Skip to Main content Skip to Navigation
Reports

Automated Keyword Extraction from "One-day" Vulnerabilities at Disclosure

Abstract : Common Vulnerabilities and Exposures (CVE) databases such as Mitre’s CVE List and NIST’s NVD database identify every disclosed vulnerability affecting any public software. However, during the early hours of a vulnerability disclosure, the metadata associated with these vulnerabilities is either missing, wrong, or at best sparse. This creates a challenge for robust automated analysis of new vulnerabilities. We present a new technique based on TF-IDF to assess the software products most probably affected by newly disclosed vulnerabilities, formulated as an ordered list of relevant keywords. For doing so we rely only on the human readable description of a new vulnerability without any need for its metadata. Our evaluation results suggest real world applicability of our technique.
Document type :
Reports
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-02362062
Contributor : Clément Elbaz <>
Submitted on : Wednesday, November 13, 2019 - 4:54:49 PM
Last modification on : Tuesday, September 8, 2020 - 10:49:26 AM

File

automated_keyword_extration_fr...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02362062, version 1

Citation

Clément Elbaz, Louis Rilling, Christine Morin. Automated Keyword Extraction from "One-day" Vulnerabilities at Disclosure. [Research Report] RR-9299, Inria Rennes - Bretagne Atlantique. 2019, pp.1-22. ⟨hal-02362062⟩

Share

Metrics

Record views

88

Files downloads

506