Skip to main content

Simple package that given a CVE desription tries to extract useful semantics from it using NLP

Project description

CVE analyzer

This project aims to extract from a collection of vulnerabilities report expressed in common English language various semantic information. These semantic information are encoded and retrieved using Name Entity recognition (NER) on the description and currently the available labels are the following:

  • FUNCTION: Vulnerable function name.
  • VERSION: Vulnerable version of the target program.
  • SOURCECE: Path to the source code that contains the vulnerable function/functions.
  • DRIVER: Driver that we the attacker needs to interact with to trigger the exploit.
  • STRUCT: Malformed struct that contains the bug.
  • VULNERABILITY: Type of the vulnerability (e.g. buffer overflow, etc...).
  • CAPABILITY: Capability that the attacker gains after a successful exploitation of the vulnerability (e.g. remote code execution, etc...).

Dataset

The dataset on which the initial state of the project has been developed and tested on is the list of Common Vulnerability Exposure (CVE) regarding the Linux kernel for the years 2017 and 2018 (for this first implementation). The dataset can be found on the website CVE detail

The dataset is formatted as a Comma Separated Values (CSV) but it has been simplified from it's original version and only the description fields has been taken into account.

Installation

Install the project and al its dependencies with:

pip install cve_analyzer

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cve_analyzer-0.0.4.tar.gz (12.1 MB view hashes)

Uploaded source

Built Distribution

cve_analyzer-0.0.4-py2.py3-none-any.whl (12.1 MB view hashes)

Uploaded py2 py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page