Title :
Security Trend Analysis with CVE Topic Models
Author :
Neuhaus, Stephan ; Zimmermann, Thomas
Author_Institution :
Univ. degli Studi di Trento, Trento, Italy
Abstract :
We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection. Buffer Overflows: flattening out after decline. Format Strings: in steep decline. SQL Injection and XSS: remaining strong, and rising. Cross-Site Request Forgery: a sleeping giant perhaps, stirring. Application Servers: rising steeply.
Keywords :
SQL; buffer storage; data analysis; data mining; hypermedia markup languages; learning (artificial intelligence); security of data; CVE topic model; Common Vulnerability and Exposures database; PHP; SQL injection; XSS; application servers; buffer overflow; cross-site request forgery; description text; format strings; security trend analysis; vulnerability report; vulnerability type; Databases; Forgery; Manuals; Mathematical model; NIST; Resource management; Security; machine learning; security; trends;
Conference_Titel :
Software Reliability Engineering (ISSRE), 2010 IEEE 21st International Symposium on
Conference_Location :
San Jose, CA
Print_ISBN :
978-1-4244-9056-1
Electronic_ISBN :
1071-9458
DOI :
10.1109/ISSRE.2010.53
