Abstract
Exploitation analysis is vital in evaluating the severity of software vulnerabilities and thus prioritizing the order of patching. Although a few methods have been proposed to predict the exploitability of vulnerabilities, most of them treat this problem as an offline binary classification problem. To suit the real-world data stream applications and provide more fine-grained results for vulnerability evaluation, we believe that it is better to treat the exploitation time prediction problem as a multiclass online learning problem. In this paper, we propose an adaptive online learning framework for exploitation time prediction to tackle the combined challenges posed by online learning, multiclass learning and dynamic class imbalance. Within this framework, we design a Sliding Window Imbalance Factor Technique (SWIFT) to capture the real-time imbalanced statuses and thus to handle the dynamic imbalanced problem. Experimental results on real-world data demonstrate that the proposed framework can improve the predictive performance for both the minority class and the majority class.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Afzaliseresht, N., Miao, Y., Michalska, S., Liu, Q., Wang, H.: From logs to stories: human-centred data mining for cyber threat intelligence. IEEE Access 8, 19089–19099 (2020)
Alazab, M., Tang, M.: Deep Learning Applications for Cyber Security. Springer, Switzerland (2019). https://doi.org/10.1007/978-3-030-13057-2
AlEroud, A., Karabatis, G.: A contextual anomaly detection approach to discover zero-day attacks. In: 2012 International Conference on Cyber Security, pp. 40–45. IEEE (2012)
Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 105–114. ACM (2010)
Cai, T., Li, J., Mian, A.S., Sellis, T., Yu, J.X., et al.: Target-aware holistic influence maximization in spatial social networks. IEEE Trans. Knowl. Data Eng. (2020)
Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)
Eiram, C., Martin, B.: The cvssv2 shortcomings, faults, and failures formulation. In: Technical report, Forum of Incident Response and Security Teams (FIRST) (2013)
Han, Z., Li, X., Xing, Z., Liu, H., Feng, Z.: Learning to predict severity of software vulnerability using only vulnerability description. In: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 125–136. IEEE (2017)
Li, J., Cai, T., Deng, K., Wang, X., Sellis, T., Xia, F.: Community-diversified influence maximization in social networks. Inf. Syst. 92, 101522 (2020)
Li, M., Sun, X., Wang, H., Zhang, Y., Zhang, J.: Privacy-aware access control with trust management in web service. World Wide Web 14(4), 407–430 (2011)
Liu, M., Zhang, X., Chen, Z., Wang, X., Yang, T.: Fast stochastic auc maximization with \( o (1/n) \)-convergence rate. In: International Conference on Machine Learning, pp. 3189–3197 (2018)
Rasool, R.U., Ashraf, U., Ahmed, K., Wang, H., Rafique, W., Anwar, Z.: Cyberpulse: a machine learning based link flooding attack mitigation system for software defined networks. IEEE Access 7, 34885–34899 (2019)
Shen, Y., Zhang, T., Wang, Y., Wang, H., Jiang, X.: Microthings: a generic iot architecture for flexible data aggregation and scalable service cooperation. IEEE Commun. Mag. 55(9), 86–93 (2017)
Tang, M., Alazab, M., Luo, Y.: Big data for cybersecurity: vulnerability disclosure trends and dependencies. IEEE Trans. Big Data 5, 317–329 (2017)
Tavabi, N., Goyal, P., Almukaynizi, M., Shakarian, P., Lerman, K.: Darkembed: exploit prediction with neural language models. In: Thirty-Second AAAI Conference on Artificial Intelligence (2018)
Team, C.: Common vulnerability scoring system v3. 0: Specification document. First. org (2015)
Wang, B., Pineau, J.: Online bagging and boosting for imbalanced data streams. IEEE Trans. Knowl. Data Eng. 28(12), 3353–3366 (2016)
Wang, H., Sun, L., Bertino, E.: Building access control policy model for privacy preserving and testing policy conflicting problems. J. Comput. Syst. Sci. 80(8), 1493–1503 (2014)
Wang, H., Wang, Y., Taleb, T., Jiang, X.: Special issue on security and privacy in network computing. World Wide Web 23(2), 951–957 (2020)
Wang, H., Yi, X., Bertino, E., Sun, L.: Protecting outsourced data in cloud computing through access management. Concurrency Comput. Pract. Exp. 28(3), 600–615 (2016)
Wang, H., Zhang, Z., Taleb, T.: Special issue on security and privacy of iot. World Wide Web 21(1), 1–6 (2018)
Wang, S., Minku, L.L., Yao, X.: A learning framework for online class imbalance learning. In: 2013 IEEE Symposium on Computational Intelligence and Ensemble Learning (CIEL), pp. 36–45. IEEE (2013)
Wang, S., Minku, L.L., Yao, X.: Dealing with multiple classes in online class imbalance learning. In: IJCAI, pp. 2118–2124 (2016)
Wang, S., Yao, X.: Multiclass imbalance problems: analysis and potential solutions. IEEE Trans. Syst. Man Cybern. Part B (Cybernetics) 42(4), 1119–1130 (2012)
Wang, X., Wang, S., Xin, Y., Yang, Y., Li, J., Wang, X.: Distributed pregel-based provenance-aware regular path query processing on RDF knowledge graphs. In: World Wide Web, pp. 1–32 (2019)
Yang, Y., Guan, Z., Li, J., Huang, J., Zhao, W.: Interpretable and efficient heterogeneous graph convolutional network. arXiv preprint arXiv:2005.13183 (2020)
Yin, J., You, M., Cao, J., Wang, H., Tang, M.J., Ge, Y.-F.: Data-driven hierarchical neural network modeling for high-pressure feedwater heater group. In: Borovica-Gajic, R., Qi, J., Wang, W. (eds.) ADC 2020. LNCS, vol. 12008, pp. 225–233. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-39469-1_19
Zhang, F., Wang, Y., Liu, S., Wang, H.: Decision-based evasion attacks on tree ensemble classifiers. In: World Wide Web, pp. 1–21 (2020)
Zhang, J., Li, H., Liu, X., Luo, Y., Chen, F., Wang, H., Chang, L.: On efficient and robust anonymization for privacy protection on massive streaming categorical information. IEEE Trans. Dependable Secure Comput. 14(5), 507–520 (2015)
Zhang, J., Tao, X., Wang, H.: Outlier detection from large distributed databases. World Wide Web 17(4), 539–568 (2014)
Acknowledgment
The first author is partly supported by the Science and Technology Research Program of Chongqing Municipal Education Commission of China (Grant No. KJQN201901306)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yin, J., Tang, M., Cao, J., Wang, H., You, M., Lin, Y. (2020). Adaptive Online Learning for Vulnerability Exploitation Time Prediction. In: Huang, Z., Beek, W., Wang, H., Zhou, R., Zhang, Y. (eds) Web Information Systems Engineering – WISE 2020. WISE 2020. Lecture Notes in Computer Science(), vol 12343. Springer, Cham. https://doi.org/10.1007/978-3-030-62008-0_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-62008-0_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62007-3
Online ISBN: 978-3-030-62008-0
eBook Packages: Computer ScienceComputer Science (R0)