Every year there are more Common Vulnerabilities and Exposures (CVE) published in the National Vulnerability Database (NVD) than the year before, yearly reports have now surpassed more than 20,000 reports a year, but the most important CVEs are the ones that are exploited. Specifically exploited CVEs are recorded by the Cybersecurity and Infrastructure Security Agency (CISA) and placed into their Known Exploited Vulnerabilities Catalog (KEV). The focus of this research is to analyze commonalities of CVEs from the KEV and the NVD and create predictions from the data spanning from 2003 to 2023. I extracted all 200,000+ CVEs from the NVD and all 1,000+ CVEs from the KEV and deleted all Common Vulnerability Scoring System (CVSS) that used only version 3 to eliminate possible outliers. Using three different approaches to predict KEV CVEs I found that it is best to predict future attacks using machine learning because we’re able to predict 80% of CVEs that could end up being part of the KEV using common variables between NVD CVEs and KEV CVEs. The findings from this capstone can help assist cybersecurity professionals in preventing attacks by telling them which CVEs need to be patched and which do not. Keywords- CVE; NVD; CISA; KEV; CVSS

Recommended Citation: Freeman T., Stoker G., Wray B., Alamleh H., (2023). Analysis of CISA’s KEV To Help Future Exploitation Defense. UNCW MS CSIS Proceedings. V. 17 , N. 18 .