Every day about 20 new cyber vulnerabilities are released and reported, and these are related to various software implementation weaknesses. Hackers exploit these vulnerabilities to launch an attack, trigger a system failure, access sensitive information, or gain remote system access. Some vulnerabilities have a severe impact, while hackers show little or no interest in exploiting others. For an information security manager, it can be a daunting task to keep up and assess which vulnerabilities to prioritize for patching. The cyber threat landscape is quickly changing and it is of vital importance for many companies to stay updated and proactively work to improve security. Many of the vulnerabilities are zero-days, which means that the vulnerability was exploited before the software vendor was aware of its existence. 90% of the exploits are generally available within a week from the vulnerability disclosure, a great majority within days. Making an early assessment automatically can therefore help security managers discover possible threats in advance.
We use machine learning (ML) and data mining to examine correlations in vulnerability data to see if some vulnerability types are more likely to be exploited. With ML algorithms it is possible to binary classify vulnerabilities as likely to get exploited or not. Our main data sources are the National Vulnerability Database (NVD) and the Exploit DB (EDB).
-Cyber exploits can be anticipated with an accuracy of 83% using open vulnerability data.
-The text of the CVE summary provided the most important features. In fact, the Common Vulnerability Scoring System (CVSS) scores, parameters and Common Weakness Enumeration (CWE) numbers did not add any additional information to the model and to the prediction.
-Hackers are likely to go after content management systems (CMSs). That may be because the fragmented world of CMS provides a target-rich environment of unpatched websites.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program