Skip to Main content Skip to Navigation
Conference papers

Towards Automated Risk Analysis of "One-day" Vulnerabilities

Clément Elbaz 1 Louis Rilling 1 Christine Morin 1
1 MYRIADS - Design and Implementation of Autonomous Distributed Systems
Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Common Vulnerabilities and Exposures (CVE) databases such as Mitre’s CVE List and NIST’s NVD database identify every disclosed vulnerability affecting any public software. However, during the early hours of a vulnerability disclosure, the metadata associated with these vulnerabilities is either missing, wrong, or at best sparse. This creates a challenge for robust automated analysis of new vulnerabilities. We present a new technique based on TF-IDF to map newly disclosed vulnerabilities to the most probably affected software products, formulated as an ordered list of relevant entries in the Common Platform Enumeration (CPE) database. For doing so we rely only on the human readable description of the vulnerability without any need for metadata.
Keywords : CVE Security Cloud CPE TF-IDF
Document type :
Conference papers
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download
Contributor : Clément Elbaz Connect in order to contact the contributor
Submitted on : Monday, August 19, 2019 - 10:18:36 AM
Last modification on : Wednesday, November 3, 2021 - 8:16:42 AM
Long-term archiving on: : Thursday, January 9, 2020 - 9:22:03 PM


Files produced by the author(s)


  • HAL Id : hal-02267192, version 1


Clément Elbaz, Louis Rilling, Christine Morin. Towards Automated Risk Analysis of "One-day" Vulnerabilities. RESSI 2019 - Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, Aug 2019, Erquy, France. pp.1-3. ⟨hal-02267192⟩



Les métriques sont temporairement indisponibles