Automatically Building an Information-Security Vulnerability Database

Our goal was to collect data from the myriad computer vulnerability notices that exist on the World Wide Web and to mine it for interesting information and patterns. Surprisingly, no single database currently brings together all the various kinds of data from the vulnerability sites. Of particular interest to us was author and discoverer information since this provides valuable information about who is active in information security and occasionally might indicate the authors of exploits; current databases do not connect this to other relevant information. We found that the searchable parameters of the existing vulnerability databases were limited and inconsistent. Consequently, it is very difficult to get complete information about computer vulnerabilities by searching Web sites. Our approach was to bring together this information into a composite database. We did automated data collection from the existing Web vulnerability databases by creating Web bots that traversed Web sites and retrieved selected information from them, then imported the collected Web data into a relational database. A browser provides Web-based access to this database. (J. Steffan, et al., March 2002) and (R. Iyer, et al., Oct. 2003) shows how such information can be used to build models of attacks in the form of graphs, trees, and finite-state machines, and thereby develop methods for system protection