-
Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights
Authors:
Jay Jacobs,
Sasha Romanosky,
Octavian Suciu,
Benjamin Edwards,
Armin Sarabi
Abstract:
The number of disclosed vulnerabilities has been steadily increasing over the years. At the same time, organizations face significant challenges patching their systems, leading to a need to prioritize vulnerability remediation in order to reduce the risk of attacks. Unfortunately, existing vulnerability scoring systems are either vendor-specific, proprietary, or are only commercially available. Mo…
▽ More
The number of disclosed vulnerabilities has been steadily increasing over the years. At the same time, organizations face significant challenges patching their systems, leading to a need to prioritize vulnerability remediation in order to reduce the risk of attacks. Unfortunately, existing vulnerability scoring systems are either vendor-specific, proprietary, or are only commercially available. Moreover, these and other prioritization strategies based on vulnerability severity are poor predictors of actual vulnerability exploitation because they do not incorporate new information that might impact the likelihood of exploitation. In this paper we present the efforts behind building a Special Interest Group (SIG) that seeks to develop a completely data-driven exploit scoring system that produces scores for all known vulnerabilities, that is freely available, and which adapts to new information. The Exploit Prediction Scoring System (EPSS) SIG consists of more than 170 experts from around the world and across all industries, providing crowd-sourced expertise and feedback. Based on these collective insights, we describe the design decisions and trade-offs that lead to the development of the next version of EPSS. This new machine learning model provides an 82\% performance improvement over past models in distinguishing vulnerabilities that are exploited in the wild and thus may be prioritized for remediation.
△ Less
Submitted 15 June, 2023; v1 submitted 27 February, 2023;
originally announced February 2023.
-
Technical Report -- Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits
Authors:
Octavian Suciu,
Connor Nelson,
Zhuoer Lyu,
Tiffany Bao,
Tudor Dumitras
Abstract:
Assessing the exploitability of software vulnerabilities at the time of disclosure is difficult and error-prone, as features extracted via technical analysis by existing metrics are poor predictors for exploit development. Moreover, exploitability assessments suffer from a class bias because "not exploitable" labels could be inaccurate. To overcome these challenges, we propose a new metric, called…
▽ More
Assessing the exploitability of software vulnerabilities at the time of disclosure is difficult and error-prone, as features extracted via technical analysis by existing metrics are poor predictors for exploit development. Moreover, exploitability assessments suffer from a class bias because "not exploitable" labels could be inaccurate. To overcome these challenges, we propose a new metric, called Expected Exploitability (EE), which reflects, over time, the likelihood that functional exploits will be developed. Key to our solution is a time-varying view of exploitability, a departure from existing metrics. This allows us to learn EE using data-driven techniques from artifacts published after disclosure, such as technical write-ups and proof-of-concept exploits, for which we design novel feature sets. This view also allows us to investigate the effect of the label biases on the classifiers. We characterize the noise-generating process for exploit prediction, showing that our problem is subject to the most challenging type of label noise, and propose techniques to learn EE in the presence of noise. On a dataset of 103,137 vulnerabilities, we show that EE increases precision from 49% to 86% over existing metrics, including two state-of-the-art exploit classifiers, while its precision substantially improves over time. We also highlight the practical utility of EE for predicting imminent exploits and prioritizing critical vulnerabilities. We develop EE into an online platform which is publicly available at https://exploitability.app/.
△ Less
Submitted 3 February, 2022; v1 submitted 15 February, 2021;
originally announced February 2021.
-
Exploring Adversarial Examples in Malware Detection
Authors:
Octavian Suciu,
Scott E. Coull,
Jeffrey Johns
Abstract:
The convolutional neural network (CNN) architecture is increasingly being applied to new domains, such as malware detection, where it is able to learn malicious behavior from raw bytes extracted from executables. These architectures reach impressive performance with no feature engineering effort involved, but their robustness against active attackers is yet to be understood. Such malware detectors…
▽ More
The convolutional neural network (CNN) architecture is increasingly being applied to new domains, such as malware detection, where it is able to learn malicious behavior from raw bytes extracted from executables. These architectures reach impressive performance with no feature engineering effort involved, but their robustness against active attackers is yet to be understood. Such malware detectors could face a new attack vector in the form of adversarial interference with the classification model. Existing evasion attacks intended to cause misclassification on test-time instances, which have been extensively studied for image classifiers, are not applicable because of the input semantics that prevents arbitrary changes to the binaries. This paper explores the area of adversarial examples for malware detection. By training an existing model on a production-scale dataset, we show that some previous attacks are less effective than initially reported, while simultaneously highlighting architectural weaknesses that facilitate new attack strategies for malware classification. Finally, we explore how generalizable different attack strategies are, the trade-offs when aiming to increase their effectiveness, and the transferability of single-step attacks.
△ Less
Submitted 13 April, 2019; v1 submitted 18 October, 2018;
originally announced October 2018.
-
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
Authors:
Ali Shafahi,
W. Ronny Huang,
Mahyar Najibi,
Octavian Suciu,
Christoph Studer,
Tudor Dumitras,
Tom Goldstein
Abstract:
Data poisoning is an attack on machine learning models wherein the attacker adds examples to the training set to manipulate the behavior of the model at test time. This paper explores poisoning attacks on neural nets. The proposed attacks use "clean-labels"; they don't require the attacker to have any control over the labeling of training data. They are also targeted; they control the behavior of…
▽ More
Data poisoning is an attack on machine learning models wherein the attacker adds examples to the training set to manipulate the behavior of the model at test time. This paper explores poisoning attacks on neural nets. The proposed attacks use "clean-labels"; they don't require the attacker to have any control over the labeling of training data. They are also targeted; they control the behavior of the classifier on a $\textit{specific}$ test instance without degrading overall classifier performance. For example, an attacker could add a seemingly innocuous image (that is properly labeled) to a training set for a face recognition engine, and control the identity of a chosen person at test time. Because the attacker does not need to control the labeling function, poisons could be entered into the training set simply by leaving them on the web and waiting for them to be scraped by a data collection bot.
We present an optimization-based method for crafting poisons, and show that just one single poison image can control classifier behavior when transfer learning is used. For full end-to-end training, we present a "watermarking" strategy that makes poisoning reliable using multiple ($\approx$50) poisoned training instances. We demonstrate our method by generating poisoned frog images from the CIFAR dataset and using them to manipulate image classifiers.
△ Less
Submitted 10 November, 2018; v1 submitted 2 April, 2018;
originally announced April 2018.
-
Technical Report: When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks
Authors:
Octavian Suciu,
Radu Mărginean,
Yiğitcan Kaya,
Hal Daumé III,
Tudor Dumitraş
Abstract:
Recent results suggest that attacks against supervised machine learning systems are quite effective, while defenses are easily bypassed by new attacks. However, the specifications for machine learning systems currently lack precise adversary definitions, and the existing attacks make diverse, potentially unrealistic assumptions about the strength of the adversary who launches them. We propose the…
▽ More
Recent results suggest that attacks against supervised machine learning systems are quite effective, while defenses are easily bypassed by new attacks. However, the specifications for machine learning systems currently lack precise adversary definitions, and the existing attacks make diverse, potentially unrealistic assumptions about the strength of the adversary who launches them. We propose the FAIL attacker model, which describes the adversary's knowledge and control along four dimensions. Our model allows us to consider a wide range of weaker adversaries who have limited control and incomplete knowledge of the features, learning algorithms and training instances utilized. To evaluate the utility of the FAIL model, we consider the problem of conducting targeted poisoning attacks in a realistic setting: the crafted poison samples must have clean labels, must be individually and collectively inconspicuous, and must exhibit a generalized form of transferability, defined by the FAIL model. By taking these constraints into account, we design StingRay, a targeted poisoning attack that is practical against 4 machine learning applications, which use 3 different learning algorithms, and can bypass 2 existing defenses. Conversely, we show that a prior evasion attack is less effective under generalized transferability. Such attack evaluations, under the FAIL adversary model, may also suggest promising directions for future defenses.
△ Less
Submitted 8 March, 2019; v1 submitted 19 March, 2018;
originally announced March 2018.
-
Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning
Authors:
Rock Stevens,
Octavian Suciu,
Andrew Ruef,
Sanghyun Hong,
Michael Hicks,
Tudor Dumitraş
Abstract:
Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency. However, by cleverly corrupting a subset of data used as input to a target's ML algorithms, an adversary can perturb outcomes and compromise the effectiveness of ML technol…
▽ More
Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency. However, by cleverly corrupting a subset of data used as input to a target's ML algorithms, an adversary can perturb outcomes and compromise the effectiveness of ML technology. While prior work in the field of adversarial machine learning has studied the impact of input manipulation on correct ML algorithms, we consider the exploitation of bugs in ML implementations. In this paper, we characterize the attack surface of ML programs, and we show that malicious inputs exploiting implementation bugs enable strictly more powerful attacks than the classic adversarial machine learning techniques. We propose a semi-automated technique, called steered fuzzing, for exploring this attack surface and for discovering exploitable bugs in machine learning programs, in order to demonstrate the magnitude of this threat. As a result of our work, we responsibly disclosed five vulnerabilities, established three new CVE-IDs, and illuminated a common insecure practice across many machine learning systems. Finally, we outline several research directions for further understanding and mitigating this threat.
△ Less
Submitted 17 January, 2017;
originally announced January 2017.
-
739 observed NEAs and new 2-4m survey statistics within the EURONEAR network
Authors:
O. Vaduvescu,
M. Birlan,
A. Tudorica,
M. Popescu,
F. Colas,
D. J. Asher,
A. Sonka,
O. Suciu,
D. Lacatus,
A. Paraschiv,
T. Badescu,
O. Tercu,
A. Dumitriu,
A. Chirila,
B. Stecklum,
J. Licandro,
A. Nedelcu,
E. Turcu,
F. Vachier,
L. Beauvalet,
F. Taris,
L. Bouquillon,
F. Pozo Nunez,
J. P. Colque Saavedra,
E. Unda-Sanzana
, et al. (14 additional authors not shown)
Abstract:
We report follow-up observations of 477 program Near-Earth Asteroids (NEAs) using nine telescopes of the EURONEAR network having apertures between 0.3 and 4.2 m. Adding these NEAs to our previous results we now count 739 program NEAs followed-up by the EURONEAR network since 2006. The targets were selected using EURONEAR planning tools focusing on high priority objects. Analyzing the resulting orb…
▽ More
We report follow-up observations of 477 program Near-Earth Asteroids (NEAs) using nine telescopes of the EURONEAR network having apertures between 0.3 and 4.2 m. Adding these NEAs to our previous results we now count 739 program NEAs followed-up by the EURONEAR network since 2006. The targets were selected using EURONEAR planning tools focusing on high priority objects. Analyzing the resulting orbital improvements suggests astrometric follow-up is most important days to weeks after discovery, with recovery at a new opposition also valuable. Additionally we observed 40 survey fields spanning three nights covering 11 sq. degrees near opposition, using the Wide Field Camera on the 2.5m Isaac Newton Telescope (INT), resulting in 104 discovered main belt asteroids (MBAs) and another 626 unknown one-night objects. These fields, plus program NEA fields from the INT and from the wide field MOSAIC II camera on the Blanco 4m telescope, generated around 12,000 observations of 2,000 minor planets (mostly MBAs) observed in 34 square degrees. We identify Near Earth Object (NEO) candidates among the unknown (single night) objects using three selection criteria. Testing these criteria on the (known) program NEAs shows the best selection methods are our epsilon-miu model which checks solar elongation and sky motion and the MPC's NEO rating tool. Our new data show that on average 0.5 NEO candidates per square degree should be observable in a 2m-class survey (in agreement with past results), while an average of 2.7 NEO candidates per square degree should be observable in a 4m-class survey (although our Blanco statistics were affected by clouds). At opposition just over 100 MBAs (1.6 unknown to every 1 known) per square degree are detectable to R=22 in a 2m survey based on the INT data, while our two best ecliptic Blanco fields away from opposition lead to 135 MBAs (2 unknown to every 1 known) to R=23.
△ Less
Submitted 26 August, 2013;
originally announced August 2013.
-
Mining the ESO WFI and INT WFC archives for known Near Earth Asteroids. Mega-Precovery software
Authors:
O. Vaduvescu,
M. Popescu,
I. Comsa,
A. Paraschiv,
D. Lacatus,
A. Sonka,
A. Tudorica,
M. Birlan,
O. Suciu,
F. Char,
M. Constantinescu,
T. Badescu,
M. Badea,
D. Vidican,
C. Opriseanu
Abstract:
The ESO/MPG WFI and the INT WFC wide field archives comprising 330,000 images were mined to search for serendipitous encounters of known Near Earth Asteroids (NEAs) and Potentially Hazardous Asteroids (PHAs). A total of 152 asteroids (44 PHAs and 108 other NEAs) were identified using the PRECOVERY software, their astrometry being measured on 761 images and sent to the Minor Planet Centre. Both rec…
▽ More
The ESO/MPG WFI and the INT WFC wide field archives comprising 330,000 images were mined to search for serendipitous encounters of known Near Earth Asteroids (NEAs) and Potentially Hazardous Asteroids (PHAs). A total of 152 asteroids (44 PHAs and 108 other NEAs) were identified using the PRECOVERY software, their astrometry being measured on 761 images and sent to the Minor Planet Centre. Both recoveries and precoveries were reported, including prolonged orbital arcs for 18 precovered objects and 10 recoveries. We analyze all new opposition data by comparing the orbits fitted before and after including our contributions. We conclude the paper presenting Mega-Precovery, a new online service focused on data mining of many instrument archives simultaneously for one or a few given asteroids. A total of 28 instrument archives have been made available for mining using this tool, adding together about 2.5 million images forming the Mega-Archive.
△ Less
Submitted 29 January, 2013;
originally announced January 2013.