CVE representation to build attack positions graphs
2023 IEEE International Conference on Big Data (BigData), 2023•ieeexplore.ieee.org
In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed
hardware or software vulnerabilities. These vulnerabilities are documented and listed in the
NVD database maintained by the NIST. Knowledge of the CVEs impacting an information
system provides a measure of its level of security. This article points out that these
vulnerabilities should be described in greater detail to understand how they could be
chained together in a complete attack scenario. This article presents the first proposal for the …
hardware or software vulnerabilities. These vulnerabilities are documented and listed in the
NVD database maintained by the NIST. Knowledge of the CVEs impacting an information
system provides a measure of its level of security. This article points out that these
vulnerabilities should be described in greater detail to understand how they could be
chained together in a complete attack scenario. This article presents the first proposal for the …
In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs impacting an information system provides a measure of its level of security. This article points out that these vulnerabilities should be described in greater detail to understand how they could be chained together in a complete attack scenario. This article presents the first proposal for the CAPG format, which is a method for representing a CVE vulnerability, a corresponding exploit, and associated attack positions.
ieeexplore.ieee.org