VEST: A System for Vulnerability Exploit Scoring & Timing

Haipeng Chen, Jing Liu, Rui Liu, Noseong Park, V. S. Subrahmanian

IJCAI 2019 pp. 6503-6505

doi:10.24963/IJCAI.2019/937 /ijcai/2019/chen2019ijcai-vest/

Abstract

Knowing if/when a cyber-vulnerability will be exploited and how severe the vulnerability is can help enterprise security officers (ESOs) come up with appropriate patching schedules. Today, this ability is severely compromised: our study of data from Mitre and NIST shows that on average there is a 132 day gap between the announcement of a vulnerability by Mitre and the time NIST provides an analysis with severity score estimates and 8 important severity attributes. Many attacks happen during this very 132-day window. We present Vulnerability Exploit Scoring \& Timing (VEST), a system for (early) prediction and visualization of if/when a vulnerability will be exploited, and its estimated severity attributes and score.

PDF IJCAI Semantic Scholar

Cite

Text

Chen et al. "VEST: A System for Vulnerability Exploit Scoring & Timing." International Joint Conference on Artificial Intelligence, 2019. doi:10.24963/IJCAI.2019/937

Markdown

[Chen et al. "VEST: A System for Vulnerability Exploit Scoring & Timing." International Joint Conference on Artificial Intelligence, 2019.](https://mlanthology.org/ijcai/2019/chen2019ijcai-vest/) doi:10.24963/IJCAI.2019/937

BibTeX

@inproceedings{chen2019ijcai-vest,
  title     = {{VEST: A System for Vulnerability Exploit Scoring & Timing}},
  author    = {Chen, Haipeng and Liu, Jing and Liu, Rui and Park, Noseong and Subrahmanian, V. S.},
  booktitle = {International Joint Conference on Artificial Intelligence},
  year      = {2019},
  pages     = {6503-6505},
  doi       = {10.24963/IJCAI.2019/937},
  url       = {https://mlanthology.org/ijcai/2019/chen2019ijcai-vest/}
}