使用无监督主题建模分析CVE数据库

2019 International Conference on Computational Science and Computational Intelligence (CSCI) Pub Date : 2019-12-01 DOI:10.1109/CSCI49370.2019.00019

V. Mounika, Xiaohong Yuan, Kanishka Bandaru

{"title":"使用无监督主题建模分析CVE数据库","authors":"V. Mounika, Xiaohong Yuan, Kanishka Bandaru","doi":"10.1109/CSCI49370.2019.00019","DOIUrl":null,"url":null,"abstract":"This paper describes our study of the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic modeling on the description texts of the vulnerabilities. Prevalent vulnerability types were found, and new trends of vulnerabilities were discovered by studying the 121,716 unique CVE entries that are reported from January 1999 to July 2019. The topics found through topic modeling were mapped to OWASP Top 10 vulnerabilities. It was found that the OWASP vulnerabilities A2: 2017-Broken Authentication, A4:2017-XML External Entities (XXE), and A5:2017-Broken Access Control increased, yet the vulnerability A7:2017-Cross-Site Scripting (XSS) had a steep decrease over the period of 20 years.","PeriodicalId":103662,"journal":{"name":"2019 International Conference on Computational Science and Computational Intelligence (CSCI)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Analyzing CVE Database Using Unsupervised Topic Modelling\",\"authors\":\"V. Mounika, Xiaohong Yuan, Kanishka Bandaru\",\"doi\":\"10.1109/CSCI49370.2019.00019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes our study of the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic modeling on the description texts of the vulnerabilities. Prevalent vulnerability types were found, and new trends of vulnerabilities were discovered by studying the 121,716 unique CVE entries that are reported from January 1999 to July 2019. The topics found through topic modeling were mapped to OWASP Top 10 vulnerabilities. It was found that the OWASP vulnerabilities A2: 2017-Broken Authentication, A4:2017-XML External Entities (XXE), and A5:2017-Broken Access Control increased, yet the vulnerability A7:2017-Cross-Site Scripting (XSS) had a steep decrease over the period of 20 years.\",\"PeriodicalId\":103662,\"journal\":{\"name\":\"2019 International Conference on Computational Science and Computational Intelligence (CSCI)\",\"volume\":\"89 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Computational Science and Computational Intelligence (CSCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCI49370.2019.00019\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Computational Science and Computational Intelligence (CSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCI49370.2019.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

本文采用对漏洞描述文本进行主题建模的方法，对CVE数据库中的漏洞报告进行了研究。通过对1999年1月至2019年7月报告的121,716个独特CVE条目进行研究，发现了常见的漏洞类型，并发现了漏洞的新趋势。通过主题建模发现的主题映射到OWASP Top 10漏洞。结果发现，OWASP漏洞A2: 2017-Broken Authentication、A4:2017-XML External Entities (XXE)和A5:2017-Broken Access Control增加了，而漏洞A7:2017-Cross-Site Scripting (XSS)在过去20年里急剧减少。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analyzing CVE Database Using Unsupervised Topic Modelling

This paper describes our study of the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic modeling on the description texts of the vulnerabilities. Prevalent vulnerability types were found, and new trends of vulnerabilities were discovered by studying the 121,716 unique CVE entries that are reported from January 1999 to July 2019. The topics found through topic modeling were mapped to OWASP Top 10 vulnerabilities. It was found that the OWASP vulnerabilities A2: 2017-Broken Authentication, A4:2017-XML External Entities (XXE), and A5:2017-Broken Access Control increased, yet the vulnerability A7:2017-Cross-Site Scripting (XSS) had a steep decrease over the period of 20 years.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 International Conference on Computational Science and Computational Intelligence (CSCI)

自引率

0.00%

发文量