Skip to Main content Skip to Navigation

Automated Keyword Extraction from "One-day" Vulnerabilities at Disclosure

Abstract : Common Vulnerabilities and Exposures (CVE) databases such as Mitre’s CVE List and NIST’s NVD database identify every disclosed vulnerability affecting any public software. However, during the early hours of a vulnerability disclosure, the metadata associated with these vulnerabilities is either missing, wrong, or at best sparse. This creates a challenge for robust automated analysis of new vulnerabilities. We present a new technique based on TF-IDF to assess the software products most probably affected by newly disclosed vulnerabilities, formulated as an ordered list of relevant keywords. For doing so we rely only on the human readable description of a new vulnerability without any need for its metadata. Our evaluation results suggest real world applicability of our technique.
Document type :
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Clément Elbaz Connect in order to contact the contributor
Submitted on : Wednesday, November 13, 2019 - 4:54:49 PM
Last modification on : Wednesday, November 3, 2021 - 8:09:49 AM


Files produced by the author(s)


  • HAL Id : hal-02362062, version 1


Clément Elbaz, Louis Rilling, Christine Morin. Automated Keyword Extraction from "One-day" Vulnerabilities at Disclosure. [Research Report] RR-9299, Inria Rennes - Bretagne Atlantique. 2019, pp.1-22. ⟨hal-02362062⟩



Record views


Files downloads