A framework for zero-day vulnerabilities detection and prioritization

Abstract

Nowadays highly-skilled attackers can find the vulnerabilities of many networked applications. Meanwhile, the risk of a data breach increases dramatically as a software or application vulnerability always remains without a patch. By exploiting such vulnerability (called zero-day), hackers gain entry to the target network and can steal sensitive data. It is challenging to detect zero-day with traditional defenses because signature information in zero-day attacks is unknown. Consequently, a novel security solution is required that will discover zero-day attacks and estimate the severity of identified zero-day vulnerability. In this paper, we propose a framework that constitutes an integrated approach for detection and prioritization (based on likelihood) of zero-day attacks. The proposed framework follows a probabilistic approach for identification of the zero-day attack path and further to rank the severity of identified zero-day vulnerability. It is a hybrid detection-based technique that detects unknown flaws present in the network that are not detected yet. To evaluate the performance of the proposed framework, we adopted it in the network environment of Vikram university campus, India. The framework is very promising as experimental results showed detection rate of 96% for zero-day attacks with 0.3% false positive rate.