Security Trend Analysis with CVE Topic Models

13 years 10 months ago

Download research.microsoft.com

—We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to ﬁnd prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection. Buffer Overﬂows: ﬂattening out after decline. Format Strings: in steep decline. SQL Injection and XSS: remaining strong, and rising. Cross-Site Request Forgery: a sleeping giant perhaps, stirring. Application Servers: rising steeply. Keywords-security; trends; machine learning

Stephan Neuhaus, Thomas Zimmermann

Real-time Traffic

ISSRE 2010 | Occasional Sql Injection | Prevalent Vulnerability Types | Software Engineering | SQL Injection |

claim paper

Post Info
More Details (n/a)

Added	28 Jan 2011
Updated	28 Jan 2011
Type	Journal
Year	2010
Where	ISSRE
Authors	Stephan Neuhaus, Thomas Zimmermann

Comments (0)

Sciweavers

Security Trend Analysis with CVE Topic Models

ISSRE 2010 | Occasional Sql Injection | Prevalent Vulnerability Types | Software Engineering | SQL Injection |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers