VEST: A System for Vulnerability Exploit Scoring & Timing

VEST: A System for Vulnerability Exploit Scoring & Timing

Haipeng Chen, Jing Liu, Rui Liu, Noseong Park, V. S. Subrahmanian

Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence

Knowing if/when a cyber-vulnerability will be exploited and how severe the vulnerability is can help enterprise security officers (ESOs) come up with appropriate patching schedules. Today, this ability is severely compromised: our study of data from Mitre and NIST shows that on average there is a 132 day gap between the announcement of a vulnerability by Mitre and the time NIST provides an analysis with severity score estimates and 8 important severity attributes. Many attacks happen during this very 132-day window. We present Vulnerability Exploit Scoring \& Timing (VEST), a system for (early) prediction and visualization of if/when a vulnerability will be exploited, and its estimated severity attributes and score.
Keywords:
AI: Machine Learning
Applications: Defense
Applications: Security and surveillance