UNCERTAINTY-PARAMETERIZED ADAPTIVE ISOLATION FOR CRITICAL INFRASTRUCTURE VULNERABILITY MANAGEMENT: THE GUARDIAN FRAMEWORK

Abstract

Critical infrastructure organizations are faced with temporal impossibilities in the management of their vulnerabilities because more than 50 hours are needed to coordinate security teams, system administrators, compliance staff, and vendors to assess and respond to a single vulnerability, while attackers exploit available vulnerabilities within 24 hours. This challenge is compounded by patch validation processes in regulated industries where standards like NERC CIP-007-6 require up to 70 calendar days for evaluation and remediation. Even with the application of machine learning to vulnerability prediction, the challenge persists since accuracy levels remain constant at about 70% independent of the architecture of the algorithm. This ceiling is imposed by the inadequacy of information in standardized vulnerability data and not by model limitations.This study presents the Graduated Uncertainty-Aware Risk Decision and Isolation Architecture for Networks (GUARDIAN) framework, which converts the structural uncertainty of machine learning models into a governing parameter for automated graduated protective actions. The framework measures ensemble disagreement using the Jensen-Shannon Divergence (JSD) and converts the resulting uncertainty signal to adjustable parameters that dictate isolation stringency and isolation duration, which allows protection mechanisms to run at machine speed without the bottlenecks of human coordination. The analysis covered 279,056 common vulnerabilities and exposures from the national vulnerability database, evaluated across six architecturally different models using data from January 2002 to December 2024. From the analysis it emerged that the models' balanced accuracy fell within a range of 47.5% to 69.3% and a temporal stability analysis showed less than 1 percent coefficient of variation. Temperature-scaled calibration reduced the expected calibration error to 0.023. In addition, Spearman correlation analysis proved that ensemble disagreement is a strong predictor of accuracy degradation, at ρ = −0.92, p < 0.001. The research also established that monotonic relations exist between calibrated uncertainty and the rates of exploitation and durations of protection, and these relations formed the empirical support of the graduated threshold functions in the GUARDIAN framework. The simulation testing of 6,000 attack scenarios on a water utility infrastructure testbed showed between 56 and 94 percent risk reduction depending on the isolation level that was applied. The multi-signal integration strategy showed 92 percent of rollbacks were properly executed with only 1.6 percent being premature. In a field validation using 15 practitioners at a regional healthcare facility, 80 percent said they would advocate for adopting the framework, whereas 60 percent said they would not trust complete automation mode. This showed that operational deployment would need to go through staged advancement from advisory mode to graduated automation. The study also showed that overcoming the temporal impossibility gap does not require perfect prediction, but rather an effective use of model uncertainty.