Security Trend Analysis with CVE Topic Models

Thumbnail
Download
Download Record
Author
Neuhaus, Stephan
Zimmermann, Thomas
Accessioned
2010-08-13T16:35:56Z
Available
2010-08-13T16:35:56Z
Issued
2010-08-13T16:35:56Z
Other
Security, trends, machine learning
Subject
Security
Type
technical report
Metadata
Show full item record

Abstract
We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection. Buffer Overflows: flattening out after decline. Format Strings: in steep decline. SQL Injection and XSS: remaining strong, and rising. Cross-Site Request Forgery: a sleeping giant perhaps, stirring. Application Servers: rising steeply.
Refereed
No
Corporate
University of Calgary
Faculty
Science
Doi
http://dx.doi.org/10.11575/PRISM/31260
Uri
http://hdl.handle.net/1880/48066
Collections