New Research Finds Cyber Exploits Can Be Anticipated With an Accuracy of 83%
July 14, 2015 • Caroline Flannery
Immediately Available: Download your free copy of this exclusive report here.
Security teams have the daunting task of trying to keep abreast of unpatched and zero-day vulnerabilities inside their organization. With so many threats and exploits in the wild, it’s difficult to know which vulnerabilities will result in an actual exploit and cause harm. Making early assessments can help security managers discover possible threats in advance and prioritize vulnerability management.
In a new research study, Recorded Future found that cyber exploits can be anticipated with an accuracy of 83% using open vulnerability data. We used machine learning (ML) and data mining to examine correlations in vulnerability data, which allowed our analysts to find the types of vulnerabilities most likely to be exploited.
We took data from the National Vulnerability Database, CVSS, and Common Weakness Enumeration (CWE) numbers and converted them into a mathematical model that can be used with ML algorithms. Our team examined how different features (e.g., access vector, frequency, severity score) contribute to performance function, and benchmarked multiple ML algorithms to compare their relative performance. Using these methods, we found that it is possible to arrive at an anticipation accuracy of 83%.