Predicting Exploit Likelihood for Cyber Vulnerabilities with Machine Learning
dc.contributor.author | Edkrantz, Michel | |
dc.contributor.department | Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers) | sv |
dc.contributor.department | Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers) | en |
dc.date.accessioned | 2019-07-03T13:45:16Z | |
dc.date.available | 2019-07-03T13:45:16Z | |
dc.date.issued | 2015 | |
dc.description.abstract | Every day there are some 20 new cyber vulnerabilities released, each exposing some software weakness. For an information security manager it can be a daunting task to keep up and assess which vulnerabilities to prioritize to patch. In this thesis we use historic vulnerability data from the National Vulnerability Database (NVD) and the Exploit Database (EDB) to predict exploit likelihood and time frame for unseen vulnerabilities using common machine learning algorithms. This work shows that the most important features are common words from the vulnerability descriptions, external references, and vendor products. NVD categorical data, Common Vulnerability Scoring System (CVSS) scores, and Common Weakness Enumeration (CWE) numbers are redundant when a large number of common words are used, since this information is often contained within the vulnerability description. Using several different machine learning algorithms, it is possible to get a prediction accuracy of 83% for binary classification. The relative performance of multiple of the algorithms is marginal with respect to metrics such as accuracy, precision, and recall. The best classifier with respect to both performance metrics and execution time is a linear time Support Vector Machine (SVM) algorithm. The exploit time frame prediction shows that using only public or publish dates of vulnerabilities or exploits is not enough for a good classification. We conclude that in order to get better predictions the data quality must be enhanced. This thesis was conducted at Recorded Future AB. | |
dc.identifier.uri | https://hdl.handle.net/20.500.12380/219658 | |
dc.language.iso | eng | |
dc.setspec.uppsok | Technology | |
dc.subject | Informations- och kommunikationsteknik | |
dc.subject | Data- och informationsvetenskap | |
dc.subject | Information & Communication Technology | |
dc.subject | Computer and Information Science | |
dc.title | Predicting Exploit Likelihood for Cyber Vulnerabilities with Machine Learning | |
dc.type.degree | Examensarbete för masterexamen | sv |
dc.type.degree | Master Thesis | en |
dc.type.uppsok | H | |
local.programme | Complex adaptive systems (MPCAS), MSc |
Ladda ner
Original bundle
1 - 1 av 1
Hämtar...
- Namn:
- 219658.pdf
- Storlek:
- 2.59 MB
- Format:
- Adobe Portable Document Format
- Beskrivning:
- Fulltext