A SYSTEM AND METHOD FOR IDENTIFYING EXPLOITED CVES USING HONEYPOTS

An automatic computer-implemented method for identifying exploited CVEs using honeypots, comprising the steps of downloading and storing new published CVEs from the internet into a database server; extracting properties from the stored CVEs into a structured format, using Natural Language Processing...

Full description

Saved in:
Bibliographic Details
Main Authors Geller, Shay Alexander, Mimran, David, Brodt, Oleg, Shabtai, Asaf, Elovici, Yuval
Format Patent
LanguageEnglish
French
German
Published 06.07.2022
Subjects
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:An automatic computer-implemented method for identifying exploited CVEs using honeypots, comprising the steps of downloading and storing new published CVEs from the internet into a database server; extracting properties from the stored CVEs into a structured format, using Natural Language Processing algorithms; recording all incoming data traffic using one or more honeypot servers and sending the honeypot records to a central database server; locating the CVE's properties in the honeypot records using Product Name, Attack Pattern, Exploited File Name and Exploited Parameter Name, and storing the records for further analysis; detecting anomalies in the CVE's related records; scoring each CVE's exploitability by its anomalies status and alerting CVEs with a score higher than a predetermined value.
Bibliography:Application Number: EP20210217793