Towards Deep Learning Enabled Cybersecurity Risk Assessment for Microservice Architectures
Majid Abdulsatar, Hussain Ahmad, Diksha Goel, Faheem Ullah
TL;DR
This work proposes CyberWise Predictor, a framework designed for predicting and assessing security risks associated with microservice architectures that employs transformers, which are deep learning-based natural language processing models, to analyze descriptions of vulnerabilities for predicting vulnerability metrics to assess security risks.
Abstract
The widespread adoption of microservice architectures has given rise to a new set of software security challenges. These challenges stem from the unique features inherent in microservices. It is important to systematically assess and address software security challenges such as software security risk assessment. However, existing approaches prove inefficient in accurately evaluating the security risks associated with microservice architectures. To address this issue, we propose CyberWise Predictor, a framework designed for predicting and assessing security risks associated with microservice architectures. Our framework employs deep learning-based natural language processing models to analyze vulnerability descriptions for predicting vulnerability metrics to assess security risks. Our experimental evaluation shows the effectiveness of CyberWise Predictor, achieving an average accuracy of 92% in automatically predicting vulnerability metrics for new vulnerabilities. Our framework and findings serve as a guide for software developers to identify and mitigate security risks in microservice architectures.