查看文章

The existing methods for assessing the likelihood of exploitation for software vulnerabilities are found to have many limitationpreventing them from being useful tools for prioritization of vulnerability remediation. We present a method that combines social network analysis with machine learning techniques to predict the vulnerability exploitability. Our method harnesses features based on user connectivity in darkweb/deepweb sites as well as features derived from the vulnerability data. Our results suggest that the features computed from the user social connections are highly indicative of future cyber attacks. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structure related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.