TY - GEN
T1 - Proactive identification of exploits in the wild through vulnerability mentions online
AU - Almukaynizi, Mohammed
AU - Nunes, Eric
AU - Dharaiya, Krishna
AU - Senguttuvan, Manoj
AU - Shakarian, Jana
AU - Shakarian, Paulo
N1 - Funding Information:
ACKNOWLEDGMENT Some of the authors were supported by the Office of Naval Research (ONR) contract N00014-15-1-2742, the Office of Naval Research (ONR) Neptune program and the ASU Global Security Initiative (GSI). Paulo Shakarian and Jana Shakarian are supported by the Office of the Director of National Intelligence (ODNI) and the Intelligence Advanced Research Projects Activity (IARPA) via the Air Force Research Laboratory (AFRL) contract number FA8750-16-C-0112. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. Disclaimer: The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ODNI, IARPA, AFRL, or the U.S. Government.
Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/5
Y1 - 2017/12/5
N2 - The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90%, 13%, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.
AB - The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90%, 13%, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.
KW - adversarial machine learning
KW - darkweb analysis
KW - online vulnerability mentions
KW - vulnerability exploit prediction
UR - http://www.scopus.com/inward/record.url?scp=85045989630&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85045989630&partnerID=8YFLogxK
U2 - 10.1109/CYCONUS.2017.8167501
DO - 10.1109/CYCONUS.2017.8167501
M3 - Conference contribution
AN - SCOPUS:85045989630
T3 - 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings
SP - 82
EP - 88
BT - 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017 - Proceedings
A2 - Sobiesk, Edward
A2 - Bennett, Daniel
A2 - Maxwell, Paul
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2017 IEEE International Conference on Cyber Conflict U.S., CyCon U.S. 2017
Y2 - 7 November 2017 through 8 November 2017
ER -