Abstract
Knowing if/when a cyber-vulnerability will be exploited and how severe the vulnerability is can help enterprise security officers (ESOs) come up with appropriate patching schedules. Today, this ability is severely compromised: our study of data from MITRE and NIST shows that on average there is a 132 day gap between the announcement of a vulnerability by MITRE and the time NIST provides an analysis with severity score estimates and 8 important severity attributes. Many attacks happen during this very 132-day window. We present Vulnerability Exploit Scoring & Timing (VEST), a system for (early) prediction and visualization of if/when a vulnerability will be exploited, and its estimated severity attributes and score.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019 |
| Editors | Sarit Kraus |
| Publisher | International Joint Conferences on Artificial Intelligence |
| Pages | 6503-6505 |
| Number of pages | 3 |
| ISBN (Electronic) | 9780999241141 |
| DOIs | |
| Publication status | Published - 2019 |
| Event | 28th International Joint Conference on Artificial Intelligence, IJCAI 2019 - Macao, China Duration: 2019 Aug 10 → 2019 Aug 16 |
Publication series
| Name | IJCAI International Joint Conference on Artificial Intelligence |
|---|---|
| Volume | 2019-August |
| ISSN (Print) | 1045-0823 |
Conference
| Conference | 28th International Joint Conference on Artificial Intelligence, IJCAI 2019 |
|---|---|
| Country/Territory | China |
| City | Macao |
| Period | 19/8/10 → 19/8/16 |
Bibliographical note
Funding Information:This work is supported by ONR grants N00014-18-1-2670 and N00014-16-1-2896 and ARO grant W911NF-13-1-0421.
Publisher Copyright:
© 2019 International Joint Conferences on Artificial Intelligence. All rights reserved.
All Science Journal Classification (ASJC) codes
- Artificial Intelligence