Proactive identification of exploits in the wild through vulnerability mentions online | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2017 International Conference...

Proactive identification of exploits in the wild through vulnerability mentions online

PDF
Mohammed Almukaynizi; Eric Nunes; Krishna Dharaiya; Manoj Senguttuvan; Jana Shakarian; Paulo Shakarian
All Authors

Abstract:

The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attac...Show More

Metadata

Abstract:

The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability will be exploited. Our proposed model leverages data from a variety of online data sources (white-hat community, vulnerability researchers community, and darkweb/deepweb sites) with vulnerability mentions. Compared to the standard scoring system (CVSS base score), our model outperforms the baseline models with an F1 measure of 0.40 on the minority class (266% improvement over CVSS base score) and also achieves high True Positive Rate at low False Positive Rate (90%, 13%, respectively). The results demonstrate that the model is highly effective as an early predictor of exploits that could appear in the wild. We also present a qualitative and quantitative study regarding the increase in the likelihood of exploitation incurred when a vulnerability is mentioned in each of the data sources we examine.
Published in: 2017 International Conference on Cyber Conflict (CyCon U.S.)
Date of Conference: 07-08 November 2017
Date Added to IEEE Xplore: 07 December 2017
ISBN Information:
DOI: 10.1109/CYCONUS.2017.8167501
Conference Location: Washington, DC, USA
Contents

I. Introduction

An increasing number of software vulnerabilities are discovered and publicly disclosed every year. In 2016 alone, more than 10,000 vulnerability identifiers were assigned and at least 6,000 were publicly disclosed by the National Institute of Standards and Technology (NIST)

https://www.nist.gov/

. However, only a small fraction of those vulnerabilities (less than 3%) are found to be exploited in the wild [1]–[4] - a result confirmed in this paper. The current methods for prioritizing patching vulnerabilities appear to fall short. Verizon reported that over 99% of breaches are caused by exploits to known vulnerabilities [5].

Contact IEEE to Subscribe
More Like This
Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database

IEEE Transactions on Reliability

Published: 2013

Classification of HTTP automated software communication behaviour using NoSql database

2016 International Conference on Electronics, Information, and Communications (ICEIC)

Published: 2016

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.