Semantic Text Analysis Technology Application in Assessing Current Threats and Software Vulnerabilities

摘要

The paper provides a brief overview of the most common open databases (classification systems) of computer attacks, information security threats and software vulnerabilities. The advantages of using the methods of semantic analysis of texts in natural language (Text Mining) for working with textual descriptions of typical attacks and their components contained in the above classification systems are noted. An automated method is proposed for assessing current (i.e., potentially most dangerous) vulnerabilities in industrial control system (ICS) software using semantic analysis methods of descriptions in order to determine a list of threats that are relevant to software vulnerabilities identified at a specific object using security scanners. An example of the proposed techniques application for assessing vulnerabilities of the application software of industrial oil production facility automation subsystem is considered, followed by the formation of a list of relevant threats.