of attack-graph models and machine learning techniques. Traditional vulnerability assessment approaches, which rely primarily on static severity scoring systems, often fail to capture the contextual and structural complexity of modern cyber threats. To address this limitation, a quantitative, cross-sectional research design was employed using a dataset of 2,450 vulnerability instances mapped within enterprise network attack graphs. The study incorporated graph-derived features such as node centrality, path frequency, and asset criticality alongside conventional vulnerability attributes to develop predictive prioritization models. The findings demonstrated that AI-driven models significantly outperformed traditional methods across all evaluation metrics. The average classification accuracy of AI-based models reached 0.87 compared to 0.71 for baseline approaches, while precision improved from 0.68 to 0.85 and recall increased from 0.64 to 0.83. The area under the receiver operating characteristic curve (AUC) also showed a substantial improvement, rising from 0.74 in traditional models to 0.91 in AI-enhanced models, indicating superior discrimination capability. Subgroup analysis further revealed that vulnerabilities associated with high-centrality nodes achieved the highest predictive performance, with accuracy values reaching 0.91, while those in low-centrality nodes showed reduced performance at 0.78. Statistical analysis confirmed that these improvements were significant, with p-values below 0.05 and large effect sizes across all key metrics. The results highlighted the importance of incorporating network topology and contextual risk factors into vulnerability prioritization frameworks. By leveraging attack-graph structures and machine learning, the proposed approach provided a more accurate, scalable, and context-aware method for identifying high-risk vulnerabilities. These findings demonstrated that AI-driven prioritization can significantly enhance enterprise cybersecurity decision-making by improving risk prediction and optimizing resource allocation in complex network environments.

Downloads

Published

2023-12-11

Issue

Vol. 3 No. 04 (2023): (December 2023): Sustainable and Renewable Energy Engineering

Section

Articles

How to Cite

Istiaq Ahmed, & Tanjina Binte Sohrab. (2023). AI-Driven Vulnerability Prioritization for Enterprise Networks: A Quantitative Study Using Attack-Graph Models. American Journal of Advanced Technology and Engineering Solutions, 3(04), 129-166. https://doi.org/10.63125/s6qn2t38
Crossref
Scopus
Google Scholar
Europe PMC

Cited By: