Common Vulnerabilities and Exposures (CVE) mining and prediction

With the continuous increase in reported Common Vulnerabilities and Exposures (CVEs), security teams are overwhelmed by vast amounts of data, which are often analyzed manually, leading to a slow and inefficient process. To address cybersecurity threats effectively, it is essential to establish connections across multiple security entity databases, including CVEs, Common Weakness Enumeration (CWEs), and Common Attack Pattern Enumeration and Classification (CAPECs).

In this project, we investigate a new approach that leverages the RotatE knowledge graph embedding model, initialized with embeddings from the cutting-edge Ada language model developed by OpenAI. In addition, we extend this approach by initializing the embeddings for the relations. This method has the potential to surpass previous attempts and provide a valuable tool for security teams to efficiently identify and respond to cybersecurity threats. Unlike previous works that only handled CVEs present in the training set, we plan for our approach to deal with unseen entities. Furthermore, we contribute a comprehensive dataset and our models for future benchmarking.

Status

Research Area(s)

Project Resources

RIG(s)

Affiliations

Publications

Related RHRQ Articles