CoExpMiner: An AHIN-Based Vulnerability Co-Exploitation Mining Framework

Vulnerability is a significant security threat to information systems, drawing widespread concern from researchers. In recent years, owing to continuous advancements in defense technologies, the success rate of exploiting a single N-day vulnerability for attacking has gradually decreased. Attackers are now attempting to exploit multiple vulnerabilities simultaneously to achieve their objectives. This phenomenon is referred to as the vulnerability co-exploitation. Limited by strict vulnerability triggering conditions, successful attacks via vulnerability co-exploitation are infrequent. Due to the low proportion of co-exploitation cases among all vulnerabilities, few studies have focused on co-exploitation relationships or investigated co-exploitation under the condition of extreme data imbalance. In additon, existing work lacks sufficient multidimensional features, which are crucial for accurately identifying and understanding co-exploitation scenarios. However, the prediction of vulnerability co-exploitation remains valuable as it aids practitioners in identifying potential critical risk points within the system. In this article, we propose a framework named CoExpMiner, based on the attributed heterogeneous information network, for mining potential vulnerability co-exploitation under the extreme data imbalance condition. CoExpMiner utilizes structure and attribute features of the attributed heterogeneous graph to predict vulnerability co-exploitation, with employing a prefilter structure to accelerate the process and reduce the computational cost. Experimental results demonstrate that CoExpMiner can effectively predict co-exploitation despite the challenges posed by extreme data imbalance.