Predicting the exploitability of vulnerabilities

Everyday, hundreds of new vulnerabilities are discovered and disclosed to the users of the systems they affect. The sheer volume of vulnerabilities makes it difficult, if not impossible, for system administrators to rapidly address every vulnerability. Furthermore, research shows that only 5% of vulnerabilities are eventually exploited. This situation brings about a need to prioritize some vulnerabilities over others, with the vulnerabilities most likely to be exploited treated as priorities. Existing approaches to these vulnerabilities are inadequate because they rely on information that may be unavailable at the time the vulnerability is publicized. In this project, we endeavor to develop a vulnerability prioritization algorithm that only relies upon information available on the day the vulnerability is disclosed, and fills in missing data using ML.

Zakeya Namrud
Superviseur universitaire: 
Raphaël Khoury
Partner University: