Predicting Exploit Likelihood for Cyber Vulnerabilities with Machine Learning

Visa enkel post
dc.contributor.authorEdkrantz, Michel
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)sv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineering (Chalmers)en
dc.date.accessioned2019-07-03T13:45:16Z
dc.date.available2019-07-03T13:45:16Z
dc.date.issued2015
dc.description.abstractEvery day there are some 20 new cyber vulnerabilities released, each exposing some software weakness. For an information security manager it can be a daunting task to keep up and assess which vulnerabilities to prioritize to patch. In this thesis we use historic vulnerability data from the National Vulnerability Database (NVD) and the Exploit Database (EDB) to predict exploit likelihood and time frame for unseen vulnerabilities using common machine learning algorithms. This work shows that the most important features are common words from the vulnerability descriptions, external references, and vendor products. NVD categorical data, Common Vulnerability Scoring System (CVSS) scores, and Common Weakness Enumeration (CWE) numbers are redundant when a large number of common words are used, since this information is often contained within the vulnerability description. Using several different machine learning algorithms, it is possible to get a prediction accuracy of 83% for binary classification. The relative performance of multiple of the algorithms is marginal with respect to metrics such as accuracy, precision, and recall. The best classifier with respect to both performance metrics and execution time is a linear time Support Vector Machine (SVM) algorithm. The exploit time frame prediction shows that using only public or publish dates of vulnerabilities or exploits is not enough for a good classification. We conclude that in order to get better predictions the data quality must be enhanced. This thesis was conducted at Recorded Future AB.
dc.identifier.urihttps://hdl.handle.net/20.500.12380/219658
dc.language.isoeng
dc.setspec.uppsokTechnology
dc.subjectInformations- och kommunikationsteknik
dc.subjectData- och informationsvetenskap
dc.subjectInformation & Communication Technology
dc.subjectComputer and Information Science
dc.titlePredicting Exploit Likelihood for Cyber Vulnerabilities with Machine Learning
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster Thesisen
dc.type.uppsokH
local.programmeComplex adaptive systems (MPCAS), MSc
Ladda ner
Original bundle
Visar 1 - 1 av 1
Bild (thumbnail)
Namn:
219658.pdf
Storlek:
2.59 MB
Format:
Adobe Portable Document Format
Beskrivning:
Fulltext
Ladda ner
Samling
Examensarbeten för masterexamen