Security teams are overwhelmed by the ever-increasing number of newly reported software vulnerabilities. The majority of these vulnerabilities are never exploited. On the other hand, prioritization matters since patching all of them at the same time is not feasible. This paper introduces GreenExBert, a compact model that predicts the exploitability likelihood of a vulnerability for prioritization. GreenExBert is a distilled transformer that adheres to the principles of Green AI. It learns from 56,000 balanced Common Vulnerabilities and Exposures (CVE) entries that merge Exploit-DB code proofs with rich National Vulnerability Database (NVD) metadata. We utilize the Base metrics from CVSS v3.1 as a compact tree structure, apply targeted sampling to reduce overlap between classes, and apply knowledge distillation to transfer learning from a teacher model (all-MiniLM) to a smaller, more efficient student model. GreenExBert uses 33% fewer model parameters and achieves 92.6% accuracy, while reducing training time by 75%, inference time by 90%, and CO2 emissions by approximately 75%. Our proposed efficiency score weighs the model accuracy against environmental cost. GreenExBert scores the highest among all evaluated models, proving its capabilities for low-resource environments like edge devices
Mirtaheri, S.L., Yousefikia, M., Majd, A., Shahbazian, R., Trubitsyna, I., Pugliese, A. (2025). Towards Green Generative AI for Exploit Prediction in Resource-Limited Systems. In 2025 IEEE Cyber Science and Technology Congress (CyberSciTech) (pp. 184-191). Washington, DC : IEEE Computer Society [10.1109/CyberSciTech68397.2025.00031].
Towards Green Generative AI for Exploit Prediction in Resource-Limited Systems
Shahbazian R.;
2025-01-01
Abstract
Security teams are overwhelmed by the ever-increasing number of newly reported software vulnerabilities. The majority of these vulnerabilities are never exploited. On the other hand, prioritization matters since patching all of them at the same time is not feasible. This paper introduces GreenExBert, a compact model that predicts the exploitability likelihood of a vulnerability for prioritization. GreenExBert is a distilled transformer that adheres to the principles of Green AI. It learns from 56,000 balanced Common Vulnerabilities and Exposures (CVE) entries that merge Exploit-DB code proofs with rich National Vulnerability Database (NVD) metadata. We utilize the Base metrics from CVSS v3.1 as a compact tree structure, apply targeted sampling to reduce overlap between classes, and apply knowledge distillation to transfer learning from a teacher model (all-MiniLM) to a smaller, more efficient student model. GreenExBert uses 33% fewer model parameters and achieves 92.6% accuracy, while reducing training time by 75%, inference time by 90%, and CO2 emissions by approximately 75%. Our proposed efficiency score weighs the model accuracy against environmental cost. GreenExBert scores the highest among all evaluated models, proving its capabilities for low-resource environments like edge devices
| File | Dimensione | Formato | |
|---|---|---|---|
|
Towards_Green_Generative_AI_for_Exploit_Prediction_in_Resource-Limited_Systems.pdf
Solo gestori archvio
Tipologia:
Versione Editoriale
Dimensione
6.87 MB
Formato
Adobe PDF
|
6.87 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
