Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports

Hansong Ren; Xuejun Li; Liao Lei; Guoliang Ou; Hongyu Sun; Gaofei Wu; Xiao Tian; Jinglu Hu; Yuqing Zhang

doi:10.1007/978-981-19-0523-0_6

Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports

Hansong Ren, Xuejun Li^*, Liao Lei, Guoliang Ou, Hongyu Sun, Gaofei Wu, Xiao Tian, Jinglu Hu, Yuqing Zhang

^*Corresponding author for this work

Graduate School of Information, Production and Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

At present, the vulnerability database research has mainly focused on whether the disclosed information is accurate. However, the information differences between the various vulnerability databases have received little attention. This article proposes a WITTY (softWare versIon inconsisTency measuremenT sYstem) to detect the differences between the affected software versions of NVD and different language vulnerability databases (including English CVE, OpenWall, Chinese CNNVD, CNVD, and other eight databases). WITTY can enable Our large-scale quantitative information consistency. We introduce named entity recognition (NER) and relation extraction (RE) based on deep learning. We present custom design into named entity recognition (NER) and relation extraction (RE) based on deep learning, enabling WITTY to recognize previously invisible software names and versions based on sentence structure and context. Ground-truth shows that the system has a high accuracy rate (95.3% accuracy rate, 89.9% recall rate). We use data from 8 vulnerability databases in the past 21 years, involving 554,725 vulnerability reports. The results show that they are inconsistent. The software version is prevalent. The average exact match rate of English vulnerability databases CVE, OpenWall, and other vulnerability databases with cve is only 22.1%. The average exact match rate of Chinese CNNVD and CNVD is 49.5%, and the excat match rate of Russian vulnerability databases is 25.8%.

Original language	English
Title of host publication	Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers
Editors	Chunjie Cao, Yuqing Zhang, Yuan Hong, Ding Wang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	78-99
Number of pages	22
ISBN (Print)	9789811905223
DOIs	https://doi.org/10.1007/978-981-19-0523-0_6
Publication status	Published - 2022
Event	4th International Conference on Frontiers in Cyber Security, FCS 2021 - Haikou, China Duration: 2021 Dec 17 → 2021 Dec 19

Publication series

Name	Communications in Computer and Information Science
Volume	1558 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	4th International Conference on Frontiers in Cyber Security, FCS 2021
Country/Territory	China
City	Haikou
Period	21/12/17 → 21/12/19

Keywords

Deep learning
Natural language processing
Security breach
Security vulnerability databases

ASJC Scopus subject areas

Computer Science(all)
Mathematics(all)

Access to Document

10.1007/978-981-19-0523-0_6

Cite this

Ren, H., Li, X., Lei, L., Ou, G., Sun, H., Wu, G., Tian, X., Hu, J., & Zhang, Y. (2022). Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports. In C. Cao, Y. Zhang, Y. Hong, & D. Wang (Eds.), Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers (pp. 78-99). (Communications in Computer and Information Science; Vol. 1558 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-19-0523-0_6

Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports. / Ren, Hansong; Li, Xuejun; Lei, Liao et al.

Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers. ed. / Chunjie Cao; Yuqing Zhang; Yuan Hong; Ding Wang. Springer Science and Business Media Deutschland GmbH, 2022. p. 78-99 (Communications in Computer and Information Science; Vol. 1558 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ren, H, Li, X, Lei, L, Ou, G, Sun, H, Wu, G, Tian, X, Hu, J & Zhang, Y 2022, Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports. in C Cao, Y Zhang, Y Hong & D Wang (eds), Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers. Communications in Computer and Information Science, vol. 1558 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 78-99, 4th International Conference on Frontiers in Cyber Security, FCS 2021, Haikou, China, 21/12/17. https://doi.org/10.1007/978-981-19-0523-0_6

Ren H, Li X, Lei L, Ou G, Sun H, Wu G et al. Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports. In Cao C, Zhang Y, Hong Y, Wang D, editors, Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2022. p. 78-99. (Communications in Computer and Information Science). doi: 10.1007/978-981-19-0523-0_6

Ren, Hansong ; Li, Xuejun ; Lei, Liao et al. / Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports. Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers. editor / Chunjie Cao ; Yuqing Zhang ; Yuan Hong ; Ding Wang. Springer Science and Business Media Deutschland GmbH, 2022. pp. 78-99 (Communications in Computer and Information Science).

@inproceedings{3103a35cff2b4e548afa2f48ad0eed1a,

title = "Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports",

abstract = "At present, the vulnerability database research has mainly focused on whether the disclosed information is accurate. However, the information differences between the various vulnerability databases have received little attention. This article proposes a WITTY (softWare versIon inconsisTency measuremenT sYstem) to detect the differences between the affected software versions of NVD and different language vulnerability databases (including English CVE, OpenWall, Chinese CNNVD, CNVD, and other eight databases). WITTY can enable Our large-scale quantitative information consistency. We introduce named entity recognition (NER) and relation extraction (RE) based on deep learning. We present custom design into named entity recognition (NER) and relation extraction (RE) based on deep learning, enabling WITTY to recognize previously invisible software names and versions based on sentence structure and context. Ground-truth shows that the system has a high accuracy rate (95.3% accuracy rate, 89.9% recall rate). We use data from 8 vulnerability databases in the past 21 years, involving 554,725 vulnerability reports. The results show that they are inconsistent. The software version is prevalent. The average exact match rate of English vulnerability databases CVE, OpenWall, and other vulnerability databases with cve is only 22.1%. The average exact match rate of Chinese CNNVD and CNVD is 49.5%, and the excat match rate of Russian vulnerability databases is 25.8%.",

keywords = "Deep learning, Natural language processing, Security breach, Security vulnerability databases",

author = "Hansong Ren and Xuejun Li and Liao Lei and Guoliang Ou and Hongyu Sun and Gaofei Wu and Xiao Tian and Jinglu Hu and Yuqing Zhang",

note = "Funding Information: Keywords: Security breach · Natural language processing · Deep learning · Security vulnerability databases This work was supported by the National Key Research and Development Program of China (2018YFB0804701), the Key Research and Development Program of Hainan Province (ZDYF202012), Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS202123). Publisher Copyright: {\textcopyright} 2022, Springer Nature Singapore Pte Ltd.; 4th International Conference on Frontiers in Cyber Security, FCS 2021 ; Conference date: 17-12-2021 Through 19-12-2021",

year = "2022",

doi = "10.1007/978-981-19-0523-0_6",

language = "English",

isbn = "9789811905223",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "78--99",

editor = "Chunjie Cao and Yuqing Zhang and Yuan Hong and Ding Wang",

booktitle = "Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers",

}

TY - GEN

T1 - Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports

AU - Ren, Hansong

AU - Li, Xuejun

AU - Lei, Liao

AU - Ou, Guoliang

AU - Sun, Hongyu

AU - Wu, Gaofei

AU - Tian, Xiao

AU - Hu, Jinglu

AU - Zhang, Yuqing

N1 - Funding Information: Keywords: Security breach · Natural language processing · Deep learning · Security vulnerability databases This work was supported by the National Key Research and Development Program of China (2018YFB0804701), the Key Research and Development Program of Hainan Province (ZDYF202012), Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS202123). Publisher Copyright: © 2022, Springer Nature Singapore Pte Ltd.

PY - 2022

Y1 - 2022

N2 - At present, the vulnerability database research has mainly focused on whether the disclosed information is accurate. However, the information differences between the various vulnerability databases have received little attention. This article proposes a WITTY (softWare versIon inconsisTency measuremenT sYstem) to detect the differences between the affected software versions of NVD and different language vulnerability databases (including English CVE, OpenWall, Chinese CNNVD, CNVD, and other eight databases). WITTY can enable Our large-scale quantitative information consistency. We introduce named entity recognition (NER) and relation extraction (RE) based on deep learning. We present custom design into named entity recognition (NER) and relation extraction (RE) based on deep learning, enabling WITTY to recognize previously invisible software names and versions based on sentence structure and context. Ground-truth shows that the system has a high accuracy rate (95.3% accuracy rate, 89.9% recall rate). We use data from 8 vulnerability databases in the past 21 years, involving 554,725 vulnerability reports. The results show that they are inconsistent. The software version is prevalent. The average exact match rate of English vulnerability databases CVE, OpenWall, and other vulnerability databases with cve is only 22.1%. The average exact match rate of Chinese CNNVD and CNVD is 49.5%, and the excat match rate of Russian vulnerability databases is 25.8%.

AB - At present, the vulnerability database research has mainly focused on whether the disclosed information is accurate. However, the information differences between the various vulnerability databases have received little attention. This article proposes a WITTY (softWare versIon inconsisTency measuremenT sYstem) to detect the differences between the affected software versions of NVD and different language vulnerability databases (including English CVE, OpenWall, Chinese CNNVD, CNVD, and other eight databases). WITTY can enable Our large-scale quantitative information consistency. We introduce named entity recognition (NER) and relation extraction (RE) based on deep learning. We present custom design into named entity recognition (NER) and relation extraction (RE) based on deep learning, enabling WITTY to recognize previously invisible software names and versions based on sentence structure and context. Ground-truth shows that the system has a high accuracy rate (95.3% accuracy rate, 89.9% recall rate). We use data from 8 vulnerability databases in the past 21 years, involving 554,725 vulnerability reports. The results show that they are inconsistent. The software version is prevalent. The average exact match rate of English vulnerability databases CVE, OpenWall, and other vulnerability databases with cve is only 22.1%. The average exact match rate of Chinese CNNVD and CNVD is 49.5%, and the excat match rate of Russian vulnerability databases is 25.8%.

KW - Deep learning

KW - Natural language processing

KW - Security breach

KW - Security vulnerability databases

UR - http://www.scopus.com/inward/record.url?scp=85126207009&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85126207009&partnerID=8YFLogxK

U2 - 10.1007/978-981-19-0523-0_6

DO - 10.1007/978-981-19-0523-0_6

M3 - Conference contribution

AN - SCOPUS:85126207009

SN - 9789811905223

T3 - Communications in Computer and Information Science

SP - 78

EP - 99

BT - Frontiers in Cyber Security - 4th International Conference, FCS 2021, Revised Selected Papers

A2 - Cao, Chunjie

A2 - Zhang, Yuqing

A2 - Hong, Yuan

A2 - Wang, Ding

PB - Springer Science and Business Media Deutschland GmbH

T2 - 4th International Conference on Frontiers in Cyber Security, FCS 2021

Y2 - 17 December 2021 through 19 December 2021

ER -

Detecting Inconsistent Vulnerable Software Version in Security Vulnerability Reports

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this