A Study on the Classification of Common Vulnerabilities and Exposures using Naïve Bayes
National Vulnerability Database (NVD) provides publicly known security vulnerabilities called Common Vulnerabilities and Exposures (CVE). There are a number of CVE entries, although, some of them cannot provide sufficient information, such as vulnerability type. In this paper, we propose a classification method of categorizing CVE entries into vulnerability type using naïve Bayes classifier. The classification ability of the method is evaluated by a set of testing data. We can analyze CVE entries that are not yet classified as well as uncategorized vulnerability documents.
KeywordsVulnerability analysis Common Vulnerabilities and Exposures (CVE) Common Weakness Enumeration (CWE) naïve Bayes classifier document classification
Unable to display preview. Download preview PDF.
- 1.Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by Internet-wide scanning. In: SIGSAC Conference on Computer and Communications Security (CCS’15), pp. 542-553. (2015)Google Scholar
- 2.National Vulnerability Database, https://nvd.nist.gov/.
- 3.Genge, B., Enăchescu, C.: ShoVAT, Shodan-based vulnerability assessment tool for Internet-facing services. In: Security and Communication Networks, pp. 1-19. (2015)Google Scholar
- 4.Shodan, https://www.shodan.io/.
- 5.Chang, Y.Y., Zavarsky, P., Ruhl, R., Lindskog, D.: Trend analysis of the CVE for software vulnerability management. In: IEEE International Conference on Privacy, Security, Risk, and Trust (PASSAT) and IEEE International Conference on Social Computing (SocialCom), pp. 1290-1293. (2011)Google Scholar
- 6.Neuhaus, S., Zimmermann, T.: Security trend analysis with CVE topic models. In: IEEE International Symposium on Software Reliability Engineering, pp. 111-120. (2010)Google Scholar
- 7.Guo, M., Wang, J.A.: An ontology-based approach to model common vulnerabilities and exposures in information security. In: American Society for Engineering Education (ASEE) Southeastern Section Conference. (2009)Google Scholar
- 8.Li, Z., Tan, L., Wang, X., Lu, S., Zhou, Y., Zhai, C.: Have things changed now?: An empirical study of bug characteristics in modern open source software. In: Workshop on Architectural and System Support for Improving Software Dependability (ASID), pp. 25-33. (2006)Google Scholar