VEST: A System for Vulnerability Exploit Scoring & Timing
VEST: A System for Vulnerability Exploit Scoring & Timing
Haipeng Chen, Jing Liu, Rui Liu, Noseong Park, V. S. Subrahmanian
Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence
Demos. Pages 6503-6505.
https://doi.org/10.24963/ijcai.2019/937
Knowing if/when a cyber-vulnerability will be exploited and how severe the vulnerability is can help enterprise security officers (ESOs) come up with appropriate patching schedules. Today, this ability is severely compromised: our study of data from Mitre and NIST shows that on average there is a 132 day gap between the announcement of a vulnerability by Mitre and the time NIST provides an analysis with severity score estimates and 8 important severity attributes. Many attacks happen during this very 132-day window. We present Vulnerability Exploit Scoring \& Timing (VEST), a system for (early) prediction and visualization of if/when a vulnerability will be exploited, and its estimated severity attributes and score.
Keywords:
AI: Machine Learning
Applications: Defense
Applications: Security and surveillance