{"title":"Analyzing CVE Database Using Unsupervised Topic Modelling","authors":"V. Mounika, Xiaohong Yuan, Kanishka Bandaru","doi":"10.1109/CSCI49370.2019.00019","DOIUrl":null,"url":null,"abstract":"This paper describes our study of the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic modeling on the description texts of the vulnerabilities. Prevalent vulnerability types were found, and new trends of vulnerabilities were discovered by studying the 121,716 unique CVE entries that are reported from January 1999 to July 2019. The topics found through topic modeling were mapped to OWASP Top 10 vulnerabilities. It was found that the OWASP vulnerabilities A2: 2017-Broken Authentication, A4:2017-XML External Entities (XXE), and A5:2017-Broken Access Control increased, yet the vulnerability A7:2017-Cross-Site Scripting (XSS) had a steep decrease over the period of 20 years.","PeriodicalId":103662,"journal":{"name":"2019 International Conference on Computational Science and Computational Intelligence (CSCI)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Computational Science and Computational Intelligence (CSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCI49370.2019.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
This paper describes our study of the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic modeling on the description texts of the vulnerabilities. Prevalent vulnerability types were found, and new trends of vulnerabilities were discovered by studying the 121,716 unique CVE entries that are reported from January 1999 to July 2019. The topics found through topic modeling were mapped to OWASP Top 10 vulnerabilities. It was found that the OWASP vulnerabilities A2: 2017-Broken Authentication, A4:2017-XML External Entities (XXE), and A5:2017-Broken Access Control increased, yet the vulnerability A7:2017-Cross-Site Scripting (XSS) had a steep decrease over the period of 20 years.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
