all InfoSec news
Uncovering CWE-CVE-CPE Relations with Threat Knowledge Graphs. (arXiv:2305.00632v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Security assessment relies on public information about products,
vulnerabilities, and weaknesses. So far, databases in these categories have
rarely been analyzed in combination. Yet, doing so could help predict
unreported vulnerabilities and identify common threat patterns. In this paper,
we propose a methodology for producing and optimizing a knowledge graph that
aggregates knowledge from common threat databases (CVE, CWE, and CPE). We apply
the threat knowledge graph to predict associations between threat databases,
specifically between products, vulnerabilities, and weaknesses. We …
assessment cpe cve cwe databases doing graphs identify information knowledge knowledge graph patterns predict producing products public security security assessment threat vulnerabilities