Análise temporal de risco de sistemas computacionais via modelagem de séries de eventos associados a vulnerabilidades
Abstract
In information security, software and hardware vulnerabilities are increasingly prevalent at the expense of today’s technological advances. In this work we present an analysis of time series on vulnerability life cycle searching for trends in information security industry. We also present a machine learning model to predict the occurrence of exploits. The training process was done using approximately 26,000 vulnerability data samples and 132 features, resulting in a model with an initial accuracy of 60% for predicting the first exploit. After adjusting the parameters of the algorithm using grid search, an increase to 67% was achieved using error metrics such as mean absolute error and root mean square error.
References
Bilge, L. and Dumitras, T. (2012). Before we knew it: an empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 833–844. ACM.
Bozorgi, M., Saul, L. K., Savage, S., and Voelker, G. M. (2010). Beyond heuristics: learning to classify vulnerabilities and predict exploits. In SIGKDD, pages 105–114.
Chen, T., He, T., Benesty, M., et al. (2015). Xgboost: extreme gradient boosting. R package version 0.4-2, pages 1–4.
First (2007). Common vulnerability scoring system. https://www.first.org/cvss/v2/guide. [Online; accessed 01-May-2019].
Frei, S., May, M., Fiedler, U., and Plattner, B. (2006). Large-scale vulnerability analysis. In Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, pages 131–138. ACM.
Keras (2019). The python deep learning library. [Online; accessed 13-May-2019].
Mell, P., Scarfone, K., and Romanosky, S. (2006). Common vulnerability scoring system. IEEE Security & Privacy, 4(6):85–89.
MITRE (2018). Common vulnerabilities and exposures (cve). [Online; accessed 01-May-2019]. NIST (2018). National vulnerability database. [Online; accessed 01-May-2019].
Petraityte, M., Dehghantanha, A., and Epiphaniou, G. (2018). A model for android and ios applications risk calculation: Cvss analysis and enhancement using case-control studies. Cyber Threat Intelligence, pages 219–237.
Sabottke, C., Suciu, O., and Dumitras, T. (2015). Vulnerability disclosure in the age of social media: Exploiting twitter for predicting real-world exploits. In USENIX Security Symposium, pages 1041–1056.
Scarfone, K. and Mell, P. (2009). An analysis of cvss version 2 vulnerability scoring. In Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement, pages 516–525. IEEE Computer Society.
Security, O. (2018). Exploit database. [Online; accessed 01-May-2019].
Shahzad, M., Shafiq, M. Z., and Liu, A. X. (2012). A large scale exploratory analysis of software vulnera- bility life cycles. In ICSE, pages 771–781. IEEE.
Spark, C. (2017). Hyperparameter tuning. https://blog.cambridgespark.com/ hyperparameter-tuning-in-xgboost-4ff9100a3b2f.
Wang, L., Islam, T., Long, T., Singhal, A., and Jajodia, S. (2008). An attack graph-based probabilistic security metric. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 283–296. Springer.
Bozorgi, M., Saul, L. K., Savage, S., and Voelker, G. M. (2010). Beyond heuristics: learning to classify vulnerabilities and predict exploits. In SIGKDD, pages 105–114.
Chen, T., He, T., Benesty, M., et al. (2015). Xgboost: extreme gradient boosting. R package version 0.4-2, pages 1–4.
First (2007). Common vulnerability scoring system. https://www.first.org/cvss/v2/guide. [Online; accessed 01-May-2019].
Frei, S., May, M., Fiedler, U., and Plattner, B. (2006). Large-scale vulnerability analysis. In Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, pages 131–138. ACM.
Keras (2019). The python deep learning library. [Online; accessed 13-May-2019].
Mell, P., Scarfone, K., and Romanosky, S. (2006). Common vulnerability scoring system. IEEE Security & Privacy, 4(6):85–89.
MITRE (2018). Common vulnerabilities and exposures (cve). [Online; accessed 01-May-2019]. NIST (2018). National vulnerability database. [Online; accessed 01-May-2019].
Petraityte, M., Dehghantanha, A., and Epiphaniou, G. (2018). A model for android and ios applications risk calculation: Cvss analysis and enhancement using case-control studies. Cyber Threat Intelligence, pages 219–237.
Sabottke, C., Suciu, O., and Dumitras, T. (2015). Vulnerability disclosure in the age of social media: Exploiting twitter for predicting real-world exploits. In USENIX Security Symposium, pages 1041–1056.
Scarfone, K. and Mell, P. (2009). An analysis of cvss version 2 vulnerability scoring. In Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement, pages 516–525. IEEE Computer Society.
Security, O. (2018). Exploit database. [Online; accessed 01-May-2019].
Shahzad, M., Shafiq, M. Z., and Liu, A. X. (2012). A large scale exploratory analysis of software vulnera- bility life cycles. In ICSE, pages 771–781. IEEE.
Spark, C. (2017). Hyperparameter tuning. https://blog.cambridgespark.com/ hyperparameter-tuning-in-xgboost-4ff9100a3b2f.
Wang, L., Islam, T., Long, T., Singhal, A., and Jajodia, S. (2008). An attack graph-based probabilistic security metric. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 283–296. Springer.
Published
2019-07-08
How to Cite
MARTINS, Matheus; BICUDO, Miguel A.; MENASCHÉ, Daniel ; DE AGUIAR, Leandro P..
Análise temporal de risco de sistemas computacionais via modelagem de séries de eventos associados a vulnerabilidades. In: WORKSHOP ON PERFORMANCE OF COMPUTER AND COMMUNICATION SYSTEMS (WPERFORMANCE), 2019. , 2019, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
ISSN 2595-6167.
DOI: https://doi.org/10.5753/wperformance.2019.6465.
