Visible to the public Predicting the Difficulty of Compromise through How Attackers Discover VulnerabilitiesConflict Detection Enabled

Submitted by najmeri on Tue, 03/24/2020 - 3:50pm

PI(s), Co-PI(s), Researchers:

PI: Andrew Meneely; Co-PI: Laurie Williams; Researchers: Nuthan Munaiah and Nasif Imtiaz

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

  • Metrics

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

  • None

KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

  • We collated the vulnerability reports from CPTC 2019 and found a total of 67 vulnerabilities reported from the teams. We are in the process of constructing timelines from those vulnerabilities using the techniques we developed on studying CPTC 2018 data.
  • We have begun work on a model to assist in helping tag the timeline according to the MITRE ATT&CK framework. Our initial model trained on the CPTC 2019 data had an F1 measure of 59%, meaning that it is likely that we will be able to construct a robust model to assist in mapping timeline events to the MITRE ATT&CK framework, improving curation efforts.

COMMUNITY ENGAGEMENT

  • None

EDUCATIONAL ADVANCES:

  • None.
Groups: