Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports

Hansong Ren, Xuejun Li*, Liao Lei, Guoliang Ou, Hongyu Sun, Gaofei Wu, Xiao Tian, Jinglu Hu, Yuqing Zhang

*この研究の対応する著者

研究成果: Conference contribution

抄録

At present, the vulnerability database research has mainly focused on whether the disclosed information is accurate. However, the information differences between the various vulnerability databases have received little attention. This article proposes a WITTY (softWare versIon inconsisTency measuremenT sYstem) to detect the differences between the affected software versions of NVD and different language vulnerability databases (including English CVE, OpenWall, Chinese CNNVD, CNVD, and other eight databases). WITTY can enable Our large-scale quantitative information consistency. We introduce named entity recognition (NER) and relation extraction (RE) based on deep learning. We present custom design into named entity recognition (NER) and relation extraction (RE) based on deep learning, enabling WITTY to recognize previously invisible software names and versions based on sentence structure and context. Ground-truth shows that the system has a high accuracy rate (95.3% accuracy rate, 89.9% recall rate). We use data from 8 vulnerability databases in the past 21 years, involving 554,725 vulnerability reports. The results show that they are inconsistent. The software version is prevalent. The average exact match rate of English vulnerability databases CVE, OpenWall, and other vulnerability databases with cve is only 22.1%. The average exact match rate of Chinese CNNVD and CNVD is 49.5%, and the excat match rate of Russian vulnerability databases is 25.8%.

本文言語English
ホスト出版物のタイトルFrontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers
編集者Chunjie Cao, Yuqing Zhang, Yuan Hong, Ding Wang
出版社Springer Science and Business Media Deutschland GmbH
ページ78-99
ページ数22
ISBN(印刷版)9789811905223
DOI
出版ステータスPublished - 2022
イベント4th International Conference on Frontiers in Cyber Security, FCS 2021 - Haikou, China
継続期間: 2021 12月 172021 12月 19

出版物シリーズ

名前Communications in Computer and Information Science
1558 CCIS
ISSN(印刷版)1865-0929
ISSN(電子版)1865-0937

Conference

Conference4th International Conference on Frontiers in Cyber Security, FCS 2021
国/地域China
CityHaikou
Period21/12/1721/12/19

ASJC Scopus subject areas

  • コンピュータサイエンス一般
  • 数学一般

フィンガープリント

「Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル