Classifying Web Exploits with Topic Modeling

This short empirical paper investigates how well topic modeling and database meta-data characteristics can classify web and other proof-of-concept (PoC) exploits for publicly disclosed software vulnerabilities. By using a dataset comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is obtained in the empirical experiment. Text mining and topic modeling are a significant boost factor behind this classification performance. In addition to these empirical results, the paper contributes to the research tradition of enhancing software vulnerability information with text mining, providing also a few scholarly observations about the potential for semi-automatic classification of exploits in the existing tracking infrastructures.Comment: Proceedings of the 2017 28th International Workshop on Database and Expert Systems Applications (DEXA). http://ieeexplore.ieee.org/abstract/document/8049693

MedDevRisk: Risk Analysis Methodology for Networked Medical Devices

The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigation into the application of risk assessment frame works, i.e., STRIDE, Common Vulnerabilities and Exposures, and a Common Vulnerability Scoring System to identified networked medical devices that are currently employed in an operational medical simulation lab. The contribution of this research is twofold and culminates in a novel proof-of-concept system known as MedDevRisk. First, it demonstrates an approach to incorporating existing threat models into a relational database schema based on Threat-Vulnerability-Asset (TVA) relationships. Second, it provides an initial empirical analysis of the risk associated with networked medical devices along with providing the foundation for future research

Cybersecurity Risk Assessment Framework for Externally Exposed Energy Delivery Systems

Securing the energy delivery system (EDS) from complex, nonlinear, and evolving cyber threats requires a complex set of changing and interwoven classes of technologies, policies, relationships, and personnel. One key area in this technological milieu is assessment methodologies to compare information, gathered by a variety of means, about networked devices with publicly known possible threat information about said devices. This information is used to generate risk-based characterizations that allow for the adjudication and proper corresponding management action chains to be assigned. \color{blue}To address the current cybersecurity needs in the operational technology (OT) domain, we developed a novel relative-risk assessment framework and a software application called MEEDS that can detect exposed OT systems. This paper presents the detailed architecture of relative-risk assessment framework methodology and its integral role in the MEEDS software. The efficacy of the presented framework is demonstrated by testing with the real-world systems and vulnerabilities pertaining to the industrial control systems (ICS) in critical infrastructures

Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software

A Framework For Classification Software Security Using Common Vulnerabilities And Exposures

The main research aim is to investigate what information is necessary to make a formal vulnerability pattern representation.This is done through the usage of formal Backus-Naur-Form syntax for the execution and presented with newly created vulnerability flow diagram.Some future works were also proposed to further enhance the elements in the secured soft-ware process framework.This thesis focuses on the research and development of the design, formalization and translation of the vulnerability classification pattern through a framework using common vulnerabilities and exposures data.To achieve this aim, the following work was carried out.First step is to create and conceptualized necessary meta-process.Second step is to specify the relationship between the classifiers and vulnerability classification pat-terns. This inclusive of the investigation of vulnerability classification objectives,processes,classifiers and focus domains among prominent framework.Final step is to construct the framework by establishing the formal presentation of the vulnerability classification algo-rithm.The validation process was conducted empirically using statistical method to assess the accuracy and consistency by using the precision and recall rate of the algorithm on five data sets each with 500 samples.The findings show a significant result with precision's error rate or p value is between 0.01 and 0.02 with error rate for recall's error rate is between 0.02 and 0.04.Another validation was conducted to verify the correctness of the classification by using expert opinions,and the results showed that the ambiguity of several cases were subdue. Formal-based classification framework with notation may increase accuracy and vi-sualization compared with hierarchy-tree only,but the conclusion remains tentative because of methodological limitation in the studies

Continuous Monitoring System Based on Systems\u27 Environment

We present a new framework (and its mechanisms) of a Continuous Monitoring System (CMS) having new improved capabilities, and discuss its requirements and implications. The CMS is based on the real-time actual configuration of the system and the environment rather than a theoretic or assumed configuration. Moreover, the CMS predicts organizational damages taking into account chains of impacts among systems\u27 components generated by messaging among software components. In addition, the CMS takes into account all organizational effects of an attack. Its risk measurement takes into account the consequences of a threat, as defines in risk analysis standards. Loss prediction is based on a neural network algorithm with learning and improving capabilities, rather than a fixed algorithm which typically lacks the necessary environmental dynamic updates. Framework presentation includes systems design, neural network architecture design, and an example of the detailed network architecture. Keywords: Continuous Monitoring, Computer security, Attack graph, Software vulnerability, Risk management, Impact propagation, Cyber attack, Configuration managemen

Economic Factors of Vulnerability Trade and Exploitation

Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table