Tracking software vulnerabilities, with the increasing complexity of system architectures, is a hard but fundamental task that requires developers to be up-to-date with different knowledge domains. The publishing of vulnerabilities, the techniques used in their exploitation, and the measures that can be taken to mitigate them, are information provided through different data sources. We developed CyberGraph to gather this information in a single graph database and extended it with real-time data from other threat intelligence tools. In this work we present the update done to the CyberGraph structure and new possible use cases to leverage its expanded data source assimilation and linking of different repositories. The resulting dataset and web application allows users to simplify analysis of existing software ecosystems and domains in order to track possible vulnerabilities and gather information on attack patterns and mitigation that can be applied to them.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security Management of Threats with CyberGraph

  • Ettore Carbone,
  • Francesco Bruno,
  • Fabio Dainese,
  • Purbasha Chowdhury,
  • Paolo Falcarin

摘要

Tracking software vulnerabilities, with the increasing complexity of system architectures, is a hard but fundamental task that requires developers to be up-to-date with different knowledge domains. The publishing of vulnerabilities, the techniques used in their exploitation, and the measures that can be taken to mitigate them, are information provided through different data sources. We developed CyberGraph to gather this information in a single graph database and extended it with real-time data from other threat intelligence tools. In this work we present the update done to the CyberGraph structure and new possible use cases to leverage its expanded data source assimilation and linking of different repositories. The resulting dataset and web application allows users to simplify analysis of existing software ecosystems and domains in order to track possible vulnerabilities and gather information on attack patterns and mitigation that can be applied to them.