Knowing if/when a cyber-vulnerability will be exploited and how severe the vulnerability is can help enterprise security officers (ESOs) come up with appropriate patching schedules. Today, this ability is severely compromised: our study of data from MITRE and NIST shows that on average there is a 132 day gap between the announcement of a vulnerability by MITRE and the time NIST provides an analysis with severity score estimates and 8 important severity attributes. Many attacks happen during this very 132-day window. We present Vulnerability Exploit Scoring & Timing (VEST), a system for (early) prediction and visualization of if/when a vulnerability will be exploited, and its estimated severity attributes and score.
|Title of host publication||Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019|
|Publisher||International Joint Conferences on Artificial Intelligence|
|Number of pages||3|
|Publication status||Published - 2019|
|Event||28th International Joint Conference on Artificial Intelligence, IJCAI 2019 - Macao, China|
Duration: 2019 Aug 10 → 2019 Aug 16
|Name||IJCAI International Joint Conference on Artificial Intelligence|
|Conference||28th International Joint Conference on Artificial Intelligence, IJCAI 2019|
|Period||19/8/10 → 19/8/16|
Bibliographical noteFunding Information:
This work is supported by ONR grants N00014-18-1-2670 and N00014-16-1-2896 and ARO grant W911NF-13-1-0421.
© 2019 International Joint Conferences on Artificial Intelligence. All rights reserved.
All Science Journal Classification (ASJC) codes
- Artificial Intelligence