Loading [MathJax]/extensions/MathMenu.js
Proactive identification of exploits in the wild through vulnerability mentions online | IEEE Conference Publication | IEEE Xplore
Scheduled Maintenance: On Monday, 30 June, IEEE Xplore will undergo scheduled maintenance from 1:00-2:00 PM ET (1800-1900 UTC).
On Tuesday, 1 July, IEEE Xplore will undergo scheduled maintenance from 1:00-5:00 PM ET (1800-2200 UTC).
During these times, there may be intermittent impact on performance. We apologize for any inconvenience.

Proactive identification of exploits in the wild through vulnerability mentions online


Abstract:

The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attac...Show More

Abstract:

The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90%, 13%, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.
Date of Conference: 07-08 November 2017
Date Added to IEEE Xplore: 07 December 2017
ISBN Information:
Conference Location: Washington, DC, USA

Contact IEEE to Subscribe

References

References is not available for this document.