Automated Supervised Topic Modeling Framework for Hardware Weaknesses

The number of publicly known cyber-security vulnerabilities (CVEs) submitted to the National Vulnerability Database (NVD) has increased significantly due to the increasing complexity of modern computing systems. The NVD database is a remarkable source of the latest reported vulnerable information for Cyber-Physical-System. However, it is cumbersome to extract useful information from this large corpus of unstructured data to find meaningful trends over time without the proper tools. Prior works with this purpose have mainly focused on software vulnerabilities and failed to provide a storytelling framework that can extract useful information about the relationship and trends within the CVE and Common Weakness Enumeration (CWE) databases over time. Additionally, hardware attacks on IoT devices are evolving rapidly due to the recent proliferation of computing devices in mobile and IoT domains. In this work, we present a Machine Learning-based framework for vulnerability and its impact vector classification focusing on the hardware vulnerabilities in the IoT domain. Our proposed framework is equipped with an Ontology-driven Storytelling Framework (OSF) and updates the ontology in an automated fashion, aiming to identify similar patterns of vulnerabilities over time. This helps to mitigate the impacts of vulnerabilities or, from another perspective, predicts and prevents future exposures.