Exploitability prediction of software vulnerabilities
| dc.contributor.author | Bhatt, Navneet | |
| dc.contributor.author | Anand, Adarsh | |
| dc.contributor.author | Yadavalli, Venkata S. Sarma | |
| dc.date.accessioned | 2022-11-30T05:07:06Z | |
| dc.date.available | 2022-11-30T05:07:06Z | |
| dc.date.issued | 2021-03 | |
| dc.description.abstract | The number of security failure discovered and disclosed publicly are increasing at a pace like never before. Wherein, a small fraction of vulnerabilities encountered in the operational phase are exploited in the wild. It is difficult to find vulnerabilities during the early stages of software development cycle, as security aspects are often not known adequately. To counter these security implications, firms usually provide patches such that these security flaws are not exploited. It is a daunting task for a security manager to prioritize patches for vulnerabilities that are likely to be exploitable. This paper fills this gap by applying different machine learning techniques to classify the vulnerabilities based on previous exploit-history. Our work indicates that various vulnerability characteristics such as severity, type of vulnerabilities, different software configurations, and vulnerability scoring parameters are important features to be considered in judging an exploit. Using such methods, it is possible to predict exploit-prone vulnerabilities with an accuracy >85%. Finally, with this experiment, we conclude that supervised machine learning approach can be a useful technique in predicting exploit-prone vulnerabilities. | en_US |
| dc.description.department | Industrial and Systems Engineering | en_US |
| dc.description.librarian | hj2022 | en_US |
| dc.description.uri | http://wileyonlinelibrary.com/journal/qre | en_US |
| dc.identifier.citation | Bhatt, N., Anand, A. & Yadavalli, V.S.S. Exploitability prediction of software vulnerabilities. Quality and Reliability Engineering International 2021;37:648–663. https://doi.org/10.1002/qre.2754. | en_US |
| dc.identifier.issn | 0748-8017 (print) | |
| dc.identifier.issn | 1099-1638 (online) | |
| dc.identifier.other | 10.1002/qre.2754 | |
| dc.identifier.uri | https://repository.up.ac.za/handle/2263/88548 | |
| dc.language.iso | en | en_US |
| dc.publisher | Wiley | en_US |
| dc.rights | © 2020 John Wiley & Sons, Ltd. This is the pre-peer reviewed version of the following article: Exploitability prediction of software vulnerabilities. Quality and Reliability Engineering International 2021;37:648–663. https://doi.org/10.1002/qre.2754. The definite version is available at http://wileyonlinelibrary.com/journal/qre. | en_US |
| dc.subject | Exploits | en_US |
| dc.subject | Machine learning | en_US |
| dc.subject | Patches | en_US |
| dc.subject | Security | en_US |
| dc.subject | Vulnerability | en_US |
| dc.title | Exploitability prediction of software vulnerabilities | en_US |
| dc.type | Postprint Article | en_US |