A hybrid approach combining Bayesian networks and logistic regression for enhancing risk assessment.

This study enhances cybersecurity risk assessment by integrating Bayesian Networks (BN) and Logistic Regression (LR) models, using data from the CISA Known Exploited Vulnerabilities catalog. First, a probabilistic causal model is built as a BN to capture complex interdependencies among vulnerability characteristics such as CVSS score, exploit complexity, and attack vector. Conditional probabilities of exploitation are calculated, providing a nuanced, evidence-based understanding of each factor's contribution to risk. Second, these posterior probabilities serve as input features for an LR classifier, combining the BN's dependency structure with LR's discriminative power to predict vulnerability risk levels. Parameter estimation employs maximum likelihood methods, supplemented by expert knowledge where data are sparse. When applied to 775 vulnerability records, the BN-LR hybrid achieves an accuracy rate of 97% and a ROC-AUC of 0.1 on the held-out test set, outperforming both standalone BN (accuracy 86.7%, AUC 0.89) and standalone LR (accuracy 88.1%, AUC 0.90). Sensitivity analysis further highlights that CVSS score and exploit complexity carry the greatest influence on risk predictions. By quantifying both causal relationships and classification boundaries, the integrated model not only improves predictive performance but also offers clear insights into which attributes most strongly drive potential exploits. This practical tool thus enables security teams to prioritize remediation efforts effectively, strengthening organizational vulnerability management and overall security posture.