Seventh RBCDSAI LatentView Colloquium
Topic: VEST: Vulnerability Exploitation Scoring & Timing
We consider the problem of predicting cyber-attacks based on known Common Vulnerability & Exposure (CVE) numbers. Given a CVE, we wish to answer 3 questions: (i) Will the CVE be exploited by malicious hackers? (ii) If so, when? (iii) How severe will the attack be? The answers to these questions are critical for almost all companies with significant software/hardware investments, for manufacturers of those software/hardware components, and for governments of the nations involved. In this talk, I will primarily focus on when a vulnerability will be exploited. Using a 23-month dataset gleaned from 5 sources, I will present a novel family of CART (CVE-Author-Reddit-Tweet) graphs. Each CART graph has a massive associated system of recursive equations whose solution yields ``popularity scores’’ for the CVE-Author-Reddit-Tweet nodes in the graph. Using these scores for different CART graphs, we show a model that can predict when a vulnerability will be exploited – and we will use real world case studies to illustrate the efficacy of the approach. The talk will briefly describe progress on problems (i) and (iii) as well.
V.S. Subrahmanian is the Walter P. Murphy Professor of Computer Science and Buffet Faculty Fellow in the Buffet Institute of Global Affairs at Northwestern University. He was previously the Dartmouth College Distinguished Professor in Cybersecurity, Technology, and Society and Director of the Institute for Security, Technology, and Society at Dartmouth. Earlier, served as a Professor of Computer Science at the University of Maryland from 1989-2017 where he also served for 6+ years as Director of the University of Maryland's Institute for Advanced Computer Studies. Prof. Subrahmanian is one of the world’s foremost experts at the intersection of AI and security issues. He pioneered the development of machine learning and AI-based techniques to analyze counter-terrorism, cybersecurity, text, geospatial, and social network based data in order to generate forecasts of various types of outcomes. He has written eight books, edited ten, and published over 300 refereed articles. He is an elected Fellow of the American Association for the Advancement of Science and the Association for the Advancement of Artificial Intelligence and received numerous other honors and awards. His work has been featured in numerous outlets such as the Baltimore Sun, the Economist, the Wall Street Journal, Science, Nature, the Washington Post, American Public Media and more. He serves on the editorial boards of numerous journals including Science, and currently serves on the Board of Directors of SentiMetrix, Inc. and on the Research Advisory Board of Tata Consultancy Services. He previously served on the Board of Directors of the Development Gateway Foundation (set up by the World Bank), DARPA's Executive Advisory Council on Advanced Logistics and as an ad-hoc member of the US Air Force Science Advisory Board.