Proactive identification of exploits in the wild through vulnerability mentions online

Mohammed Almukaynizi, Eric Nunes, Krishna Dharaiya, Manoj Senguttuvan, Jana Shakarian, Paulo Shakarian

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90%, 13%, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.

Original languageEnglish (US)
Title of host publication2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages82-88
Number of pages7
Volume2017-December
ISBN (Electronic)9781538623794
DOIs
StatePublished - Dec 5 2017
Event2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Washington, United States
Duration: Nov 7 2017Nov 8 2017

Other

Other2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017
CountryUnited States
CityWashington
Period11/7/1711/8/17

Fingerprint

vulnerability
community
exploitation
minority
resources

Keywords

  • adversarial machine learning
  • darkweb analysis
  • online vulnerability mentions
  • vulnerability exploit prediction

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Political Science and International Relations
  • Computer Networks and Communications
  • Law

Cite this

Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., & Shakarian, P. (2017). Proactive identification of exploits in the wild through vulnerability mentions online. In 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings (Vol. 2017-December, pp. 82-88). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CYCONUS.2017.8167501

Proactive identification of exploits in the wild through vulnerability mentions online. / Almukaynizi, Mohammed; Nunes, Eric; Dharaiya, Krishna; Senguttuvan, Manoj; Shakarian, Jana; Shakarian, Paulo.

2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings. Vol. 2017-December Institute of Electrical and Electronics Engineers Inc., 2017. p. 82-88.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Almukaynizi, M, Nunes, E, Dharaiya, K, Senguttuvan, M, Shakarian, J & Shakarian, P 2017, Proactive identification of exploits in the wild through vulnerability mentions online. in 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings. vol. 2017-December, Institute of Electrical and Electronics Engineers Inc., pp. 82-88, 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017, Washington, United States, 11/7/17. https://doi.org/10.1109/CYCONUS.2017.8167501
Almukaynizi M, Nunes E, Dharaiya K, Senguttuvan M, Shakarian J, Shakarian P. Proactive identification of exploits in the wild through vulnerability mentions online. In 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings. Vol. 2017-December. Institute of Electrical and Electronics Engineers Inc. 2017. p. 82-88 https://doi.org/10.1109/CYCONUS.2017.8167501
Almukaynizi, Mohammed ; Nunes, Eric ; Dharaiya, Krishna ; Senguttuvan, Manoj ; Shakarian, Jana ; Shakarian, Paulo. / Proactive identification of exploits in the wild through vulnerability mentions online. 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings. Vol. 2017-December Institute of Electrical and Electronics Engineers Inc., 2017. pp. 82-88
@inproceedings{18d0bb511b3541c49add59b64e486334,
title = "Proactive identification of exploits in the wild through vulnerability mentions online",
abstract = "The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266{\%} improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90{\%}, 13{\%}, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.",
keywords = "adversarial machine learning, darkweb analysis, online vulnerability mentions, vulnerability exploit prediction",
author = "Mohammed Almukaynizi and Eric Nunes and Krishna Dharaiya and Manoj Senguttuvan and Jana Shakarian and Paulo Shakarian",
year = "2017",
month = "12",
day = "5",
doi = "10.1109/CYCONUS.2017.8167501",
language = "English (US)",
volume = "2017-December",
pages = "82--88",
booktitle = "2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Proactive identification of exploits in the wild through vulnerability mentions online

AU - Almukaynizi, Mohammed

AU - Nunes, Eric

AU - Dharaiya, Krishna

AU - Senguttuvan, Manoj

AU - Shakarian, Jana

AU - Shakarian, Paulo

PY - 2017/12/5

Y1 - 2017/12/5

N2 - The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90%, 13%, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.

AB - The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90%, 13%, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.

KW - adversarial machine learning

KW - darkweb analysis

KW - online vulnerability mentions

KW - vulnerability exploit prediction

UR - http://www.scopus.com/inward/record.url?scp=85045989630&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045989630&partnerID=8YFLogxK

U2 - 10.1109/CYCONUS.2017.8167501

DO - 10.1109/CYCONUS.2017.8167501

M3 - Conference contribution

AN - SCOPUS:85045989630

VL - 2017-December

SP - 82

EP - 88

BT - 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -