Exploitability prediction of vulnerabilities based on heterogeneous graphs

Vulnerability exploitability prediction is the process predicting the likelihood of being exploited in real attacks by the assessment of known software vulnerabilities. Many methods have been proposed to solve the problem of exploitability prediction. However, they generally suffer from two problems. First, they only extract features from a single vulnerability, ignoring the impact of associated vulnerabilities. Second, they usually adopt simple methods (such as concatenation) to aggregate different information, which may overlook important relationships between features. In this paper, we propose a novel exploitability prediction method based on heterogeneous graphs, called ExPreHet. First, ExPreHet defines nodes and edges to construct a heterogeneous graph. Following a series of preprocessing steps, ExPreHet generates multiple attribute vectors for each node. By implementing a restart random walk strategy, ExPreHet ensures that each node can sample all categories of neighboring nodes and group them by node category. Then, ExPreHet aggregates all the attributes of each node to generate the content vector, and each category of neighboring nodes of this node to generate a category vector. After that, the content vector and all the category vectors are aggregated to generate the final representation of the node. Finally, these final representations are input into random forest (RF) for training the classifier. To effectively assess ExPreHet, this paper conducts experiments on a dataset, which contains 66,877 vulnerabilities. The experimental results show that ExPreHet achieves 83.24 %, 83.22 %, 83.28 %, 83.25 %, and 83.24 % in terms of accuracy, precision, recall, F1-score, and area under curve (AUC), respectively. ExPreHet performs significantly better than the baseline methods.