representativeness
play

Representativeness in the Benchmark for Vulnerability Analysis Tools - PowerPoint PPT Presentation

Oct 05, 2022 •423 likes •561 views

Representativeness in the Benchmark for Vulnerability Analysis Tools ( B-VAT ) Kayla Afanador (Keen) Cynthia Irvine Preliminary Work Paper Naval Postgraduate School Naval Postgraduate School Length: Short Start Visualizations (CVE)

  1. Representativeness in the Benchmark for Vulnerability Analysis Tools ( B-VAT ) Kayla Afanador (Keen) Cynthia Irvine Preliminary Work Paper Naval Postgraduate School Naval Postgraduate School Length: Short

  2. Start Visualizations (CVE) Vulnerability Instances (CWE) Weakness Types Existing Datasets Analyze CVEs Analyze Vuln. databases Crawl CWE Additional CVE’s? Additional CWE’s? Yes Yes Create datasets.csv No No Create cve.csv Create cwe.json Create dataset.json Create dataset.json Create dataset.json combined.json Create dataset.json Create dataset.json Vulnerability types Too many VATs compliment the No standard method disproportionately vulnerabilities to rely on analysis process, but (benchmark) to compare represented manual analysis alone. there are a lot of tools… the tools. The Problem: No benchmark to compare VATs 2

  3. Relevant Usable problems representative of reality able to be used in multiple operating environments, and run with a variety of tools Repeatable Fair not be partial to any particular tool results should be consistently reproduced when the benchmark is run with the same tool Verifiable confidence that benchmark results are accurate The Solution: B-VAT 3

  4. A dictionary of publicly known vulnerability and exposure instances 1999-2020 over 160k CVEs CVE’s as vulnerability instances 4

  5. A dictionary of publicly known vulnerability and exposure instances Over half , 93,056, of all CVE entries published between 2014-2019 (75k accepted). CVE’s as vulnerability instances 5

  6. Community developed list of weaknesses with security ramifications Crawled over 1k CWE pages to create tree data structures for each of the ten CWE Pillars. Use root node (1000) to create single rooted tree CWE’s as Weakness Types 6

  7. Use existing CVE/CWE correlation to classify vulnerability instances by associated weakness type 55,128 CVEs with associated CWE ID Trace each CVE to 1 of 10 CWE pillars (the most abstract weakness types) CWE-1000 Pillar Node CVE’s&CWE’s to create a representative set 7

  8. Representative Set: a subset of test cases that adequately represents the larger set of known vulnerability instances and types Pillar node CWE-664 represent 45% of CVE’s from 2014-2019 CWE-1000 Pillar Node CVE’s&CWE’s to create a representative set 8

  9. Juliet C/C++ Juliet Java CGC Corpus Coming Soon Stonesoup B-VAT OWASP Benchmark The representative set Existing datasets may not be representative 9

  10. Random sampling results in the misrepresentation of vulnerability instances and weakness types Stratified Sample: Allows sub-groups or “ strata ” to be proportionately represented Provides a representative sample of a larger population Preserves the relative proportions of each pillar 55,128 2,301 Identifying a representative subset for B-VAT 10

  11. Relevant problems representative of reality Repeatable results should be consistently reproduced when the benchmark is run with the same tool Usable able to be used in multiple operating environments, and run with a variety of tools Fair not be partial to any particular tool Verifiable confidence that benchmark results are accurate Recap & Next Steps 11

  12. Thank you Special thanks to Dr. Lyn Whitaker for the valuable discussions Contact us: Cynthia Irvine Kayla Afanador (Keen) 12 knkeen@nps.edu irvine@nps.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

F F AIRMODE SP AIRMODE SP ATIAL REPRESENTATIVENESS: ATIAL REPRESENTATIVENESS: ANTWERP DATASET

F F AIRMODE SP AIRMODE SP ATIAL REPRESENTATIVENESS: ATIAL REPRESENTATIVENESS: ANTWERP DATASET

F F AIRMODE SP AIRMODE SP ATIAL REPRESENTATIVENESS: ATIAL REPRESENTATIVENESS: ANTWERP DATASET ANTWERP DATASET Hans Hooyberghs, Wouter Lefebvre, Stijn Janssen OVERVIEW Spatial representativeness Data overview Measurements

462 views • 33 slides
Sampling and Representativeness Department of Government London School of Economics and

Sampling and Representativeness Department of Government London School of Economics and

Representativeness Design-based (Statistical) Sampling Sampling and Representativeness Department of Government London School of Economics and Political Science Representativeness Design-based (Statistical) Sampling 1 Representativeness 2

959 views • 62 slides
Status of the I ntercom parison Exercise Spatial Representativeness of Air Quality Monitoring

Status of the I ntercom parison Exercise Spatial Representativeness of Air Quality Monitoring

The European Com m issions science and know ledge service Joint Research Centre Status of the I ntercom parison Exercise Spatial Representativeness of Air Quality Monitoring Stations Oliver Kracht with contributions from AwAC (Belgium),

602 views • 22 slides
Spatial representativeness m ethod proposed for the W alloon m onitoring stations applied to the

Spatial representativeness m ethod proposed for the W alloon m onitoring stations applied to the

Spatial representativeness m ethod proposed for the W alloon m onitoring stations applied to the Antw erp dataset Fabian Lenartz (ISSeP), Virginie Hutsemkers (AwAC-IRCELINE) Influence/ classification of the stations Urban area: Distance of

561 views • 23 slides
FAIRMODE Spatial representativeness feasibility study: State of the art Questionnaire design and

FAIRMODE Spatial representativeness feasibility study: State of the art Questionnaire design and

FAIRMODE Spatial representativeness feasibility study: State of the art Questionnaire design and replies Jos Lus Santiago, Fernando Martn, Laura Garca CIEMAT, SPAIN Oliver Kracht, Michel Gerboles JRC, ITALY 25/06/2015 FAIRMODE

965 views • 31 slides
Evaluating representativeness errors in verification against Arctic surface observations Thomas

Evaluating representativeness errors in verification against Arctic surface observations Thomas

Evaluating representativeness errors in verification against Arctic surface observations Thomas Haiden and Martin Janousek European Centre for Medium-Range Weather Forecasts Photo IASOA Outline Arctic: downward longwave radiation anomalies

553 views • 30 slides
Fairmode technical meeting:WG1 Spatial representativeness Oliver Kracht, Michel Gerboles, With

Fairmode technical meeting:WG1 Spatial representativeness Oliver Kracht, Michel Gerboles, With

The European Commissions science and knowledge service Joint Research Centre Fairmode technical meeting:WG1 Spatial representativeness Oliver Kracht, Michel Gerboles, With contributed information from Fernando Martn, Jos Lus

518 views • 22 slides
DC-AAPOR/WSS SUMMER CONFERENCE 2019 INCREASING REPRESENTATIVENESS THROUGH THE USE OF

DC-AAPOR/WSS SUMMER CONFERENCE 2019 INCREASING REPRESENTATIVENESS THROUGH THE USE OF

DC-AAPOR/WSS SUMMER CONFERENCE 2019 INCREASING REPRESENTATIVENESS THROUGH THE USE OF PREDICTIVE MODELING AND TARGETED OUTREACH A.L. DJANGALI, J. JOSEPH-DAVID, & L. TROFIMOVICH DC-AAPOR/WSS SUMMER CONFERENCE 2019 STUDY BACKGROUND

458 views • 10 slides
1 Binomial distribution: the bell curve Tversky: representativeness Tverskys theory is that

1 Binomial distribution: the bell curve Tversky: representativeness Tverskys theory is that

The Gamblers Fallacy Toss a fair coin 10 heads in a row - what probability another head? Which is more likely? Interpreting in uncertainty a. a head b. a tail Human Communication Lecture 4 c. both equally likely Jan-26-09 Human

448 views • 6 slides
Whats in and whats not: using the new global seafloor geomorphic map to examine the

Whats in and whats not: using the new global seafloor geomorphic map to examine the

Whats in and whats not: using the new global seafloor geomorphic map to examine the representativeness of global marine protected areas Miles Macmillan-Lawler, Peter Harris, Elaine Baker, Jonas Rupp GRID-Arendal, Geoscience Australia,

406 views • 22 slides
Spatia atial l re repres resentativ entativeness eness an and stat ation ion clas

Spatia atial l re repres resentativ entativeness eness an and stat ation ion clas

Spatia atial l re repres resentativ entativeness eness an and stat ation ion clas assifica sification tion Introduction Local assessment of station representativeness based on sampling surveys and (where possible) geostatistical

235 views • 12 slides
CEN/TC Some open issues Ari Karppinen Athens 6/2017 How to use MQO in real life ? Station

CEN/TC Some open issues Ari Karppinen Athens 6/2017 How to use MQO in real life ? Station

CEN/TC Some open issues Ari Karppinen Athens 6/2017 How to use MQO in real life ? Station representativeness Demonstration of eqivalence Minimum number of stations needed Focus area vs. validation area Example:Modelling system -

853 views • 15 slides
Siting classification for Surface Ob Observing Stations on Land i St ti L d Michel Leroy,

Siting classification for Surface Ob Observing Stations on Land i St ti L d Michel Leroy,

Siting classification for Surface Ob Observing Stations on Land i St ti L d Michel Leroy, Mto-France Content of the presentation Q Quality factors of a measurement lit f t f t Site representativeness Siting

741 views • 51 slides
POL POL201Y1: Po Politics of Development Karol Czuba, University of Toronto Lecture 11:

POL POL201Y1: Po Politics of Development Karol Czuba, University of Toronto Lecture 11:

POL POL201Y1: Po Politics of Development Karol Czuba, University of Toronto Lecture 11: Developmental states Re Recap State-making in Europe: War State capacity Representativeness and accountability + rule of law

415 views • 23 slides
wit ith the Generalized Benford's 's Law Arnaud Soulet, Arnaud Giacometti, Batrice Markhoff

wit ith the Generalized Benford's 's Law Arnaud Soulet, Arnaud Giacometti, Batrice Markhoff

Representativeness of Knowledge Bases wit ith the Generalized Benford's 's Law Arnaud Soulet, Arnaud Giacometti, Batrice Markhoff and Fabian M. Suchanek University of Tours Telecom ParisTech Reliability of f queries on Knowledge Bases

530 views • 29 slides
evaluate representativeness of the Dutch monitoring sites Contents Classification of

evaluate representativeness of the Dutch monitoring sites Contents Classification of

National Institute for Public Health and National Institute for Public Health and the Environment the Environment Ministry of Health, Welfare and Sport Ministry of Health, Welfare and Sport PCA (Principal components analysis) to evaluate

180 views • 16 slides
On characterising and identifying mismatches in scientific workflows Khalid Belhajjame, Suzanne

On characterising and identifying mismatches in scientific workflows Khalid Belhajjame, Suzanne

On characterising and identifying mismatches in scientific workflows Khalid Belhajjame, Suzanne M. Embury, and Norman W. Paton School of Computer Science University of Manchester Scientific workflow A scientific workflow is a series of

235 views • 12 slides
Tolerating Architectural Mismatches Rogrio de Lemos University of Kent at Canterbury, UK

Tolerating Architectural Mismatches Rogrio de Lemos University of Kent at Canterbury, UK

Tolerating Architectural Mismatches Rogrio de Lemos University of Kent at Canterbury, UK Cristina Gacek, Alexander Romanovsky University of Newcastle upon Tyne, UK R. de Lemos, C. Gacek, A. Romanovsky ICSE WADS May 2002 1 Motivation

264 views • 9 slides
The Implications of Sample-Based Vs. Self- Reported Measures of Urbanicity Co-authors:

The Implications of Sample-Based Vs. Self- Reported Measures of Urbanicity Co-authors:

The Implications of Sample-Based Vs. Self- Reported Measures of Urbanicity Co-authors: Presenter: Kat Devlin & Janell Fetterolf Alexandra Castillo, Ph.D. Research Associates, Global Attitudes Courtney Johnson Research Associate, Global

818 views • 33 slides
MA/CSSE 473 Day 26 Student questions Boyer-Moore B Trees Recap: Boyer Moore Intro When

MA/CSSE 473 Day 26 Student questions Boyer-Moore B Trees Recap: Boyer Moore Intro When

MA/CSSE 473 Day 26 Student questions Boyer-Moore B Trees Recap: Boyer Moore Intro When determining how far to shift after a mismatch Horspool only uses the text character corresponding to the rightmost pattern character Can we do

411 views • 9 slides
Mitigate Risk. Save Money. Protect Your Brand. Confidential and Proprietary WEBPAGES WITHOUT

Mitigate Risk. Save Money. Protect Your Brand. Confidential and Proprietary WEBPAGES WITHOUT

Mitigate Risk. Save Money. Protect Your Brand. Confidential and Proprietary WEBPAGES WITHOUT VIOLATIONS The percentage of webpages that did not have any potential violations * nearly doubled from January through June 20% in JUN 2014 11% in JAN

395 views • 5 slides
Traditional Medical Staff Bylaws Charlotte Jefferies A Scary Horty, Springer & Mattern

Traditional Medical Staff Bylaws Charlotte Jefferies A Scary Horty, Springer & Mattern

Medical Staff Bylaws Changes You Cant Ignore! Traditional Medical Staff Bylaws Charlotte Jefferies A Scary Horty, Springer & Mattern Read! Bylaws must comply with the Medicare Conditions Medicare CoPs are standards that of

579 views • 8 slides
Agenda 1. Update on Elder Selection / Chiller purchase Kim C 2. Update from Finance Team Laurie

Agenda 1. Update on Elder Selection / Chiller purchase Kim C 2. Update from Finance Team Laurie

12/2 Congregation Meeting Agenda 1. Update on Elder Selection / Chiller purchase Kim C 2. Update from Finance Team Laurie Wallis 3. Update on Gerald Farley Report Kirby J 4. Update on Communications Drew Hoey 5. Update on Governance Dan

682 views • 42 slides
Personal Mission Statement Name Date The Why Personal Mission Statements: Help you focus

Personal Mission Statement Name Date The Why Personal Mission Statements: Help you focus

Profession of Arms Center of Excellence I n t e g r i t y - S e r v i c e - E x c e l l e n c e Personal Mission Statement Name Date The Why Personal Mission Statements: Help you focus on how to meet your long term goals Serve

209 views • 10 slides

More recommend