An Empirical Study on Using the National Vulnerability Database to Predict Software Vulnerabilities

نویسندگان

  • Su Zhang
  • Doina Caragea
  • Xinming Ou
چکیده

Software vulnerabilities represent a major cause of cybersecurity problems. The National Vulnerability Database (NVD) is a public data source that maintains standardized information about reported software vulnerabilities. Since its inception in 1997, NVD has published information about more than 43,000 software vulnerabilities affecting more than 17,000 software applications. This information is potentially valuable in understanding trends and patterns in software vulnerabilities, so that one can better manage the security of computer systems that are pestered by the ubiquitous software security flaws. In particular, one would like to be able to predict the likelihood that a piece of software contains a yet-to-be-discovered vulnerability, which must be taken into account in security management due to the increasing trend in zero-day attacks. We conducted an empirical study on applying data-mining techniques on NVD data with the objective of predicting the time to next vulnerability for a given software application. We experimented with various features constructed using the information available in NVD, and applied various machine learning algorithms to examine the predictive power of the data. Our results show that the data in NVD generally have poor prediction capability, with the exception of a few vendors and software applications. By doing a large number of experiments and observing the data, we suggest several reasons for why the NVD data have not produced a reasonable prediction model for time to next vulnerability with our current approach.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Look at the Time Delays in CVSS Vulnerability Scoring

This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information attached to published CVEs. According to the empirical results based on regularized regression analysis of over eighty thousand archived vulnerabilities, (i) the...

متن کامل

Predicting Cyber Risks through National Vulnerability Database

Su Zhang1, Xinming Ou2, and Doina Caragea3 1Cloud Platform Engineering, Symantec Corporation, Mountain View, California, USA 2Department of Computer Science and Engineering, University of South Florida, Tampa, Florida, USA 3Department of Computing and Information Sciences, Kansas State University, Manhattan, Kansas, USA ABSTRACT Software vulnerabilities are the major cause of cyber security pro...

متن کامل

Heterogeneous Network Mining of the National Vulnerability Database

As the proliferation of on-line information storage and interaction continues, so does the continued threat to the security of users and their data. New vulnerabilities are found daily in various pieces of software, used by both users and providers of on-line services, not to mention the myriad of web applications that are not tracked by any central system. Previous research into trends in vuln...

متن کامل

Empirical Estimates of 0Day Vulnerabilities in Control Systems

We define a 0Day vulnerability to be any vulnerability, in deployed software, which has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to well managed control systems which have already effectively mitigated the publicly known vulnerabilities. In these well managed systems t...

متن کامل

Scenario-Based Markovian Modeling of Web-System Availability Considering Attacks on Vulnerabilities

In the paper we simulate web-system availability taking into account security aspects and different maintenance scenarios. As a case study we have developed two Markov’s models. These models simulate availability of a multitier web-system considering attacks on DNS vulnerabilities in additional to system failures due to hardware/software (HW/SW) faults. Proposed Markov’s model use attacks rate ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011