In a new proof-of-concept, endpoint security provider Morphisec showed that the Exploit Prediction Scoring System (EPSS), one of the most widely used frameworks for assessing vulnerability exploits, could itself be vulnerable to an AI-powered adversarial attack.
Ido Ikar, a Threat Researcher at Morphisec, published his findings in a blog post on December 18.
He demonstrated how subtle modifications to vulnerability features can alter the EPSS model's predictions and discussed the implications for cybersecurity.
Background on the EPSS Model
The EPSS model was developed by a special interest group within the Forum of Incident Response and Security Teams (FIRST), a non-profit, and made public in April 2020. This group included researchers, practitioners, academics and government personnel who collaborate to improve vulnerability prioritization.
Described as “a groundbreaking model” by Morphisec’s Ikar, EPSS is a framework organizations can use to evaluate the probability that a software vulnerability has been exploited in the wild.
It empowers organizations to prioritize those with the highest exploitation risks and enables them to allocate their resources where they matter most.
EPSS predicts exploitation activity using a set of 1477 features that capture various aspects of each Common Vulnerabilities and Exposures (CVE) entry. These features are fed into a machine learning model called XGBoost, which uses them to predict the probability of exploitation.
Read more: Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS
Manipulating EPSS Output with Adversarial Attack
The objective of Ikar’s proof-of-concept was to manipulate the probability estimate provided as output when using the EPSS for a chosen vulnerability.
To perform his adversarial attack, Ikar artificially inflated probability indicators for this vulnerability to manipulate the model’s output. He chose to target two specific data categories the EPSS model relies on: social media mentions and public code availability.
He tested this technique on an old vulnerability in IBM WebSphere MQ 8.0 (CVE-2017-1235).
“Prior to the attack, the EPSS for CVE-2017-1235 indicated a predicted exploitation probability of 0.1, placing it in the 41st percentile for potential exploitation among all assessed vulnerabilities,” said Ikar. “This relatively low score suggested that, according to the EPSS model, it was not a high-priority target for exploitation based on its existing activity indicators.”
No tags.
