Extracting Information about Security Vulnerabilities from Web Text

Thumbnail Image

Files

566.pd.pdf (234.21 KB)

Links to Files

https://ieeexplore.ieee.org/document/6040854

Permanent Link

10.1109/WI-IAT.2011.26
 http://hdl.handle.net/11603/11978

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2011-08-22

Type of Work

conference papers and proceedings preprints
Text

Department

Program

Citation of Original Publication

Varish Mulwad, Wenjia Li, Anupam Joshi, Tim Finin, and Krishnamurthy Viswanathan, Extracting Information about Security Vulnerabilities from Web Text, Proceedings of the Web Intelligence for Information Security Workshop, 2011, DOI: 10.1109/WI-IAT.2011.26

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2011 IEEE

Subjects

security
vulnerability
information extraction
entity linking
Computer security
Electronic publishing
Data mining
UMBC Ebiquity Research Group

Abstract

The Web is an important source of information about computer security threats, vulnerabilities and cyber-attacks. We present initial work on developing a framework to detect and extract information about vulnerabilities and attacks from Web text. Our prototype system uses Wikitology, a general purpose knowledge base derived from Wikipedia, to extract concepts that describe specific vulnerabilities and attacks, map them to related concepts from DBpedia and generate machine understandable assertions. Such a framework will be useful in adding structure to already existing vulnerability descriptions as well as detecting new ones. We evaluate our approach against vulnerability descriptions from the National Vulnerability Database. Our results suggest that it can be useful in monitoring streams of text from social media or chat rooms to identify potential new attacks and vulnerabilities or to collect data on the spread and volume of existing ones.