Extended Vulnerability Feature Extraction Based on Public Resources

Authors

  • Yulia Tatarinova Samsung Electronics Ukraine Company LLC, Ukraine
  • Olga Sinelnikova Samsung Electronics Ukraine Company LLC, Ukraine

DOI:

https://doi.org/10.20535/tacs.2664-29132019.1.169085

Abstract

The focus of this research is to define a framework that automatically analyses Common Vulnerabilities and Exposures (CVE) from public and disclosed resources and makes mapping to the target computer system. The current framework calculates risk assessment and estimates vulnerabilities impact according to the features of the target platform. In this paper, we describe the main vulnerability feature set, provide approaches for automatic extraction from databases and open resources. We evaluated and improved each obtaining approaches on the recent set of security vulnerabilities (2018 year database). Comparison obtained results with results of manual expert analysis is proved.

Downloads

Published

2019-05-29

Issue

Section

Software code vulnerabilities investigation and secure applications development