In an era where cyber threats are growing in both volume and sophistication, risk management has become a cornerstone of effective organizational defense. Risk management involves identifying, assessing, and prioritizing potential threats, enabling organizations to allocate their resources where they matter most. The ultimate goal is to minimize potential losses while maintaining business continuity and operational resilience.
Introduction
At the heart of risk management lies the challenge of balancing proactive measures with efficient resource allocation. Cybersecurity teams are often inundated with vulnerability data, making it difficult to determine which issues to address first. This is where predictive tools play a pivotal role by providing actionable insights. By analyzing vast amounts of data, these tools help organizations focus on the most critical threats, enhancing their ability to mitigate risk effectively.
One such predictive tool is the Exploit Prediction Scoring System (EPSS). EPSS is designed to estimate the likelihood of a known software vulnerability being exploited "in the wild." By assigning probabilities to vulnerabilities, it empowers organizations to prioritize those with the highest exploitation risks, integrating seamlessly into their broader risk management strategies.
However, while AI models like EPSS are advancing rapidly, AI security is struggling to keep pace. This gap creates vulnerabilities that adversaries can exploit, raising significant concerns about the reliability of AI-driven tools. As with any machine learning model, EPSS is not immune to potential manipulation.
Adversarial attacks—small, often imperceptible adjustments to input data—can sometimes mislead predictive models, impacting the reliability of their outputs. Such attacks are well-documented in fields like image recognition but remain relatively unexplored in cybersecurity-focused models like EPSS. This raises an essential question: could adversarial inputs affect how EPSS evaluates risk, potentially skewing vulnerability prioritization?
In this blog post, I’ll walk you through my journey of executing a successful adversarial attack on the EPSS model, demonstrating how subtle modifications to vulnerability features can alter the model's predictions. I’ll discuss the methods I used, the challenges I faced, and the implications this has for cybersecurity at large.
What is the EPSS Model?
The Exploit Prediction Scoring System (EPSS) is a groundbreaking model developed to assist cybersecurity teams in vulnerability management. Developed through a collaboration of industry experts, EPSS provides a score indicating the likelihood that a specific software vulnerability will be exploited in the near future.
By leveraging a mix of historical data on exploits, vulnerability characteristics, and machine learning techniques, EPSS helps prioritize which vulnerabilities need immediate attention, potentially reducing the time and resources required to manage and mitigate risks.
How Does EPSS Work?
EPSS predicts exploitation activity using a set of 1,477 features that capture various aspects of each CVE. These features are fed into a machine learning model (specifically, XGBoost), which uses them to predict the probability of exploitation.
Here’s an overview of some key categories of data and features that EPSS leverages:
- Published Exploit Code: EPSS considers the availability of public exploit code as a predictor of exploitation. This data is collected from sources like Exploit-DB, GitHub, and Metasploit, which together catalog thousands of Common Vulnerabilities and Exposures (CVEs) with known exploit code.
- Public Vulnerability Lists: The model includes indicators for CVEs listed on popular vulnerability lists and advisories, such as Google Project Zero’s Zero-day List, Trend Micro’s Zero Day Initiative (ZDI) and CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
- Social Media Mentions: The model accounts for the frequency of CVE mentions on Twitter within specific time windows (7, 30, and 90 days).
- Offensive Security Tools: EPSS captures data on vulnerabilities scanned by offensive security tools commonly used in penetration testing, such as Nuclei, Jaeles, Intrigue, and Sn1per.
- References in Vulnerability Databases: The number and types of references listed for each CVE in the MITRE CVE database and the National Vulnerability Database (NVD) provide context on a vulnerability’s relevance. EPSS tracks counts for 16 reference tags, including Vendor Advisory, Third Party Advisory, Patch, Exploit, Issue Tracking, and more.
- Keyword Descriptions: EPSS uses keywords describing the vulnerability type and impact, such as “remote attacker,” “web,” “code execution,” “denial of service,” and “authenticated.” These keywords help capture the nature and potential risks associated with each vulnerability.
- CVSS Metrics: CVSS (Common Vulnerability Scoring System) base metrics describe the exploitability of a vulnerability, including factors such as attack vector, attack complexity, privilege required, user interaction, and scope. Additionally, EPSS includes confidentiality, integrity, and availability metrics, representing potential impacts if exploited.
- Common Weakness Enumeration (CWE): CWE categories classify vulnerabilities by specific weakness types (e.g., buffer overflows, SQL injection). EPSS uses 186 CWE identifiers as binary features, enabling it to capture the exploitability trends of various vulnerability types.
- Vendor Information: EPSS includes features related to vendors associated with vulnerabilities, based on data from the Common Platform Enumeration (CPE).
- Age of a Vulnerability: The age of a vulnerability, calculated as the time since its publication, may impact its likelihood of exploitation.
The Adversarial Attack
Let’s explore the mechanics of the adversarial attack on the EPSS model. By leveraging specific features that the EPSS model uses for exploitation prediction, I was able to manipulate its probability estimate for a chosen vulnerability.
Attack Strategy and Feature Exploitation
The attack targeted two key features in EPSS’s feature set: social media mentions and public code availability. EPSS includes these features since activity in these areas—such as discussions on Twitter or the presence of exploit code on platforms like GitHub—can indicate a heightened risk of exploitation. By artificially inflating these indicators, I aimed to influence the model’s output.
It’s important to highlight that the Published Exploit Code feature is a binary indicator that simply reflects the existence of any exploit code, regardless of the quantity or quality of the content. Therefore, when selecting a CVE to test the attack, I specifically chose one for which no exploit code was available on GitHub and that had minimal mentions on Twitter. This allowed me to better assess the impact of artificially increasing these signals.
Targeted CVE
For this attack, I selected the CVE-2017-1235 vulnerability as the target. This vulnerability was used as a case study to observe how changes in related activity metrics might influence the EPSS model’s prediction.
Prior to the attack, the EPSS for CVE-2017-1235 indicated a predicted exploitation probability of 0.1, placing it in the 41st percentile for potential exploitation among all assessed vulnerabilities. This relatively low score suggested that, according to the EPSS model, it was not a high-priority target for exploitation based on its existing activity indicators.
Social Media Manipulation
I generated random tweets discussing CVE-2017-1235 using ChatGPT. These tweets were intended to mimic authentic mentions of the vulnerability and aimed to increase its social media activity score in EPSS.
Public Code Presence
In addition, I created a GitHub repository labeled “CVE-2017-1235_exploit.” The repository contained a simple, empty Python file, which technically provided no exploit functionality.
The Results
The attack produced a noticeable impact on the EPSS model’s evaluation of CVE-2017-1235. Following the injection of artificial activity through generated social media posts and the creation of a placeholder exploit repository, the model's predicted probability for exploitation increased from 0.1 to 0.14. Additionally, the percentile ranking of the vulnerability rose from the 41st percentile to the 51st percentile, pushing it above the median level of perceived threat.
The results highlight a potential vulnerability in the EPSS model itself. Since the model relies on external signals like social media mentions and public repositories, it can be susceptible to manipulation. Attackers could exploit this by artificially inflating the activity metrics of specific CVEs, potentially misguiding organizations that depend on EPSS scores to prioritize their vulnerability management efforts.
While this experiment successfully influenced the EPSS model, it remains to be seen how robust these changes are over time or whether additional model safeguards could be implemented to detect such artificial patterns. Further exploration is needed to understand the thresholds at which activity signals trigger significant changes in EPSS predictions and to explore potential defenses against such adversarial attacks.
It is important to acknowledge the possibility that factors unrelated to the attack could have contributed to the observed changes. However, a review of the change history of CVE-2017-1235 prior to the attack showed only a single modification in its probability score, which occurred more than a year before our intervention. This historical stability makes it unlikely that other coincidental factors were responsible for the sudden change observed immediately following my manipulation.
Conclusion
Organizations should adopt a proactive approach when using EPSS by consistently monitoring probability scores. Any significant changes in these scores should prompt a deeper investigation to understand the underlying reasons and assess whether the shift is legitimate or potentially manipulated. This level of scrutiny ensures that organizations are not reacting to false signals, which could divert resources away from actual threats.
In general, it’s crucial to recognize that machine learning models, while powerful, are not immune. Just as in the cyber domain where it is standard practice to assume that adversaries are always attempting to exploit vulnerabilities, organizations should similarly treat predictive models with a similar mindset—acknowledging that models themselves can be influenced or exploited. By treating model outputs as valuable but not infallible indicators, organizations can better anticipate risks and make more resilient security decisions.
Furthermore, while EPSS provides an important tool for prioritizing vulnerabilities, it should not be the sole metric guiding an organization’s actions. Effective vulnerability management requires a holistic approach that incorporates other factors such as the criticality of the systems affected, the organization’s specific threat landscape, and the potential business impact of an exploit.
Relying on multiple data points and cross-referencing model outputs ensures a more comprehensive and robust decision-making process.
How Morphisec Can Help
In today's evolving threat landscape, staying ahead of sophisticated attack techniques requires more than reactive measures—it demands proactive, intelligent, and adaptive strategies.
Morphisec’s Adaptive Exposure Management delivers exactly that, combining cutting-edge Automated Moving Target Defense (AMTD) technology with robust risk management capabilities. By enabling practitioners to prioritize vulnerabilities, uncover hidden risks, and continuously adapt to emerging threats, Morphisec empowers organizations to achieve true cyber resilience.
With benefits like assured protection, reduced costs, enhanced visibility, and a strengthened cybersecurity posture, Morphisec provides a comprehensive solution for organizations looking to outsmart increasingly sophisticated attacks. Its ability to address AI-enabled threats and safeguard legacy systems ensures that organizations remain prepared for the challenges of today and tomorrow.
As the stakes continue to rise, the shift from reactive to proactive security is no longer optional—it’s essential. With Morphisec, organizations gain the tools and confidence to anticipate, adapt, and stay secure in the face of any cyber threat.
.png?width=571&height=160&name=iso27001-(2).png)