VASE: A twitter-based vulnerability analysis and score engine

Haipeng Chen; Jing Liu; Rui Liu; Noseong Park; V. S. Subrahmanian

doi:10.1109/ICDM.2019.00110

VASE: A twitter-based vulnerability analysis and score engine

Haipeng Chen, Jing Liu, Rui Liu, Noseong Park, V. S. Subrahmanian

Graduate School

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Citations (Scopus)

Abstract

When a new vulnerability is discovered, a Common Vulnerability and Exposure (CVE) number is publicly assigned to it. The vulnerability is then analyzed by the US National Institute of Standards and Technology (NIST) whose Common Vulnerability Scoring System (CVSS) evaluates a severity score that ranges from 0 to 10 for the vulnerability. On average, NIST takes 132.7 days for this - but early knowledge of the CVSS score is critical for enterprise security managers to take defensive actions (e.g. patch prioritization). We present VASE (Vulnerability Analysis and Scoring Engine) that uses Twitter discussions about CVEs to predict CVSS scores before the official assessments from NIST. In order to leverage the intrinsic correlations between different vulnerabilities, VASE adopts a graph convolutional network (GCN) model in which nodes correspond to CVEs. In addition, we propose a novel attention-based input embedding method to extract useful latent features for each CVE node. We show on real-world data that VASE obtains a mean absolute error (MAE) of 1.255 for predicting the CVSS score using only three days of Twitter discussion data after the date a vulnerability is first mentioned on Twitter. VASE can provide predictions for the CVSS scores for 37.85% of the CVEs at least one week earlier than the official assessments by NIST.

Original language	English
Title of host publication	Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019
Editors	Jianyong Wang, Kyuseok Shim, Xindong Wu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	976-981
Number of pages	6
ISBN (Electronic)	9781728146034
DOIs	https://doi.org/10.1109/ICDM.2019.00110
Publication status	Published - 2019 Nov
Event	19th IEEE International Conference on Data Mining, ICDM 2019 - Beijing, China Duration: 2019 Nov 8 → 2019 Nov 11

Publication series

Name	Proceedings - IEEE International Conference on Data Mining, ICDM
Volume	2019-November
ISSN (Print)	1550-4786

Conference

Conference	19th IEEE International Conference on Data Mining, ICDM 2019
Country/Territory	China
City	Beijing
Period	19/11/8 → 19/11/11

Bibliographical note

Funding Information:
This work is supported by ONR grants N00014-18-1-2670 and N00014-16-1-2896 and ARO grant W911NF-13-1-0421.

Publisher Copyright:
© 2019 IEEE.

All Science Journal Classification (ASJC) codes

Engineering(all)

Access to Document

10.1109/ICDM.2019.00110

Cite this

Chen, H., Liu, J., Liu, R., Park, N., & Subrahmanian, V. S. (2019). VASE: A twitter-based vulnerability analysis and score engine. In J. Wang, K. Shim, & X. Wu (Eds.), Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019 (pp. 976-981). [8970796] (Proceedings - IEEE International Conference on Data Mining, ICDM; Vol. 2019-November). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDM.2019.00110

Chen, Haipeng ; Liu, Jing ; Liu, Rui et al. / VASE : A twitter-based vulnerability analysis and score engine. Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019. editor / Jianyong Wang ; Kyuseok Shim ; Xindong Wu. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 976-981 (Proceedings - IEEE International Conference on Data Mining, ICDM).

@inproceedings{a2292d5417cb4bcab3fab0e52b0290c1,

title = "VASE: A twitter-based vulnerability analysis and score engine",

abstract = "When a new vulnerability is discovered, a Common Vulnerability and Exposure (CVE) number is publicly assigned to it. The vulnerability is then analyzed by the US National Institute of Standards and Technology (NIST) whose Common Vulnerability Scoring System (CVSS) evaluates a severity score that ranges from 0 to 10 for the vulnerability. On average, NIST takes 132.7 days for this - but early knowledge of the CVSS score is critical for enterprise security managers to take defensive actions (e.g. patch prioritization). We present VASE (Vulnerability Analysis and Scoring Engine) that uses Twitter discussions about CVEs to predict CVSS scores before the official assessments from NIST. In order to leverage the intrinsic correlations between different vulnerabilities, VASE adopts a graph convolutional network (GCN) model in which nodes correspond to CVEs. In addition, we propose a novel attention-based input embedding method to extract useful latent features for each CVE node. We show on real-world data that VASE obtains a mean absolute error (MAE) of 1.255 for predicting the CVSS score using only three days of Twitter discussion data after the date a vulnerability is first mentioned on Twitter. VASE can provide predictions for the CVSS scores for 37.85% of the CVEs at least one week earlier than the official assessments by NIST.",

author = "Haipeng Chen and Jing Liu and Rui Liu and Noseong Park and Subrahmanian, {V. S.}",

note = "Funding Information: This work is supported by ONR grants N00014-18-1-2670 and N00014-16-1-2896 and ARO grant W911NF-13-1-0421. Publisher Copyright: {\textcopyright} 2019 IEEE.; 19th IEEE International Conference on Data Mining, ICDM 2019 ; Conference date: 08-11-2019 Through 11-11-2019",

year = "2019",

month = nov,

doi = "10.1109/ICDM.2019.00110",

language = "English",

series = "Proceedings - IEEE International Conference on Data Mining, ICDM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "976--981",

editor = "Jianyong Wang and Kyuseok Shim and Xindong Wu",

booktitle = "Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019",

address = "United States",

}

Chen, H, Liu, J, Liu, R, Park, N & Subrahmanian, VS 2019, VASE: A twitter-based vulnerability analysis and score engine. in J Wang, K Shim & X Wu (eds), Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019., 8970796, Proceedings - IEEE International Conference on Data Mining, ICDM, vol. 2019-November, Institute of Electrical and Electronics Engineers Inc., pp. 976-981, 19th IEEE International Conference on Data Mining, ICDM 2019, Beijing, China, 19/11/8. https://doi.org/10.1109/ICDM.2019.00110

VASE : A twitter-based vulnerability analysis and score engine. / Chen, Haipeng; Liu, Jing; Liu, Rui et al.

Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019. ed. / Jianyong Wang; Kyuseok Shim; Xindong Wu. Institute of Electrical and Electronics Engineers Inc., 2019. p. 976-981 8970796 (Proceedings - IEEE International Conference on Data Mining, ICDM; Vol. 2019-November).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - VASE

T2 - 19th IEEE International Conference on Data Mining, ICDM 2019

AU - Chen, Haipeng

AU - Liu, Jing

AU - Liu, Rui

AU - Park, Noseong

AU - Subrahmanian, V. S.

PY - 2019/11

Y1 - 2019/11

N2 - When a new vulnerability is discovered, a Common Vulnerability and Exposure (CVE) number is publicly assigned to it. The vulnerability is then analyzed by the US National Institute of Standards and Technology (NIST) whose Common Vulnerability Scoring System (CVSS) evaluates a severity score that ranges from 0 to 10 for the vulnerability. On average, NIST takes 132.7 days for this - but early knowledge of the CVSS score is critical for enterprise security managers to take defensive actions (e.g. patch prioritization). We present VASE (Vulnerability Analysis and Scoring Engine) that uses Twitter discussions about CVEs to predict CVSS scores before the official assessments from NIST. In order to leverage the intrinsic correlations between different vulnerabilities, VASE adopts a graph convolutional network (GCN) model in which nodes correspond to CVEs. In addition, we propose a novel attention-based input embedding method to extract useful latent features for each CVE node. We show on real-world data that VASE obtains a mean absolute error (MAE) of 1.255 for predicting the CVSS score using only three days of Twitter discussion data after the date a vulnerability is first mentioned on Twitter. VASE can provide predictions for the CVSS scores for 37.85% of the CVEs at least one week earlier than the official assessments by NIST.

AB - When a new vulnerability is discovered, a Common Vulnerability and Exposure (CVE) number is publicly assigned to it. The vulnerability is then analyzed by the US National Institute of Standards and Technology (NIST) whose Common Vulnerability Scoring System (CVSS) evaluates a severity score that ranges from 0 to 10 for the vulnerability. On average, NIST takes 132.7 days for this - but early knowledge of the CVSS score is critical for enterprise security managers to take defensive actions (e.g. patch prioritization). We present VASE (Vulnerability Analysis and Scoring Engine) that uses Twitter discussions about CVEs to predict CVSS scores before the official assessments from NIST. In order to leverage the intrinsic correlations between different vulnerabilities, VASE adopts a graph convolutional network (GCN) model in which nodes correspond to CVEs. In addition, we propose a novel attention-based input embedding method to extract useful latent features for each CVE node. We show on real-world data that VASE obtains a mean absolute error (MAE) of 1.255 for predicting the CVSS score using only three days of Twitter discussion data after the date a vulnerability is first mentioned on Twitter. VASE can provide predictions for the CVSS scores for 37.85% of the CVEs at least one week earlier than the official assessments by NIST.

UR - http://www.scopus.com/inward/record.url?scp=85078918114&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85078918114&partnerID=8YFLogxK

U2 - 10.1109/ICDM.2019.00110

DO - 10.1109/ICDM.2019.00110

M3 - Conference contribution

AN - SCOPUS:85078918114

T3 - Proceedings - IEEE International Conference on Data Mining, ICDM

SP - 976

EP - 981

BT - Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019

A2 - Wang, Jianyong

A2 - Shim, Kyuseok

A2 - Wu, Xindong

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 8 November 2019 through 11 November 2019

ER -

Chen H, Liu J, Liu R, Park N, Subrahmanian VS. VASE: A twitter-based vulnerability analysis and score engine. In Wang J, Shim K, Wu X, editors, Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 976-981. 8970796. (Proceedings - IEEE International Conference on Data Mining, ICDM). doi: 10.1109/ICDM.2019.00110

VASE: A twitter-based vulnerability analysis and score engine

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this