Security Trend Analysis with CVE Topic Models

Author

Neuhaus, Stephan ; Zimmermann, Thomas

Author_Institution

Univ. degli Studi di Trento, Trento, Italy

fYear

2010

fDate

1-4 Nov. 2010

Firstpage

111

Lastpage

120

Abstract

We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection. Buffer Overflows: flattening out after decline. Format Strings: in steep decline. SQL Injection and XSS: remaining strong, and rising. Cross-Site Request Forgery: a sleeping giant perhaps, stirring. Application Servers: rising steeply.

Keywords

SQL; buffer storage; data analysis; data mining; hypermedia markup languages; learning (artificial intelligence); security of data; CVE topic model; Common Vulnerability and Exposures database; PHP; SQL injection; XSS; application servers; buffer overflow; cross-site request forgery; description text; format strings; security trend analysis; vulnerability report; vulnerability type; Databases; Forgery; Manuals; Mathematical model; NIST; Resource management; Security; machine learning; security; trends;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Reliability Engineering (ISSRE), 2010 IEEE 21st International Symposium on

Conference_Location

San Jose, CA

ISSN

1071-9458

Print_ISBN

978-1-4244-9056-1

Electronic_ISBN

1071-9458

Type

conf

DOI

10.1109/ISSRE.2010.53

Filename

5635130