• Corpus ID: 231933936

Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits

  title={Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits},
  author={Octavian Suciu and Connor Nelson and Zhuoer Lyu and Tiffany Bao and Tudor Dumitras},
Assessing the exploitability of software vulnerabilities at the time of disclosure is difficult and error-prone, as features extracted via technical analysis by existing metrics are poor predictors for exploit development. Moreover, exploitability assessments suffer from a class bias because “not exploitable” labels could be inaccurate. To overcome these challenges, we propose a new metric, called Expected Exploitability (EE), which reflects, over time, the likelihood that functional exploits… 
On the Flow of Software Security Advisories
From measurements, an analytical model is proposed to express the flow of information through security advisories across multiple platforms, based on a queueing network, where each platform corresponds to a queue which adds a delay in the information propagation.
A Survey on Data-driven Software Vulnerability Assessment and Prioritization
A survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization and discusses the current limitations and propose potential solutions to address such issues.
Vulnerability Forecasting: theory and practice.
This paper documents which vendors are amenable to being forecasted, and further uncertainty reductions can be built from the methodologies in this paper.


FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities
It is demonstrated FUZE could not only escalate kernel UAF exploitability but also diversify working exploits and could facilitate security mitigation bypassing, making exploitability evaluation less challenging and more efficient.
DarkEmbed: Exploit Prediction With Neural Language Models
DarkEmbed is proposed, a neural language modeling approach that learns low dimensional distributed representations, i.e., embeddings, of darkweb/deepweb discussions to predict whether vulnerabilities will be exploited and is better able to classify discussions about exploited vulnerabilities than traditional text analysis methods.
Beyond heuristics: learning to classify vulnerabilities and predict exploits
This work shows how to train classifiers that predict much more accurately whether and how soon individual vulnerabilities are likely to be exploited, compared to current industry-standard heuristics based on expert knowledge and static formulas.
From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild
This paper uses symptomatic botnet data (in the form of a set of spam blacklists) to discover a community structure which reveals how similar Internet entities behave in terms of their malicious activities and presents a novel method based on the notion of community detection for early discovery of vulnerability exploits.
The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching
This first systematic study of patch deployment in client-side vulnerabilities from 10 popular client applications is presented, and several new threats presented by multiple installations of the same program and by shared libraries distributed with several applications are identified.
Using Twitter to Predict When Vulnerabilities will be Exploited
This paper proposes a novel framework to predict when a vulnerability will be exploited via Twitter discussion, without using CVSS score information, and introduces the unique concept of a family of CVE-Author-Tweet (CAT) graphs and builds a novel set of features based on such graphs.
Understanding the Reproducibility of Crowd-reported Security Vulnerabilities
The first empirical analysis on a wide range of real-world security vulnerabilities with the goal of quantifying their reproducibility suggests that there is not only a necessity to overhaul the way a security forum collects vulnerability reports, but also a need for automated mechanisms to collect information commonly missing in a report.
A preliminary analysis of vulnerability scores for attacks in wild: the ekits and sym datasets
The final conclusion is that the NVD and EDB databases are not a reliable source of information for exploits in the wild, even after controlling for the CVSS and exploitability subscore.
Economic Factors of Vulnerability Trade and Exploitation
The findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed.
Explaining Black-box Android Malware Detection
This work generalizes the approach to any black-box machine-learning model, by leveraging a gradient-based approach to identify the most influential local features, which enables using nonlinear models to potentially increase accuracy without sacrificing interpretability of decisions.