Patch before exploited: An approach to identify targeted software vulnerabilities

Mohammed Almukaynizi, Eric Nunes, Krishna Dharaiya, Manoj Senguttuvan, Jana Shakarian, Paulo Shakarian

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of these vulnerabilities are exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this chapter, an exploit prediction model is presented, which predicts whether a vulnerability will likely be exploited. Our proposed model leverages data from a variety of online data sources (white hat community, vulnerability research community, and dark web/deep web (DW) websites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score) and a benchmark model that leverages Twitter data in exploit prediction, our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high true positive rate and low false positive rate (90%, 13%, respectively), making it highly effective as an early predictor of exploits that could appear in the wild. A qualitative and a quantitative study are also conducted to investigate whether the likelihood of exploitation increases if a vulnerability is mentioned in each of the examined data sources. The proposed model is proven to be much more robust than adversarial examples—postings authored by adversaries in the attempt to induce the model to produce incorrect predictions. A discussion on the viability of the model is provided, showing cases where the classifier achieves high performance, and other cases where the classifier performs less efficiently.

LanguageEnglish (US)
Title of host publicationIntelligent Systems Reference Library
PublisherSpringer Science and Business Media Deutschland GmbH
Pages81-113
Number of pages33
DOIs
StatePublished - Jan 1 2019

Publication series

NameIntelligent Systems Reference Library
Volume151
ISSN (Print)1868-4394
ISSN (Electronic)1868-4408

Fingerprint

vulnerability
World Wide Web
Classifiers
software
Vulnerability
Software
twitter
community
website
Websites
exploitation
minority
resources
performance
Data sources
Classifier
Leverage
Prediction model

ASJC Scopus subject areas

  • Computer Science(all)
  • Information Systems and Management
  • Library and Information Sciences

Cite this

Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., & Shakarian, P. (2019). Patch before exploited: An approach to identify targeted software vulnerabilities. In Intelligent Systems Reference Library (pp. 81-113). (Intelligent Systems Reference Library; Vol. 151). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-319-98842-9_4

Patch before exploited : An approach to identify targeted software vulnerabilities. / Almukaynizi, Mohammed; Nunes, Eric; Dharaiya, Krishna; Senguttuvan, Manoj; Shakarian, Jana; Shakarian, Paulo.

Intelligent Systems Reference Library. Springer Science and Business Media Deutschland GmbH, 2019. p. 81-113 (Intelligent Systems Reference Library; Vol. 151).

Research output: Chapter in Book/Report/Conference proceedingChapter

Almukaynizi, M, Nunes, E, Dharaiya, K, Senguttuvan, M, Shakarian, J & Shakarian, P 2019, Patch before exploited: An approach to identify targeted software vulnerabilities. in Intelligent Systems Reference Library. Intelligent Systems Reference Library, vol. 151, Springer Science and Business Media Deutschland GmbH, pp. 81-113. https://doi.org/10.1007/978-3-319-98842-9_4
Almukaynizi M, Nunes E, Dharaiya K, Senguttuvan M, Shakarian J, Shakarian P. Patch before exploited: An approach to identify targeted software vulnerabilities. In Intelligent Systems Reference Library. Springer Science and Business Media Deutschland GmbH. 2019. p. 81-113. (Intelligent Systems Reference Library). https://doi.org/10.1007/978-3-319-98842-9_4
Almukaynizi, Mohammed ; Nunes, Eric ; Dharaiya, Krishna ; Senguttuvan, Manoj ; Shakarian, Jana ; Shakarian, Paulo. / Patch before exploited : An approach to identify targeted software vulnerabilities. Intelligent Systems Reference Library. Springer Science and Business Media Deutschland GmbH, 2019. pp. 81-113 (Intelligent Systems Reference Library).
@inbook{d077ad48ed9e417997d1467c3774289f,
title = "Patch before exploited: An approach to identify targeted software vulnerabilities",
abstract = "The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of these vulnerabilities are exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this chapter, an exploit prediction model is presented, which predicts whether a vulnerability will likely be exploited. Our proposed model leverages data from a variety of online data sources (white hat community, vulnerability research community, and dark web/deep web (DW) websites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score) and a benchmark model that leverages Twitter data in exploit prediction, our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266{\%} improvement over CVSS base score) and also achieves high true positive rate and low false positive rate (90{\%}, 13{\%}, respectively), making it highly effective as an early predictor of exploits that could appear in the wild. A qualitative and a quantitative study are also conducted to investigate whether the likelihood of exploitation increases if a vulnerability is mentioned in each of the examined data sources. The proposed model is proven to be much more robust than adversarial examples—postings authored by adversaries in the attempt to induce the model to produce incorrect predictions. A discussion on the viability of the model is provided, showing cases where the classifier achieves high performance, and other cases where the classifier performs less efficiently.",
author = "Mohammed Almukaynizi and Eric Nunes and Krishna Dharaiya and Manoj Senguttuvan and Jana Shakarian and Paulo Shakarian",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-319-98842-9_4",
language = "English (US)",
series = "Intelligent Systems Reference Library",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "81--113",
booktitle = "Intelligent Systems Reference Library",
address = "Germany",

}

TY - CHAP

T1 - Patch before exploited

T2 - An approach to identify targeted software vulnerabilities

AU - Almukaynizi, Mohammed

AU - Nunes, Eric

AU - Dharaiya, Krishna

AU - Senguttuvan, Manoj

AU - Shakarian, Jana

AU - Shakarian, Paulo

PY - 2019/1/1

Y1 - 2019/1/1

N2 - The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of these vulnerabilities are exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this chapter, an exploit prediction model is presented, which predicts whether a vulnerability will likely be exploited. Our proposed model leverages data from a variety of online data sources (white hat community, vulnerability research community, and dark web/deep web (DW) websites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score) and a benchmark model that leverages Twitter data in exploit prediction, our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high true positive rate and low false positive rate (90%, 13%, respectively), making it highly effective as an early predictor of exploits that could appear in the wild. A qualitative and a quantitative study are also conducted to investigate whether the likelihood of exploitation increases if a vulnerability is mentioned in each of the examined data sources. The proposed model is proven to be much more robust than adversarial examples—postings authored by adversaries in the attempt to induce the model to produce incorrect predictions. A discussion on the viability of the model is provided, showing cases where the classifier achieves high performance, and other cases where the classifier performs less efficiently.

AB - The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of these vulnerabilities are exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this chapter, an exploit prediction model is presented, which predicts whether a vulnerability will likely be exploited. Our proposed model leverages data from a variety of online data sources (white hat community, vulnerability research community, and dark web/deep web (DW) websites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score) and a benchmark model that leverages Twitter data in exploit prediction, our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high true positive rate and low false positive rate (90%, 13%, respectively), making it highly effective as an early predictor of exploits that could appear in the wild. A qualitative and a quantitative study are also conducted to investigate whether the likelihood of exploitation increases if a vulnerability is mentioned in each of the examined data sources. The proposed model is proven to be much more robust than adversarial examples—postings authored by adversaries in the attempt to induce the model to produce incorrect predictions. A discussion on the viability of the model is provided, showing cases where the classifier achieves high performance, and other cases where the classifier performs less efficiently.

UR - http://www.scopus.com/inward/record.url?scp=85053673724&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85053673724&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98842-9_4

DO - 10.1007/978-3-319-98842-9_4

M3 - Chapter

T3 - Intelligent Systems Reference Library

SP - 81

EP - 113

BT - Intelligent Systems Reference Library

PB - Springer Science and Business Media Deutschland GmbH

ER -