VulZoo: A Comprehensive Vulnerability Intelligence Dataset
Software vulnerabilities pose critical security and risk concerns. Many techniques have been proposed to effectively assess and prioritize these vulnerabilities before they cause serious consequences. To evaluate their performance, these solutions often craft their own experimental datasets from limited information sources, such as MITRE CVE and NVD, lacking a global overview of broad vulnerability intelligence. The repetitive data preparation process further complicates the verification and comparison of new solutions. To resolve this issue, in this paper, we propose VulZoo, a comprehensive vulnerability intelligence dataset that covers 17 popular vulnerability information sources. We also construct connections among these sources, enabling more straightforward configuration and adaptation for different vulnerability assessment tasks (e.g., vulnerability type prediction). Additionally, VulZoo provides utility scripts for automatic data synchronization and cleaning, relationship mining, and statistics generation. We make VulZoo publicly available and maintain it with incremental updates to facilitate future research. We believe that VulZoo serves as a valuable input to vulnerability assessment and prioritization studies. The video of VulZoo is at https://youtu.be/EvoxQmUAHtw. The dataset with utility scripts is available at https://github.com/NUS-Curiosity/VulZoo.
Tue 29 OctDisplayed time zone: Pacific Time (US & Canada) change
10:30 - 12:00 | Vulnerability and security1Research Papers / Tool Demonstrations at Gardenia Chair(s): Curtis Atkisson UW | ||
10:30 15mTalk | REACT: IR-Level Patch Presence Test for Binary Research Papers Qi Zhan Zhejiang University, Xing Hu Zhejiang University, Xin Xia Huawei, Shanping Li Zhejiang University | ||
10:45 15mTalk | Snopy: Bridging Sample Denoising with Causal Graph Learning for Effective Vulnerability Detection Research Papers Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Xiaoxue Wu Yangzhou University, David Lo Singapore Management University, Lili Bo Yangzhou University, Bin Li Yangzhou University, Xiaolei Liu China Academy of Engineering Physics, Xingwei Lin Zhejiang University, Wei Liu Nanjing University Media Attached | ||
11:00 15mTalk | Unveiling the Characteristics and Impact of Security Patch Evolution Research Papers Zifan Xie Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Zichao Wei Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology Media Attached | ||
11:15 15mTalk | Compositional Security Analysis of Dynamic Component-based Systems Research Papers | ||
11:30 15mTalk | Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities Research Papers Susheng Wu Fudan University, Ruisi Wang Fudan University, Kaifeng Huang Tongji University, Yiheng Cao Fudan University, Wenyan Song Fudan University, Zhuotong Zhou Fudan University, China, Yiheng Huang Fudan University, Bihuan Chen Fudan University, Xin Peng Fudan University Media Attached | ||
11:45 10mTalk | VulZoo: A Comprehensive Vulnerability Intelligence Dataset Tool Demonstrations Bonan Ruan National University of Singapore, Jiahao Liu National University of Singapore, Weibo Zhao National University of Singapore, Zhenkai Liang National University of Singapore | ||