Automated CVE Analysis for Threat Prioritization and Impact Prediction

TL;DR

This paper presents CVEDrill, an automated tool that predicts CVSS scores and classifies CVEs into CWE categories, significantly improving the speed and accuracy of vulnerability analysis for cybersecurity threat prioritization.

Contribution

Introduction of CVEDrill, a novel predictive model and tool that automates CVE analysis, enhancing threat prioritization and impact prediction beyond existing manual and automated methods.

Findings

CVEDrill achieves high accuracy in CVSS vector prediction.

Automates CWE classification for CVEs effectively.

Outperforms state-of-the-art tools like ChatGPT in threat analysis.

Abstract

The Common Vulnerabilities and Exposures (CVE) are pivotal information for proactive cybersecurity measures, including service patching, security hardening, and more. However, CVEs typically offer low-level, product-oriented descriptions of publicly disclosed cybersecurity vulnerabilities, often lacking the essential attack semantic information required for comprehensive weakness characterization and threat impact estimation. This critical insight is essential for CVE prioritization and the identification of potential countermeasures, particularly when dealing with a large number of CVEs. Current industry practices involve manual evaluation of CVEs to assess their attack severities using the Common Vulnerability Scoring System (CVSS) and mapping them to Common Weakness Enumeration (CWE) for potential mitigation identification. Unfortunately, this manual analysis presents a major bottleneck in the vulnerability analysis process, leading to slowdowns in proactive cybersecurity efforts and the potential for inaccuracies due to human errors. In this research, we introduce our novel predictive model and tool (called CVEDrill) which revolutionizes CVE analysis and threat prioritization. CVEDrill accurately estimates the CVSS vector for precise threat mitigation and priority ranking and seamlessly automates the classification of CVEs into the appropriate CWE hierarchy classes. By harnessing CVEDrill, organizations can now implement cybersecurity countermeasure mitigation with unparalleled accuracy and timeliness, surpassing in this domain the capabilities of state-of-the-art tools like ChaptGPT.