Skip to Main content Skip to Navigation
Conference papers

Towards Automated Risk Analysis of "One-day" Vulnerabilities

Clément Elbaz 1 Louis Rilling 1 Christine Morin 1
1 MYRIADS - Design and Implementation of Autonomous Distributed Systems
Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Common Vulnerabilities and Exposures (CVE) databases such as Mitre’s CVE List and NIST’s NVD database identify every disclosed vulnerability affecting any public software. However, during the early hours of a vulnerability disclosure, the metadata associated with these vulnerabilities is either missing, wrong, or at best sparse. This creates a challenge for robust automated analysis of new vulnerabilities. We present a new technique based on TF-IDF to map newly disclosed vulnerabilities to the most probably affected software products, formulated as an ordered list of relevant entries in the Common Platform Enumeration (CPE) database. For doing so we rely only on the human readable description of the vulnerability without any need for metadata.
Keywords : CVE Security Cloud CPE TF-IDF
Document type :
Conference papers
Complete list of metadatas

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-02267192
Contributor : Clément Elbaz <>
Submitted on : Monday, August 19, 2019 - 10:18:36 AM
Last modification on : Wednesday, June 24, 2020 - 4:19:48 PM
Document(s) archivé(s) le : Thursday, January 9, 2020 - 9:22:03 PM

File

clement_elbaz_oneday_vulnerabi...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02267192, version 1

Citation

Clément Elbaz, Louis Rilling, Christine Morin. Towards Automated Risk Analysis of "One-day" Vulnerabilities. RESSI 2019 - Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, Aug 2019, Erquy, France. pp.1-3. ⟨hal-02267192⟩

Share

Metrics

Record views

94

Files downloads

582