Volltext-Downloads (blau) und Frontdoor-Views (grau)
  • search hit 1 of 3
Back to Result List

ML-Supported Identification and Prioritization of Threats in the OVVL Threat Modelling Tool

  • Threat Modelling is an accepted technique to identify general threats as early as possible in the software development lifecycle. Previous work of ours did present an open-source framework and web-based tool (OVVL) for automating threat analysis on software architectures using STRIDE. However, one open problem is that available threat catalogues are either too general or proprietary with respectThreat Modelling is an accepted technique to identify general threats as early as possible in the software development lifecycle. Previous work of ours did present an open-source framework and web-based tool (OVVL) for automating threat analysis on software architectures using STRIDE. However, one open problem is that available threat catalogues are either too general or proprietary with respect to a certain domain (e.g. .Net). Another problem is that a threat analyst should not only be presented (repeatedly) with a list of all possible threats, but already with some automated support for prioritizing these. This paper presents an approach to dynamically generate individual threat catalogues on basis of the established CWE as well as related CVE databases. Roughly 60% of this threat catalogue generation can be done by identifying and matching certain key values. To map the remaining 40% of our data (~50.000 CVE entries) we train a text classification model by using the already mapped 60% of our dataset to perform a supervised machine-learning based text classification. The generated entire dataset allows us to identify possible threats for each individual architectural element and automatically provide an initial prioritization. Our dataset as well as a supporting Jupyter notebook are openly available.show moreshow less

Export metadata

Additional Services

Search Google Scholar

Statistics

frontdoor_oas
Metadaten
Document Type:Conference Proceeding
Conference Type:Konferenzartikel
Zitierlink: https://opus.hs-offenburg.de/4275
Bibliografische Angaben
Title (English):ML-Supported Identification and Prioritization of Threats in the OVVL Threat Modelling Tool
Conference:34th Annual IFIP WG 11.3 Conference (DBSec 2020), Regensburg, Germany, June 25-26, 2020
Author:Andreas SchaadStaff MemberGND, Dominik BinderStaff MemberGND
Edition:1.
Year of Publication:2020
Place of publication:Cham
Publisher:Springer
First Page:274
Last Page:285
Parent Title (English):Data and Applications Security and Privacy XXXIV
ISBN:978-3-030-49669-2 (eBook)
ISBN:978-3-030-49668-5 (Softcover)
DOI:https://doi.org/10.1007/978-3-030-49669-2_16
Language:English
Inhaltliche Informationen
Institutes:Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021)
Institutes:Bibliografie
DDC classes:000 Allgemeines, Informatik, Informationswissenschaft
GND Keyword:Datenbanksystem; Datensicherung
Formale Angaben
Open Access: Closed Access 
Licence (German):License LogoUrheberrechtlich geschützt