Discovery of Evolving Relationships of Software Vulnerabilities

Discovery of Evolving Relationships of Software Vulnerabilities

연구 분야: Strategies

학회: 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)

Discovering the risks posed by software vulnerabilities is a challenge. Software vulnerabilities are often not listed and studies have shown 50.3% of the reports do not include the list of vulnerable libraries. Thus, it becomes critical to maximize the understanding of the vulnerability reports and the trends in vulnerabilities. In this work, a novel tool is created that is able to connect the vulnerabilities with time and identify subsets of vulnerabilities that are related.In the first step of the model, a text network is created from the vulnerability reports of each month in a year. Then, a temporal network is constructed from text networks. Temporal network theoretic properties are evaluated on the model to understand the vulnerability trends and the evolution of relationships amongst the vulnerabilities. The analysis leverages on the community detection algorithms on text networks. The dynamics of evolving relationships of the software vulnerabilities are extracted using biclustering algorithms, and the statistical significance of the biclusters is evaluated. Experimental results based on vulnerability reports are analyzed and presented.