ExploitabilityBirthMark: An Early Predictor of the Likelihood of Exploitation

ExploitabilityBirthMark: An Early Predictor of the Likelihood of Exploitation

연구 분야: Strategies

학회: International Symposium on Foundations and Practice of Security

In recent years, there has been a steady increase in the number of reported vulnerabilities (CVEs), increasing the workload of organizations trying to update their systems promptly. This underscores the need to prioritize specific critical vulnerabilities over others to effectively prevent cyberattacks. Unfortunately, the current methods available for assessing the exploitability of vulnerabilities have substantial shortcomings. In particular, they often consist in prediction models that encode data that may not be immediately available at the time a vulnerability is first reported. In this paper, we introduce an innovative exploitability prediction method that exclusively uses information accessible at the time of a CVE’s initial publication. Our approach outperforms the most widely used vulnerability exploit prediction algorithms in scenarios where data is subject to the aforementioned limitations.