Abstract | ||
---|---|---|
Online vulnerability databases provide a wealth of information pertaining to vulnerabilities that are present in computer application software, operating systems, and firmware. Extracting useful information from these databases that can subsequently be utilized by applications such as vulnerability scanners and security monitoring tools can be a challenging task. This paper presents two approaches to information extraction from online vulnerability databases: a machine learning based solution and a solution that exploits linguistic patterns elucidated by part-of-speech tagging. These two systems are evaluated to compare accuracy in recognizing security concepts in previously unseen vulnerability description texts. We discuss design considerations that should be taken into account in implementing information retrieval systems for security domain. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1007/978-3-319-17040-4_24 | Lecture Notes in Computer Science |
Keywords | Field | DocType |
Security,Vulnerability,Information extraction,Named entity recognition | Security domain,Computer security,Exploit,Information extraction,Vulnerability management,Engineering,Security information and event management,Application software,Firmware,Vulnerability | Conference |
Volume | ISSN | Citations |
8930 | 0302-9743 | 1 |
PageRank | References | Authors |
0.36 | 10 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sachini S. Weerawardhana | 1 | 1 | 1.03 |
Subhojeet Mukherjee | 2 | 6 | 2.24 |
Indrajit Ray | 3 | 1129 | 155.20 |
Adele E. Howe | 4 | 561 | 65.70 |