Sciweavers

ISSRE
2010
IEEE

Security Trend Analysis with CVE Topic Models

13 years 11 months ago
Security Trend Analysis with CVE Topic Models
—We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection. Buffer Overflows: flattening out after decline. Format Strings: in steep decline. SQL Injection and XSS: remaining strong, and rising. Cross-Site Request Forgery: a sleeping giant perhaps, stirring. Application Servers: rising steeply. Keywords-security; trends; machine learning
Stephan Neuhaus, Thomas Zimmermann
Added 28 Jan 2011
Updated 28 Jan 2011
Type Journal
Year 2010
Where ISSRE
Authors Stephan Neuhaus, Thomas Zimmermann
Comments (0)