xVDB: A High-Coverage Approach for Constructing a Vulnerability Database


When it comes to locating and correcting vulnerabilities discovered in a single day, security patches play a crucial role. However, accumulating a large number of security patches from a variety of data sources is not an easy task to complete. This is the case for two reasons: (1) every data source presents vulnerability information in its own unique fashion, and (2) many security patches cannot be directly collected from information pertaining to Common Vulnerabilities and Exposures (CVE) (for example, references in the National Vulnerability Database, or NVD). In this paper, we propose an approach that tracks multiple data sources in order to collect known security patches. This approach has a high coverage rate. We focused specifically on the following three types of data sources: repositories (such as GitHub), issue trackers (such as Bugzilla), and question and answer websites ( e . g ., Stack Overflow). We collect even security patches that cannot be collected by only considering CVE information from the various data sources ( I . e ., previously untracked security patches). During the course of our research, we gathered a total of 12,432 CVE patches from various repositories and issue trackers, in addition to 12,458 insecure posts from Question and Answer websites. The fact that we were able to collect at least four times as many CVE patches as were collected by other methods demonstrates the effectiveness of the method that we developed. The gathered security patches are uploaded to a public website (in this case, IoTcube) and used there as a database in order to move forward with the detection of vulnerable code clones.

Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here

PROJECT TITLE :Hashtagger+: Efficient High-Coverage Social Tagging of Streaming News - 2018ABSTRACT:News and social media currently play a synergistic role and neither domain can be grasped in isolation. On one hand, platforms
PROJECT TITLE : Video Dissemination over Hybrid Cellular and Ad Hoc Networks - 2014 ABSTRACT: We study the problem of disseminating videos to mobile users by using a hybrid cellular and ad hoc network. In particular, we formulate
PROJECT TITLE : Security Analysis of Handover Key Management in 4G LTESAE Networks - 2014 ABSTRACT: The goal of 3GPP Long Term Evolution/System Architecture Evolution (LTE/SAE) is to move mobile cellular wireless technology
PROJECT TITLE : Secure and Efficient Data Transmission for Cluster-Based Wireless Sensor Networks - 2014 ABSTRACT: Secure data transmission is a critical issue for wireless sensor networks (WSNs). Clustering is an effective
PROJECT TITLE : Hop-by-Hop Message Authenticationand Source Privacy in WirelessSensor Networks - 2014 ABSTRACT: Message authentication is one of the most effective ways to thwart unauthorized and corrupted messages from being

Ready to Complete Your Academic MTech Project Work In Affordable Price ?

Project Enquiry