HYBRID MODEL OF RISK FORECASTING AND MONITORING USING ML AND EXPERT RULES

Abstract

The rapid spread of DevOps and MLOps practices, the intensive use of generative AI, and the growing complexity of software ecosystems are radically changing the nature of risks in the software lifecycle. Traditional methods of risk management, based on static assessments or manual analysis, turn out to be insufficient to work in a dynamic environment, where risks arise simultaneously at the level of code, architecture, CI/CD processes, data and human factors. This paper proposes a hybrid model of risk forecasting and monitoring, which combines machine learning algorithms, historical project data, signals from CI/CD pipelines, and expert rules for the formation of an adaptive risk profile. The model functions as a continuous loop encompassing risk identification, assessment, forecasting, response, and monitoring, providing a continuous update of the threat profile in near real-time. The proposed solution is implemented in the form of a three-module architecture, which includes data collection and preparation, ensemble risk forecasting using gradient boosting and random forest models, as well as a fuzzy logic system for contextual forecast adjustment. Experimental verification based on more than 50 real-world projects demonstrated high forecasting accuracy and the model's ability to identify peak risk points in a timely manner. The Risk Dynamics Heatmap confirmed its effectiveness in tracking changes in key categories, including build stability, vulnerabilities, code defects, and service performance. The results of the study showed that the combination of machine learning with expert knowledge significantly increases the accuracy, adaptability and explainability of solutions, creating the basis for the implementation of intelligent risk management systems in complex development environments. The results obtained can be used to automate the quality management of IT products, increase the resilience of DevSecOps processes, and support strategic decision-making at the organizational level.