Exploitation time is an essential factor for vulnerability assessment in cybersecurity management. In this work, we propose an integrated consecutive batch learning framework to predict the probable exploitation time of vulnerabilities. To achieve a better performance, we combine features extracted from both vulnerability descriptions and the Common Vulnerability Scoring System in the proposed framework. In particular, we design an Adaptive Sliding Window Weighted Learning (ASWWL) algorithm to tackle the dynamic multiclass imbalance problem existing in many industrial applications including exploitation time prediction. A series of experiments are carried out on a real-world dataset, containing 24,413 exploited vulnerabilities disclosed between 1990 and 2020. Experimental results demonstrate the proposed ASWWL algorithm can significantly enhance the performance of the minority classes without compromising the performance of the majority class. Besides, the proposed framework achieves the most robust and state-of-the-art performance compared with the other five consecutive batch learning algorithms.

利用时间是网络安全管理中漏洞评估的一个重要因素。在这项工作中，我们提出了一个集成的连续批量学习框架来预测漏洞的可能利用时间。为了获得更好的性能，我们在提议的框架中结合了从漏洞描述和通用漏洞评分系统中提取的特征。特别是，我们设计了一种自适应滑动窗口加权学习 (ASWWL) 算法来解决许多工业应用中存在的动态多类不平衡问题，包括开发时间预测。在真实世界的数据集上进行了一系列实验，其中包含 1990 年至 2020 年间披露的 24,413 个被利用的漏洞。实验结果表明，所提出的 ASWWL 算法可以显着提高少数类的性能，而不会影响多数类的性能。此外，与其他五个连续批量学习算法相比，所提出的框架实现了最强大和最先进的性能。