Hasso-Plattner-Institut
 
    • de
 

Vulnerability Database for Cyber Threat Intelligence

Background

The vulnerability information is one of the major and most important sources of cyber threat intelligence (CTI). The currently running HPI Vulnerability Database (HPI-VDB) provides a comprehensive and up-to-date repository, which contains a large number of known vulnerabilities of Software. The textual descriptions about each vulnerability entry are grabbed from the public portals of other vulnerability databases, software vendors, security forums, etc. and then normalized into a well-structured data model. Thanks to the high-quality vulnerability data, many analytical services can be provided, including browsing, searching, self-diagnosis, Attack Graph (AG), as well as other API-based ad-hoc analytics. With the increasing demand of data-driven threat detection, it makes sense to research and implement more efficient management of vulnerability information to achieve high-quality CTI data. 

Objectives

The goals of this master project are:

  • Exploration and study of state-of-the-art vulnerability modeling and management techniques as well as the organization and features of popular vulnerability databases (VDBs);
  • Research and investigation on challenges and solutions to integrate vulnerability information in a hybrid Threat Intelligence Platform (TIP);
  • Design and development of an enhanced version of HPI-VDB as well as the PoC version of HPI-TIP.

  The results of this project intends to provide theoretical foundation and practices for integration of new vulnerability databases as well as high-performance collection, processing, validation, storage, and applications of vulnerability information.

 

Deliverables

The deliverables of this project include:

  • an enhanced version of HPI-VDB (enriched with the Social Media intelligence)
  • a conceptual design and PoC of HPI-TIP (for generating domain-specific CTI reports), and
  • a technical report.

Project Management

  • Project period: SS2022 (April - October 2022)
  • Team:
    • Supervisors: Wenzel Pünter, Pejman Najafi, Dr. Feng Cheng, Prof. Dr. Christoph Meinel
    • Students:
      • Till Nowakowski
      • Jonas Schmitz
      • Mario Freund
      • Lieven Leue