Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Predicting IoT Device Vulnerability Fix Times with Survival and Failure Time Models

Carlos A Rivera A, Xinzhang Chen, Arash Shaghaghi, Gustavo Batista, Salil Kanhere

TL;DR

The paper addresses predicting the $time\text{-to}\text{-fix}$ for IoT vulnerabilities to improve patch management. It proposes a survival-analysis framework using the Accelerated Failure Time ($AFT$) model implemented with XGBoost on a new dataset that combines MITRE, NVD, VulDB, and Twitter signals. The authors demonstrate that leveraging VulDB and NVD features yields strong predictive performance, while Twitter trend data provides limited additional value. A publicly available IoT vulnerabilities database accompanies the method, enabling practical patch management improvements. Overall, the work shows that multi-source, tabular vulnerability data can support accurate time-to-fix predictions for IoT devices.

Abstract

The rapid integration of Internet of Things (IoT) devices into enterprise environments presents significant security challenges. Many IoT devices are released to the market with minimal security measures, often harbouring an average of 25 vulnerabilities per device. To enhance cybersecurity measures and aid system administrators in managing IoT patches more effectively, we propose an innovative framework that predicts the time it will take for a vulnerable IoT device to receive a fix or patch. We developed a survival analysis model based on the Accelerated Failure Time (AFT) approach, implemented using the XGBoost ensemble regression model, to predict when vulnerable IoT devices will receive fixes or patches. By constructing a comprehensive IoT vulnerabilities database that combines public and private sources, we provide insights into affected devices, vulnerability detection dates, published CVEs, patch release dates, and associated Twitter activity trends. We conducted thorough experiments evaluating different combinations of features, including fundamental device and vulnerability data, National Vulnerability Database (NVD) information such as CVE, CWE, and CVSS scores, transformed textual descriptions into sentence vectors, and the frequency of Twitter trends related to CVEs. Our experiments demonstrate that the proposed model accurately predicts the time to fix for IoT vulnerabilities, with data from VulDB and NVD proving particularly effective. Incorporating Twitter trend data offered minimal additional benefit. This framework provides a practical tool for organisations to anticipate vulnerability resolutions, improve IoT patch management, and strengthen their cybersecurity posture against potential threats.

Predicting IoT Device Vulnerability Fix Times with Survival and Failure Time Models

TL;DR

The paper addresses predicting the for IoT vulnerabilities to improve patch management. It proposes a survival-analysis framework using the Accelerated Failure Time () model implemented with XGBoost on a new dataset that combines MITRE, NVD, VulDB, and Twitter signals. The authors demonstrate that leveraging VulDB and NVD features yields strong predictive performance, while Twitter trend data provides limited additional value. A publicly available IoT vulnerabilities database accompanies the method, enabling practical patch management improvements. Overall, the work shows that multi-source, tabular vulnerability data can support accurate time-to-fix predictions for IoT devices.

Abstract

The rapid integration of Internet of Things (IoT) devices into enterprise environments presents significant security challenges. Many IoT devices are released to the market with minimal security measures, often harbouring an average of 25 vulnerabilities per device. To enhance cybersecurity measures and aid system administrators in managing IoT patches more effectively, we propose an innovative framework that predicts the time it will take for a vulnerable IoT device to receive a fix or patch. We developed a survival analysis model based on the Accelerated Failure Time (AFT) approach, implemented using the XGBoost ensemble regression model, to predict when vulnerable IoT devices will receive fixes or patches. By constructing a comprehensive IoT vulnerabilities database that combines public and private sources, we provide insights into affected devices, vulnerability detection dates, published CVEs, patch release dates, and associated Twitter activity trends. We conducted thorough experiments evaluating different combinations of features, including fundamental device and vulnerability data, National Vulnerability Database (NVD) information such as CVE, CWE, and CVSS scores, transformed textual descriptions into sentence vectors, and the frequency of Twitter trends related to CVEs. Our experiments demonstrate that the proposed model accurately predicts the time to fix for IoT vulnerabilities, with data from VulDB and NVD proving particularly effective. Incorporating Twitter trend data offered minimal additional benefit. This framework provides a practical tool for organisations to anticipate vulnerability resolutions, improve IoT patch management, and strengthen their cybersecurity posture against potential threats.
Paper Structure (11 sections, 7 equations, 3 figures, 5 tables)

This paper contains 11 sections, 7 equations, 3 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Time to Exploit Prediction
  4. Survival Analysis
  5. Survival Analysis to Predict Time to Fix for IoT
  6. Time to fix prediction for IoT devices through Survival Analysis and Regression Models
  7. Dataset
  8. Framework Conception
  9. Evaluation Metrics for an AFT model
  10. Experiments and Results
  11. Conclusion and Future Work

Figures (3)

  • Figure 1: C-Index and time to fix in days for all the 31 group combinations.
  • Figure 2: C-Index and time to fix in days for the top 9 C-index group combinations.
  • Figure 3: Train and Validation Error Function (negloglik) Results from combination No. 25 that provided the highest C-Index.