UMBC ebiquity

Extracting Information about Security Vulnerabilities from Web Text

Speaker: Wenjia Li

Start: Tuesday, April 19, 2011, 11:00AM

End: Tuesday, April 19, 2011, 12:15PM

Location: ITE 325 - B


The Web has rapidly grown into a source for disseminating information related to computer security threats, vulnerabilities and cyber-attacks. We present initial work on developing a framework to detect and extract descriptions of vulnerabilities and attacks from Web text. Our prototype system uses Wikitology, a general purpose knowledge base based on Wikipedia, to extract concepts that describe specific vulnerabilities and attacks, map them to related concepts from DBpedia and generate machine understandable assertions. Such a framework will be useful in adding structure to already existing vulnerability descriptions as well as detecting new vulnerabilities. We evaluate our approach against vulnerability descriptions obtained from NIST's National Vulnerability Database. Our results suggest that this approach can be effective in monitoring streams of text from social media or chat rooms to identify potential new attacks and vulnerabilities or to collect data on the spread and volume of existing ones.

Tags: security, vulnerability, information extraction, entity linking

Host: Tim Finin