Go to DBLP homepagePredicting Vulnerability Exploit Complexity Based On Exploit Scripts
Abstract: Software vulnerabilities provide openings for cyberattacks and therefore pose a great risk to the security of an IT system. The availability of public exploit scripts strongly influences the scale of the threat as it greatly reduces the effort that adversaries must expend to exploit these vulnerabilities. These exploit scripts also differ relative to maturity, reliability, and skill required to be executed successfully. This factor plays an important role in qualitative and quantitative vulnerability risk assessment, cyber adversary analysis, and cybersecurity training. However, not all public exploit databases offer such a rank, which impairs the accuracy of these evaluations. To address this shortcoming, this study evaluates different machine learning approaches to predict the complexity required to execute an exploit based on the exploit script. For this evaluation, different data preparation approaches and machine learning models, all of which have been proven to perform well on similar tasks, were selected. Each machine learning model was then trained using each data preparation approach to evaluate performance and determine the best approach to reliably predict the required skill to use an exploit. These results can be used to generate complexity predictions for exploits, which can then be included in skill-based assessments and ultimately improve the accuracy of cybersecurity evaluations.
External IDs:dblp:conf/iccta/RosenbergerJ24
Loading