Abstract
This paper addresses the challenges to formally specify the vulnerability information and unify text-based vulnerability descriptions, which might be available in various commercial, governmental, or open source vulnerability databases, into a generic information model. Our motivation is to utilize the remodeled vulnerability data for automating the construction of attack graph, which has been recognized as an effective method for visualizing, analyzing, and measuring the security of complicated computer systems or networks. A formal data structure is proposed based on a comprehensive conceptual analysis on normal computer infrastructure and related vulnerabilities. The newly proposed vulnerability representation, which contains most of meaningful properties extracted from textual descriptions of actual vulnerability items, can be directly fed into the reasoning engine of attack graph tools. A lightweight information extraction mechanism is designed to automatically transform textual vulnerability descriptions into the proposed data structure. Several Reader and Writer plugins are implemented to enable the communication with known vulnerability repositories.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
