In a brand new proof-of-concept, endpoint safety supplier Morphisec confirmed that the Exploit Prediction Scoring System (EPSS), some of the extensively used frameworks for assessing vulnerability exploits, may itself be weak to an AI-powered adversarial assault.
Ido Ikar, a Menace Researcher at Morphisec, revealed his findings in a weblog submit on December 18.
He demonstrated how delicate modifications to vulnerability options can alter the EPSS mannequin’s predictions and mentioned the implications for cybersecurity.
Background on the EPSS Mannequin
The EPSS mannequin was developed by a particular curiosity group throughout the Discussion board of Incident Response and Safety Groups (FIRST), a non-profit, and made public in April 2020. This group included researchers, practitioners, lecturers and authorities personnel who collaborate to enhance vulnerability prioritization.
Described as “a groundbreaking mannequin” by Morphisec’s Ikar, EPSS is a framework organizations can use to judge the likelihood {that a} software program vulnerability has been exploited within the wild.
It empowers organizations to prioritize these with the very best exploitation dangers and allows them to allocate their sources the place they matter most.
EPSS predicts exploitation exercise utilizing a set of 1477 options that seize varied facets of every Widespread Vulnerabilities and Exposures (CVE) entry. These options are fed right into a machine studying mannequin known as XGBoost, which makes use of them to foretell the likelihood of exploitation.
Read more: Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS
Manipulating EPSS Output with Adversarial Assault
The target of Ikar’s proof-of-concept was to govern the likelihood estimate supplied as output when utilizing the EPSS for a selected vulnerability.
To carry out his adversarial assault, Ikar artificially inflated likelihood indicators for this vulnerability to govern the mannequin’s output. He selected to focus on two particular knowledge classes the EPSS mannequin depends on: social media mentions and public code availability.
He examined this method on an previous vulnerability in IBM WebSphere MQ 8.0 (CVE-2017-1235).
“Previous to the assault, the EPSS for CVE-2017-1235 indicated a predicted exploitation likelihood of 0.1, inserting it within the forty first percentile for potential exploitation amongst all assessed vulnerabilities,” mentioned Ikar. “This comparatively low rating recommended that, in keeping with the EPSS mannequin, it was not a high-priority goal for exploitation primarily based on its current exercise indicators.”
He additionally famous that he chosen a vulnerability for which no exploit code was out there on GitHub and that had minimal mentions on X.
“This allowed me to raised assess the impression of artificially rising these indicators,” he defined.
First, Ikar generated random tweets discussing CVE-2017-1235 utilizing ChatGPT. These tweets have been meant to imitate genuine mentions of the vulnerability and improve its social media exercise rating in EPSS.
Second, he created a GitHub repository labeled ‘CVE-2017-1235_exploit,’ which contained a easy, empty Python file with no precise exploit performance.
Following the injection of synthetic exercise via generated social media posts and the creation of a placeholder exploit repository, the EPSS mannequin’s predicted likelihood for exploitation elevated from 0.1 to 0.14. Moreover, the percentile rating of the vulnerability rose from the forty first percentile to the 51st percentile, pushing it above the median degree of perceived risk.
EPSS Alone Weak to Assaults
Ikar commented: “The outcomes spotlight a possible vulnerability within the EPSS mannequin itself. For the reason that mannequin depends on exterior indicators like social media mentions and public repositories, it may be vulnerable to manipulation. Attackers may exploit this by artificially inflating the exercise metrics of particular CVEs, doubtlessly misguiding organizations that rely on EPSS scores to prioritize their vulnerability administration efforts.”
Nonetheless, he additionally famous that this was solely a proof-of-concept and that additional exploration is required. “It stays to be seen how strong these adjustments are over time or whether or not extra mannequin safeguards might be carried out to detect such synthetic patterns,” he added.
But, the researcher believes that this profitable experiment ought to immediate organizations to undertake a proactive strategy when utilizing EPSS by constantly monitoring likelihood scores and complementing the usage of EPSS with different metrics and threat evaluation procedures.
“Any important adjustments in these scores ought to immediate a deeper investigation to grasp the underlying causes and assess whether or not the shift is respectable or doubtlessly manipulated. Counting on a number of knowledge factors and cross-referencing mannequin outputs ensures a extra complete and strong decision-making course of,” he concluded.
This experiment additionally highlighted that each one machine studying and AI fashions will be weak.
Read now: Beyond Disclosure – Transforming Vulnerability Data Into Actionable Security
