Security Trend Analysis with CVE Topic Models

Neuhaus, Stephan and Zimmermann, Thomas (2010) Security Trend Analysis with CVE Topic Models. UNSPECIFIED.

[img]
Preview
PDF
Download (865Kb) | Preview

    Abstract

    We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection. Buffer Overflows: flattening out after decline. Format Strings: in steep decline. SQL Injection and XSS: remaining strong, and rising. Cross-Site Request Forgery: a sleeping giant perhaps, stirring. Application Servers: rising steeply.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA076 Computer software
    Uncontrolled Keywords: security; trends; machine learning
    Report Number: DISI-10-034
    Repository staff approval on: 24 May 2010

    Actions (login required)

    View Item