TY - GEN
T1 - VEST
T2 - 28th International Joint Conference on Artificial Intelligence, IJCAI 2019
AU - Chen, Haipeng
AU - Liu, Jing
AU - Liu, Rui
AU - Park, Noseong
AU - Subrahmanian, V. S.
N1 - Funding Information:
This work is supported by ONR grants N00014-18-1-2670 and N00014-16-1-2896 and ARO grant W911NF-13-1-0421.
Publisher Copyright:
© 2019 International Joint Conferences on Artificial Intelligence. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Knowing if/when a cyber-vulnerability will be exploited and how severe the vulnerability is can help enterprise security officers (ESOs) come up with appropriate patching schedules. Today, this ability is severely compromised: our study of data from MITRE and NIST shows that on average there is a 132 day gap between the announcement of a vulnerability by MITRE and the time NIST provides an analysis with severity score estimates and 8 important severity attributes. Many attacks happen during this very 132-day window. We present Vulnerability Exploit Scoring & Timing (VEST), a system for (early) prediction and visualization of if/when a vulnerability will be exploited, and its estimated severity attributes and score.
AB - Knowing if/when a cyber-vulnerability will be exploited and how severe the vulnerability is can help enterprise security officers (ESOs) come up with appropriate patching schedules. Today, this ability is severely compromised: our study of data from MITRE and NIST shows that on average there is a 132 day gap between the announcement of a vulnerability by MITRE and the time NIST provides an analysis with severity score estimates and 8 important severity attributes. Many attacks happen during this very 132-day window. We present Vulnerability Exploit Scoring & Timing (VEST), a system for (early) prediction and visualization of if/when a vulnerability will be exploited, and its estimated severity attributes and score.
UR - http://www.scopus.com/inward/record.url?scp=85074931386&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85074931386&partnerID=8YFLogxK
U2 - 10.24963/ijcai.2019/937
DO - 10.24963/ijcai.2019/937
M3 - Conference contribution
AN - SCOPUS:85074931386
T3 - IJCAI International Joint Conference on Artificial Intelligence
SP - 6503
EP - 6505
BT - Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019
A2 - Kraus, Sarit
PB - International Joint Conferences on Artificial Intelligence
Y2 - 10 August 2019 through 16 August 2019
ER -