VulnScopper: Unveiling Hidden Links Between Unseen Security Entities

Daniel Alfasi; Tal Shapira; Anat Bremler Barr

doi:10.1145/3694811.3697819

VulnScopper: Unveiling Hidden Links Between Unseen Security Entities

Daniel Alfasi, Tal Shapira, Anat Bremler Barr

School of Computer Science

Tel Aviv University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The Common Vulnerabilities and Exposures (CVE) system is crucial for cybersecurity, providing standardized identification of vulnerabilities. In February 2024, the National Vulnerability Database (NVD) announced it could no longer enrich new CVEs due to increasing volumes, significantly impacting global security efforts. This paper introduces VulnScopper, an innovative approach to automate and enhance vulnerability enrichment using Graph Neural Networks (GNNs). VulnScopper combines Knowledge Graphs (KG) with Natural Language Processing (NLP) by leveraging ULTRA, a GNN-based knowledge graph foundation model, alongside a Large Language Model (LLM). VulnScopper’s inductive approach enables it to handle unseen entities, overcoming a crucial limitation of previous CVE enrichment methods. We evaluate VulnScopper on the NVD dataset in inductive and transductive setups for CVE to Common Platform Enumerations (CPE) linking. Our results show that VulnScopper outperforms state-of-the-art techniques, achieving up to 60% Hits@10 accuracy in linking CVEs to CPE on unseen CVE records. We demonstrate VulnScopper’s effectiveness on unseen 2023 CVEs, showcasing its ability to uncover new vulnerable products and potentially reduce vulnerability remediation time.

Original language	English
Title of host publication	GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with
Subtitle of host publication	CoNEXT 2024
Pages	33-40
Number of pages	8
ISBN (Electronic)	9798400712548
DOIs	https://doi.org/10.1145/3694811.3697819
State	Published - 9 Dec 2024
Event	3rd International Workshop on Graph Neural Networking, GNNet 2024, co-located with ACM CoNEXT 2024 - Los Angeles, United States Duration: 9 Dec 2024 → 12 Dec 2024

Publication series

Name	GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024

Conference

Conference	3rd International Workshop on Graph Neural Networking, GNNet 2024, co-located with ACM CoNEXT 2024
Country/Territory	United States
City	Los Angeles
Period	9/12/24 → 12/12/24

Keywords

CPE
CVE
CWE
Cybersecurity
Graph Neural Networks (GNN)
Knowledge Graphs
Large Language Models (LLM)
Link Prediction
Vulnerabilities

All Science Journal Classification (ASJC) codes

Computer Graphics and Computer-Aided Design
Computer Vision and Pattern Recognition
Human-Computer Interaction
Electrical and Electronic Engineering

Access to Document

10.1145/3694811.3697819

Cite this

Alfasi, D., Shapira, T., & Barr, A. B. (2024). VulnScopper: Unveiling Hidden Links Between Unseen Security Entities. In GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024 (pp. 33-40). (GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024). https://doi.org/10.1145/3694811.3697819

Alfasi, Daniel ; Shapira, Tal ; Barr, Anat Bremler. / VulnScopper : Unveiling Hidden Links Between Unseen Security Entities. GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024. 2024. pp. 33-40 (GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024).

@inproceedings{fee48218c06149eb8a6bead6772177ca,

title = "VulnScopper: Unveiling Hidden Links Between Unseen Security Entities",

abstract = "The Common Vulnerabilities and Exposures (CVE) system is crucial for cybersecurity, providing standardized identification of vulnerabilities. In February 2024, the National Vulnerability Database (NVD) announced it could no longer enrich new CVEs due to increasing volumes, significantly impacting global security efforts. This paper introduces VulnScopper, an innovative approach to automate and enhance vulnerability enrichment using Graph Neural Networks (GNNs). VulnScopper combines Knowledge Graphs (KG) with Natural Language Processing (NLP) by leveraging ULTRA, a GNN-based knowledge graph foundation model, alongside a Large Language Model (LLM). VulnScopper{\textquoteright}s inductive approach enables it to handle unseen entities, overcoming a crucial limitation of previous CVE enrichment methods. We evaluate VulnScopper on the NVD dataset in inductive and transductive setups for CVE to Common Platform Enumerations (CPE) linking. Our results show that VulnScopper outperforms state-of-the-art techniques, achieving up to 60% Hits@10 accuracy in linking CVEs to CPE on unseen CVE records. We demonstrate VulnScopper{\textquoteright}s effectiveness on unseen 2023 CVEs, showcasing its ability to uncover new vulnerable products and potentially reduce vulnerability remediation time.",

keywords = "CPE, CVE, CWE, Cybersecurity, Graph Neural Networks (GNN), Knowledge Graphs, Large Language Models (LLM), Link Prediction, Vulnerabilities",

author = "Daniel Alfasi and Tal Shapira and Barr, {Anat Bremler}",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 3rd International Workshop on Graph Neural Networking, GNNet 2024, co-located with ACM CoNEXT 2024 ; Conference date: 09-12-2024 Through 12-12-2024",

year = "2024",

month = dec,

day = "9",

doi = "10.1145/3694811.3697819",

language = "الإنجليزيّة",

series = "GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024",

pages = "33--40",

booktitle = "GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with",

}

Alfasi, D, Shapira, T & Barr, AB 2024, VulnScopper: Unveiling Hidden Links Between Unseen Security Entities. in GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024. GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024, pp. 33-40, 3rd International Workshop on Graph Neural Networking, GNNet 2024, co-located with ACM CoNEXT 2024, Los Angeles, United States, 9/12/24. https://doi.org/10.1145/3694811.3697819

VulnScopper: Unveiling Hidden Links Between Unseen Security Entities. / Alfasi, Daniel; Shapira, Tal; Barr, Anat Bremler.
GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024. 2024. p. 33-40 (GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - VulnScopper

T2 - 3rd International Workshop on Graph Neural Networking, GNNet 2024, co-located with ACM CoNEXT 2024

AU - Alfasi, Daniel

AU - Shapira, Tal

AU - Barr, Anat Bremler

PY - 2024/12/9

Y1 - 2024/12/9

N2 - The Common Vulnerabilities and Exposures (CVE) system is crucial for cybersecurity, providing standardized identification of vulnerabilities. In February 2024, the National Vulnerability Database (NVD) announced it could no longer enrich new CVEs due to increasing volumes, significantly impacting global security efforts. This paper introduces VulnScopper, an innovative approach to automate and enhance vulnerability enrichment using Graph Neural Networks (GNNs). VulnScopper combines Knowledge Graphs (KG) with Natural Language Processing (NLP) by leveraging ULTRA, a GNN-based knowledge graph foundation model, alongside a Large Language Model (LLM). VulnScopper’s inductive approach enables it to handle unseen entities, overcoming a crucial limitation of previous CVE enrichment methods. We evaluate VulnScopper on the NVD dataset in inductive and transductive setups for CVE to Common Platform Enumerations (CPE) linking. Our results show that VulnScopper outperforms state-of-the-art techniques, achieving up to 60% Hits@10 accuracy in linking CVEs to CPE on unseen CVE records. We demonstrate VulnScopper’s effectiveness on unseen 2023 CVEs, showcasing its ability to uncover new vulnerable products and potentially reduce vulnerability remediation time.

AB - The Common Vulnerabilities and Exposures (CVE) system is crucial for cybersecurity, providing standardized identification of vulnerabilities. In February 2024, the National Vulnerability Database (NVD) announced it could no longer enrich new CVEs due to increasing volumes, significantly impacting global security efforts. This paper introduces VulnScopper, an innovative approach to automate and enhance vulnerability enrichment using Graph Neural Networks (GNNs). VulnScopper combines Knowledge Graphs (KG) with Natural Language Processing (NLP) by leveraging ULTRA, a GNN-based knowledge graph foundation model, alongside a Large Language Model (LLM). VulnScopper’s inductive approach enables it to handle unseen entities, overcoming a crucial limitation of previous CVE enrichment methods. We evaluate VulnScopper on the NVD dataset in inductive and transductive setups for CVE to Common Platform Enumerations (CPE) linking. Our results show that VulnScopper outperforms state-of-the-art techniques, achieving up to 60% Hits@10 accuracy in linking CVEs to CPE on unseen CVE records. We demonstrate VulnScopper’s effectiveness on unseen 2023 CVEs, showcasing its ability to uncover new vulnerable products and potentially reduce vulnerability remediation time.

KW - CPE

KW - CVE

KW - CWE

KW - Cybersecurity

KW - Graph Neural Networks (GNN)

KW - Knowledge Graphs

KW - Large Language Models (LLM)

KW - Link Prediction

KW - Vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85216583765&partnerID=8YFLogxK

U2 - 10.1145/3694811.3697819

DO - 10.1145/3694811.3697819

M3 - منشور من مؤتمر

T3 - GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024

SP - 33

EP - 40

BT - GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with

Y2 - 9 December 2024 through 12 December 2024

ER -

Alfasi D, Shapira T, Barr AB. VulnScopper: Unveiling Hidden Links Between Unseen Security Entities. In GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024. 2024. p. 33-40. (GNNet 2024 - Proceedings of the 3rd GNNet Workshop on Graph Neural Networking Workshop, Co-Located with: CoNEXT 2024). doi: 10.1145/3694811.3697819

VulnScopper: Unveiling Hidden Links Between Unseen Security Entities

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Cite this