Improving Discovery of Known Software Vulnerability For Enhanced Cybersecurity

• URL: http://arxiv.org/abs/2412.16607v1
• Date: Sat, 21 Dec 2024 12:43:52 GMT
• Title: Improving Discovery of Known Software Vulnerability For Enhanced Cybersecurity
• Authors: Devesh Sawant, Manjesh K. Hanawal, Atul Kabra,
• Abstract summary: Vulnerability detection relies on standardized identifiers such as Common Platformion (CPE) strings. Non-standardized CPE strings issued by software vendors create a significant challenge. Inconsistent naming conventions, and versioning practices lead to mismatches when querying databases.
• Score: 0.0
• License:
• Abstract: Software vulnerabilities are commonly exploited as attack vectors in cyberattacks. Hence, it is crucial to identify vulnerable software configurations early to apply preventive measures. Effective vulnerability detection relies on identifying software vulnerabilities through standardized identifiers such as Common Platform Enumeration (CPE) strings. However, non-standardized CPE strings issued by software vendors create a significant challenge. Inconsistent formats, naming conventions, and versioning practices lead to mismatches when querying databases like the National Vulnerability Database (NVD), hindering accurate vulnerability detection. Failure to properly identify and prioritize vulnerable software complicates the patching process and causes delays in updating the vulnerable software, thereby giving attackers a window of opportunity. To address this, we present a method to enhance CPE string consistency by implementing a multi-layered sanitization process combined with a fuzzy matching algorithm on data collected using Osquery. Our method includes a union query with priority weighting, which assigns relevance to various attribute combinations, followed by a fuzzy matching process with threshold-based similarity scoring, yielding higher confidence in accurate matches. Comparative analysis with open-source tools such as FleetDM demonstrates that our approach improves detection accuracy by 40%.

Related papers

• Beyond the Surface: An NLP-based Methodology to Automatically Estimate CVE Relevance for CAPEC Attack Patterns [42.63501759921809]
  We propose a methodology leveraging Natural Language Processing (NLP) to associate Common Vulnerabilities and Exposure (CAPEC) vulnerabilities with Common Attack Patternion and Classification (CAPEC) attack patterns. Experimental evaluations demonstrate superior performance compared to state-of-the-art models.
  arXiv  Detail & Related papers  (2025-01-13T08:39:52Z)
• SecCodePLT: A Unified Platform for Evaluating the Security of Code GenAI [47.11178028457252]
  We develop SecCodePLT, a unified and comprehensive evaluation platform for code GenAIs' risks. For insecure code, we introduce a new methodology for data creation that combines experts with automatic generation. For cyberattack helpfulness, we construct samples to prompt a model to generate actual attacks, along with dynamic metrics in our environment.
  arXiv  Detail & Related papers  (2024-10-14T21:17:22Z)
• Divide and Conquer based Symbolic Vulnerability Detection [0.16385815610837165]
  This paper presents a vulnerability detection approach based on symbolic execution and control flow graph analysis. Our approach employs a divide-and-conquer algorithm to eliminate irrelevant program information.
  arXiv  Detail & Related papers  (2024-09-20T13:09:07Z)
• The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach [56.4040698609393]
  Software Bill of Materials (SBOM) has been promoted as a tool to increase transparency and verifiability in software composition. Current SBOM generation tools often suffer from inaccuracies in identifying components and dependencies. We propose PIP-sbom, a novel pip-inspired solution that addresses their shortcomings.
  arXiv  Detail & Related papers  (2024-09-10T10:12:37Z)
• LLM-Enhanced Static Analysis for Precise Identification of Vulnerable OSS Versions [12.706661324384319]
  Open-source software (OSS) has experienced a surge in popularity, attributed to its collaborative development model and cost-effective nature. The adoption of specific software versions in development projects may introduce security risks when these versions bring along vulnerabilities. Current methods of identifying vulnerable versions typically analyze and trace the code involved in vulnerability patches using static analysis with pre-defined rules. This paper presents Vercation, an approach designed to identify vulnerable versions of OSS written in C/C++.
  arXiv  Detail & Related papers  (2024-08-14T06:43:06Z)
• An Extensive Comparison of Static Application Security Testing Tools [1.3927943269211593]
  Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Several studies have suggested that alternative solutions may be more effective than SASTTs due to their tendency to generate false alarms. Our SASTTs evaluation is based on a controlled, though synthetic, Java.
  arXiv  Detail & Related papers  (2024-03-14T09:37:54Z)
• Profile of Vulnerability Remediations in Dependencies Using Graph Analysis [40.35284812745255]
  This research introduces graph analysis methods and a modified Graph Attention Convolutional Neural Network (GAT) model. We analyze control flow graphs to profile breaking changes in applications occurring from dependency upgrades intended to remediate vulnerabilities. Results demonstrate the effectiveness of the enhanced GAT model in offering nuanced insights into the relational dynamics of code vulnerabilities.
  arXiv  Detail & Related papers  (2024-03-08T02:01:47Z)
• The Vulnerability Is in the Details: Locating Fine-grained Information of Vulnerable Code Identified by Graph-based Detectors [33.395068754566935]
  VULEXPLAINER is a tool for locating vulnerability-critical code lines from coarse-level vulnerable code snippets. It can flag the vulnerability-triggering code statements with an accuracy of around 90% against eight common C/C++ vulnerabilities.
  arXiv  Detail & Related papers  (2024-01-05T10:15:04Z)
• Multi-context Attention Fusion Neural Network for Software Vulnerability Identification [4.05739885420409]
  We propose a deep learning model that learns to detect some of the common categories of security vulnerabilities in source code efficiently. The model builds an accurate understanding of code semantics with a lot less learnable parameters. The proposed AI achieves 98.40% F1-score on specific CWEs from the benchmarked NIST SARD dataset.
  arXiv  Detail & Related papers  (2021-04-19T11:50:36Z)
• Anomaly Detection Based on Selection and Weighting in Latent Space [73.01328671569759]
  We propose a novel selection-and-weighting-based anomaly detection framework called SWAD. Experiments on both benchmark and real-world datasets have shown the effectiveness and superiority of SWAD.
  arXiv  Detail & Related papers  (2021-03-08T10:56:38Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.