Out-of-Fold Stacking Regression for Rapid Prediction of Time-to-Exploit in Newly Disclosed Vulnerabilities

The Time-To-Exploit (TTE), defined as the interval between vulnerability disclosure and exploitation, has recently contracted to as little as 3–5 days, making it a critical tactical indicator in modern cyber operations. This study proposes a stacking ensemble regression model for rapid and automated TTE prediction using only limited information available at the vulnerability disclosure stage. The framework integrates heterogeneous features—Common Vulnerability Scoring System (CVSS) base metrics, unstructured CVE descriptions, and Proof-of-Concept (PoC) event counts—through tailored preprocessing pipelines and optimized base models, which are consolidated via an out-of-fold (OOF) meta model. Multi-stage experiments identified feature-specific optimal configurations: CVSS metrics with target encoding and Ridge regression, CVE descriptions with SecBERT embeddings, mean–max pooling, Principal Component Analysis (PCA), and CatBoost regression, and PoC event counts with logarithmic transformation and linear regression. The final stacked model outperformed all base models, achieving higher accuracy in Mean Absolute Error (MAE) and Coefficient of Determination (R²). Explainability analysis using SHapley Additive exPlanations (SHAP) revealed feature contributions of 0.39 for CVSS, 0.30 for descriptions, and 0.03 for PoC events. Residual analysis confirmed prediction stability with a near-symmetric bell-shaped distribution centered at zero. Compared with a hold-out blending ensemble under identical conditions, the stacking framework delivered superior performance. Unlike existing studies centered on static severity scores or categorical classification, this work reframes vulnerability assessment as a dynamic, time-based regression problem, demonstrating the feasibility of quantitatively estimating exploitation timelines and enabling faster vulnerability response.