Abstract
NVD and Exploit-DB are the de facto standard databases used for research on vulnerabilities, and the CVSS score is the standard measure for risk. On open question is whether such databases and scores are actually representative of attacks found in the wild. To address this question we have constructed a database (EKITS) based on the vulnerabilities currently used in exploit kits from the black market and extracted another database of vulnerabilities from Symantec's Threat Database (SYM). Our final conclusion is that the NVD and EDB databases are not a reliable source of information for exploits in the wild, even after controlling for the CVSS and exploitability subscore. An high or medium CVSS score shows only a significant sensitivity (i.e. prediction of attacks in the wild) for vulnerabilities present in exploit kits (EKITS) in the black market. All datasets exhibit a low specificity.
| Original language | English |
|---|---|
| Title of host publication | BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security |
| Pages | 17-24 |
| Number of pages | 8 |
| DOIs | |
| Publication status | Published - 2012 |
| Externally published | Yes |
| Event | 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012 - Raleigh, NC, United States Duration: 15 Oct 2012 → 15 Oct 2012 |
Conference
| Conference | 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012 |
|---|---|
| Country/Territory | United States |
| City | Raleigh, NC |
| Period | 15/10/12 → 15/10/12 |
Keywords
- CVSS
- Security metrics
- Vulnerability datasets