Sie können Bookmarks mittels Listen verwalten, loggen Sie sich dafür bitte in Ihr SLUB Benutzerkonto ein.
Medientyp:
E-Artikel
Titel:
Exploitability prediction of software vulnerabilities
Beteiligte:
Bhatt, Navneet;
Anand, Adarsh;
Yadavalli, V. S. S.
Erschienen:
Wiley, 2021
Erschienen in:
Quality and Reliability Engineering International, 37 (2021) 2, Seite 648-663
Sprache:
Englisch
DOI:
10.1002/qre.2754
ISSN:
0748-8017;
1099-1638
Entstehung:
Anmerkungen:
Beschreibung:
AbstractThe number of security failure discovered and disclosed publicly are increasing at a pace like never before. Wherein, a small fraction of vulnerabilities encountered in the operational phase are exploited in the wild. It is difficult to find vulnerabilities during the early stages of software development cycle, as security aspects are often not known adequately. To counter these security implications, firms usually provide patches such that these security flaws are not exploited. It is a daunting task for a security manager to prioritize patches for vulnerabilities that are likely to be exploitable. This paper fills this gap by applying different machine learning techniques to classify the vulnerabilities based on previous exploit‐history. Our work indicates that various vulnerability characteristics such as severity, type of vulnerabilities, different software configurations, and vulnerability scoring parameters are important features to be considered in judging an exploit. Using such methods, it is possible to predict exploit‐prone vulnerabilities with an accuracy >85%. Finally, with this experiment, we conclude that supervised machine learning approach can be a useful technique in predicting exploit‐prone vulnerabilities.