Automated Supervised Topic Modeling Framework for Hardware Weaknesses

Rakibul Hassan1, Charan Bandi1, Meng-Tien Tsai2, Shahriar Golchin3, Sai Manoj Pudukotai Dinakarrao1, Setareh Rafatirad2, Soheil Salehi4
1George Mason University, 2University of California Davis, 3University of Arizona, 4Department of Electrical and Computer Engineering, University of Arizona


The number of publicly known cyber-security vulnerabilities (CVEs) submitted to the National Vulnerability Database (NVD) has increased significantly due to the increasing complexity of modern computing systems. The NVD dataset is a remarkable source of the latest reported vulnerable information for Cyber-Physical-System. However, it is cumbersome to extract useful information from this large corpus of unstructured data to find meaningful trends over time without proper tools. Prior works with this purpose have mainly focused on software vulnerabilities and failed to provide a storytelling framework that can extract useful information about the relationship and trends within the CVE and CWE databases over time. Additionally, hardware attacks on IoT devices are evolving rapidly due to the recent proliferation of computing devices in mobile and IoT domains. In this work, we present a Machine learning-based framework for vulnerability and its impact vector classification focusing on the hardware vulnerabilities for the IoT domain. Our proposed framework is equipped with an Ontology-driven Storytelling Framework (OSF). Our proposed framework updates the ontology in an automated fashion and aims to identify similar patterns of vulnerabilities over time, to help mitigate the impacts of vulnerabilities or predict and prevent future exposures.