Online Vulnerabilities and Exploits
The number of software vulnerabilities that are publicly disclosed is increasing every year. However, only a very small fraction of them are exploited in the wild. Due to the lack of resources, organizations often fall behind on vulnerability patching; therefore, relying on vulnerability severity metrics (such as CVSS, Microsoft Exploitability Index) for patch prioritization. Recent studies highlight many limitations of the current severity metrics as means for predicting real-world exploits. We attribute this partially to their lack of assessing and dynamically incorporating different cyber security community reactions to vulnerability disclosures (e.g., through online vulnerability mentions).
In this talk, we describe our analysis and observations on the characteristics of data feeds with vulnerability mentions appeared after vulnerability disclosures, quantifying their implications on exploitation likelihood. Such mentions are gathered from varying online data sources (Exploit-DB “white-hat website”, Zero Day Initiative “corporation”, and darkweb “black-hat websites”). Leveraging these data sources, we also describe how machine learning can aid in the task of predicting exploits in the wild. Concretely, we describe the experimental setup and prediction results for a machine learning model that is dynamic, fast, and outperforming the standard CVSS scoring systems, and a recent Twitter-based benchmark model-- false positives are reduced by around 35% over CVSS, and 25% over the benchmark model. Online vulnerability mentions are found to be correlating with the availability of real-world exploits, and in many cases, they appear before any exploits are detected.
Mohammed Almukaynizi is a Ph.D. student studying computer science at Arizona State University. He is a recipient of the King Saud University scholarship award for his master’s and Ph.D. studies. His research at the Cyber-Socio Intelligent Systems (CySIS) Laboratory focuses on machine learning applications to Cybersecurity. Prior to his Ph.D. studies, Mohammed had an academic teaching and industry working experience on areas including database management, software engineering, and ERP systems implementation. He earned a master’s degree from the University of Michigan- Dearborn and a bachelor’s degree from King Saud University (Riyadh, Saudi Arabia). He has been recently working on proactive prediction of vulnerability exploits in the wild.
Paulo Shakarian, PhD
Paulo Shakarian, PhD, is the CEO and co-founder of Cyber Reconnaissance, Inc. (CYR3CON™). He is also a Fulton Entrepreneurial Professor at Arizona State University and New America Cybersecurity Initiative fellow. He has authored several books about cyber security including Cambridge’s Darkweb Cyber Threat Intelligence Mining and Elsevier’s Introduction to Cyber-Warfare. His work on cyber threat intelligence and artificial intelligence has been featured in Forbes, the New Yorker, Slate, the Economist, Business Insider, TechCrunch and BBC. In 2016, the company he leads was named a semi-finalist in the Cisco Innovation Grand Challenge and selected for the NSF Innovation Corps program. He also named a “KDD Rising Star” by Microsoft Research and is a recipient of the Air Force Young Investigator Award. Previously, Shakarian was a Major in the U.S. Army where he was Defense Advanced Research Projects Agency (DARPA) Service Chief’s fellow, faculty at West Point, and served two combat tours in Iraq, earning a Bronze Star and the Army Commendation Medal for Valor.