Refining Traceability Links Between Vulnerability and Software Component in a Vulnerability Knowledge Graph
完善漏洞知識圖譜中漏洞和軟體元件之間的可追溯性連結
目錄
摘要
軟體漏洞和它們相應的軟體元件資訊通常儲存在不同的位置,並有不同的表示方法。在它們之間建立準確的追溯連結,形成統一的知識圖譜,對漏洞擴散分析、元件依賴性管理和關係推理都有很大幫助。
在本文中,我們首先提出了一個軟體漏洞知識圖譜模型,它整合了CVE資訊、Maven庫中的Java元件元資料和Github上的專案協作資料。為了構建知識圖,我們提出了兩種本體匹配方法。第一種方法以URL文字匹配的方式連結Maven專案和Github專案。第二種方法引入了隨機森林演算法,基於16個明確定義的特徵將CVE專案版本和Maven專案版本聯絡起來。
實驗結果表明,CVE專案版本和Maven專案版本之間的匹配是非常有希望的,準確率高達99.8%。基於我們的方法,漏洞和軟體元件之間的可追溯性聯絡可以更加準確。
相關推薦
Refining Traceability Links Between Vulnerability and Software Component in a Vulnerability Knowledge Graph
完善漏洞知識圖譜中漏洞和軟體元件之間的可追溯性連結 目錄 摘要 摘要 軟體漏洞和它們相應的軟體元件資訊通常儲存在不同的位置,並有不同的表示方法。在它們之間建立準確的追溯連結,形成統一的知識圖譜,對
Difference between extending and intersecting interfaces in TypeScript?
Difference between extending and intersecting interfaces in TypeScript? Ask Question Asked 3 years, 7 months ago
rac-status.sh : an overview of your RAC / GI 11g,12c, 18c and 19c resources in a glimpse
#!/bin/bash # Fred Denis -- Jan 2016 -- http://unknowndba.blogspot.com -- [email protected] # # Quickly shows a status of all running instances accross a 11g, 12c, 18c+ cluster
A download software component is corrupted and will not be used
今天用xcode上傳app 出現了上面的問題 A download software component is corrupted and will not be used https://contentdelivery.itunes.apple.com/transporter/repositories/j2se8/2.0.0/bundles/com.
‘A downloaded software component is corrupted and will not be used. ‘ while publish an iOS app to apple store via Xcode
While trying to publish an iOS app via Xcode, and after passing most of validations, I received the following error:
Share cookie between subdomain and domain
Share cookie between subdomain and domain 問題 I have two questions. I understand that if I specify the domain as .mydomain.com (with the leading dot) in the cookie that all subdomains can share a co
錯誤/警告型別總結——comparison between signed and unsigned integer expressions
A warning - comparison between signed and unsigned integer expressions [-Wsign-compare] 1 vector<int> histogram = Histogram(img);
Differences between AVAudioSessionPortOverrideSpeaker and AVAudioSessionCategoryOptionDefaultToSpeaker
https://developer.apple.com/library/archive/qa/qa1754/_index.html#//apple_ref/doc/uid/DTS40011281 Q: Can you explain the difference between calling the AVAudioSession methodoverrideOutputAudioPort:wi
mysql的between和and的範圍
技術標籤:mysqlmysql 1,BETWEEN … AND 相當於 >= AND <= 因此包含兩端的值 select id from customers where id between 100 and 105;
What is the difference between customErrors and httpErrors?
What is the difference between customErrors and httpErrors? What is the difference between the customErrors and httpErrors sections of the web.config file in ASP.NET MVC applications?
What’s the difference between “Array()” and “[]” while declaring a JavaScript array?
What’s the difference between “Array()” and “[]” while declaring a JavaScript array? 問題 What\'s the real difference between declaring an array like this:
What are the differences between .gitignore and .gitkeep?
What are the differences between .gitignore and .gitkeep? What are the differences between .gitignore and .gitkeep? Are they the same thing with a different name, or do they both serve a different f
What's the difference between JWTs and Bearer Token?
What\'s the difference between JWTs and Bearer Token? 問題 I\'m learning something about Authorization like Basic, Digest, OAuth2.0, JWTs, and Bearer Token.
What is the difference between GET and POST encryption?
What is the difference between GET and POST encryption? 問題 What is the difference when encrypting GET and POST data?
What's the difference between tilde(~) and caret(^) in package.json?
What\'s the difference between tilde(~) and caret(^) in package.json? 問題 After I upgraded to the latest stable node and npm, I tried npm install moment --save. It saves the entry in the package.js
What's the difference between interface and @interface in java? and defining an annotation type
今天細看了@PathVarible // // Source code recreated from a .class file by IntelliJ IDEA // (powered by FernFlower decompiler)
Difference between Inheritance and Polymorphism
Inheritance:Inheritance is one in which a new class is created that inherits the properties of the already exist class. It supports the concept of code reusability and reduces the length of the code i
What is the difference between kernel and user mode? Explain how having two distinct modes aids in designing an operating system.
Expert Answer Most modern CPUs provide two modes of execution: kernel mode and user mode. Kernel Mode
CF914F Substrings in a String bitset的應用 Shift -And
給你一個字串s,共有q次操作,每個都是下面兩種形式的一種。 1i c:這個操作表示將字串s的第i項變為字元c
[Express] Handle Syncronous and Asyncronous Errors in Express
When express App run syncronous code: app.get(\"/test\", (req, res) => { throw new Error(\"Oh no! The world has ended!\");