Extended Vulnerability Feature Extraction Based on Public Resources

Abstract

The focus of this research is to define a framework that automatically analyses Common Vulnerabilities and Exposures (CVE) from public and disclosed resources and makes mapping to the target computer system. The current framework calculates risk assessment and estimates vulnerabilities impact according to the features of the target platform. In this paper, we describe the main vulnerability feature set, provide approaches for automatic extraction from databases and open resources. We evaluated and improved each obtaining approaches on the recent set of security vulnerabilities (2018 year database). Comparison obtained results with results of manual expert analysis is proved.