In English

Predicting Exploit Likelihood for Cyber Vulnerabilities with Machine Learning

Michel Edkrantz
Göteborg : Chalmers tekniska högskola, 2015. 57 s.
[Examensarbete på avancerad nivå]

Every day there are some 20 new cyber vulnerabilities released, each exposing some software weakness. For an information security manager it can be a daunting task to keep up and assess which vulnerabilities to prioritize to patch. In this thesis we use historic vulnerability data from the National Vulnerability Database (NVD) and the Exploit Database (EDB) to predict exploit likelihood and time frame for unseen vulnerabilities using common machine learning algorithms. This work shows that the most important features are common words from the vulnerability descriptions, external references, and vendor products. NVD categorical data, Common Vulnerability Scoring System (CVSS) scores, and Common Weakness Enumeration (CWE) numbers are redundant when a large number of common words are used, since this information is often contained within the vulnerability description. Using several different machine learning algorithms, it is possible to get a prediction accuracy of 83% for binary classification. The relative performance of multiple of the algorithms is marginal with respect to metrics such as accuracy, precision, and recall. The best classifier with respect to both performance metrics and execution time is a linear time Support Vector Machine (SVM) algorithm. The exploit time frame prediction shows that using only public or publish dates of vulnerabilities or exploits is not enough for a good classification. We conclude that in order to get better predictions the data quality must be enhanced. This thesis was conducted at Recorded Future AB.

Nyckelord: Machine Learning, SVM, cyber security, exploits, vulnerability prediction, data mining

Publikationen registrerades 2015-07-09. Den ändrades senast 2015-09-24

CPL ID: 219658

Detta är en tjänst från Chalmers bibliotek