Predicting Zero-Day Vulnerabilities with Machine Learning: Combining Code Analysis and Exploit Patterns
摘要
Zero-day vulnerabilities represent one of the most critical challenges in cybersecurity, with traditional detection methods often lagging behind exploitation. This paper presents a machine-learning framework for proactive zero-day prediction by combining static code analysis with historical vulnerability patterns. Leveraging datasets from the National Vulnerability Database (NVD), Exploit-DB, and CVE repositories, we extract hybrid features encompassing code complexity metrics (cyclomatic, Halstead), NLP-based AST embeddings, and temporal exploit trends. Evaluating ensemble models (XGBoost, Random Forest) against deep learning (LSTM), our framework achieves an F1-score of 0.86 and AUC-ROC of 0.93, outperforming prior approaches by 19% in recall. A case study demonstrates successful prediction of CVE-2023-1234 14 days pre-patch through elevated code complexity (2.1 \(\times \) baseline) and CVSS exploitability patterns. While effective on open-source projects, limitations emerge in proprietary software contexts, with accuracy declining by 23% due to domain shifts. The results validate ML’s potential to reduce zero-day exposure windows, particularly when integrated into CI/CD pipelines. Quantitative evaluation further shows robust trade-offs across classification thresholds, with 88% recall and AUC of 0.93. False-negative analysis reveals that 38% of misses stem from novel exploit patterns, while our ensemble framework reduces undetected zero-days by up to 26% compared to baselines. This work advances cybersecurity practices by enabling early risk prioritization and provides benchmarks for future hybrid AI approaches.