ScholarWorks@중앙대학교

초록

Critical infrastructure systems characterized by complex interdependencies face significant challenges in vulnerability management due to cascading risk propagation through interconnected components. Traditional approaches that individually prioritize vulnerabilities inefficiently manage these dependency structures, leading to suboptimal security outcomes. This paper introduces an adaptive dependency-aware patching technique (ADAPT), a dynamic vulnerability and patch management framework that integrates formal dependency modeling with reinforcement learning to optimize patching strategies for critical interconnected systems. The proposed approach employs a mathematical formulation to capture direct and transitive dependencies via reachability matrices, enabling precise quantification of cascading risk propagation. The framework dynamically adapts patching decisions under resource constraints using proximal policy optimization within a constrained Markov decision process formulation. Comprehensive evaluation across 954 system configurations and six baseline strategies demonstrates consistent performance improvements, with 5.5% advantage over state-of-the-art NSGA-II multi-objective optimization while achieving 1513× computational speedup. Optimality gap analysis reveals 4.33% average deviation from theoretical bounds, validating the framework’s near-optimal solution quality. A critical infrastructure case study confirms practical applicability, with ADAPT achieving 89.7% risk reduction compared to 86.4% for sophisticated baseline methods, while enabling real-time decision-making through sub-second computation times. The results demonstrate superior performance under high dependency density and resource constraints, highlighting the framework’s suitability for environments where cascading failures pose operational threats.

키워드