Using Program Knowledge Graph to Uncover Software Vulnerabilities
read the original abstract
In an increasingly interconnected and data-driven world, the importance of robust security measures cannot be overstated. A knowledge graph constructed with information extracted from the system along with the desired security behavior can be utilized to identify complex security vulnerabilities hidden underneath the systems. Unfortunately, existing security knowledge graphs are constructed from coarse-grained information extracted from publicly available vulnerability reports, which are not equipped to check actual security violations in real-world system implementations. In this poster, we present a novel approach of using Program Knowledge Graph that is embedded with fine-grained execution information of the systems (e.g., callgraph, data-flow, etc.) along with information extracted from the public vulnerability and weakness datasets (e.g., CVE and CWE). We further demonstrate that our custom security knowledge graph can be checked against the standard queries generated by LLM, providing a powerful way to identify security vulnerabilities and weaknesses in critical systems.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
VulLink: A Dynamic Open-Access Vulnerability Graph Database for Cybersecurity Data Mining
VulGD is a dynamic open-access graph database that aggregates vulnerability data from multiple sources and uses LLM embeddings to enable more accurate risk assessment and threat prioritization.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.