| CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)] | 17 Claims |
|
1. A system for associating common vulnerability and exposures (CVEs) with device profiles, comprising:
a memory that stores a plurality of CVEs and a plurality of device profiles, each device profile from among the plurality of device profiles is associated with a corresponding CVE from among the plurality of CVEs, wherein each device profile from among the plurality of device profiles comprises features of a corresponding device, and the features comprise at least an operating system, a CPU architecture, a GPU architecture, a memory architecture, and an installed software of the corresponding device; and
a processor operably coupled to the memory, configured to:
for a first device profile from among the plurality of device profiles stored in the memory, determine a set of feature importance values for features of the first device profile, wherein a feature importance value of a corresponding feature of the first device profile associated with a CVE indicates a probability of the CVE to affect the first device profile with respect to that feature, wherein the set of feature importance values comprises:
a first feature importance value of the operating system that indicates a first probability of the CVE affecting the first device profile with respect to the operating system;
a second feature importance value of the CPU architecture that indicates a second probability of the CVE affecting the first device profile with respect to the CPU architecture;
a third feature importance value of the GPU architecture that indicates a third probability of the CVE affecting the first device profile with respect to the GPU architecture;
a fourth feature importance value of the memory architecture that indicates a fourth probability of the CVE affecting the first device profile with respect to the memory architecture; and
a fifth feature importance value of the installed software that indicates a fifth probability of the CVE affecting the first device profile with respect to the installed software;
identify that the first device profile that has one or more features in common with a second device profile, wherein:
identifying the first device profile has the one or more features in common with the particular second device profile comprises:
extracting, by implementing a natural language processing neural network, incidents describing devices being infected by the plurality of CVEs from documentation associated with the plurality of CVEs, wherein the incidents are reported by multiple users;
determining a first frequency and a first severity of a first CVE from among of the plurality of CVEs infecting the devices with respect to each of the features from the extracted incidents, wherein the first frequency of the first CVE infecting the devices with respect to each of the features indicates a number of times the first CVE infected a number of the devices with respect to each of the features, wherein if as a consequence of the first CVE, a third party is able to gain unauthorized access to the devices and erase data from memories of the devices, the first severity of the first CVE is determined to be more than a threshold severity;
determining a second frequency and a second severity of a second CVE from among of the plurality of CVEs infecting the devices with respect to each of the features from the extracted incidents, wherein the second frequency of the second CVE infecting the devices with respect to each of the features indicates a number of times the second CVE infected a number of the devices with respect to each of the features, wherein if as a consequence of the second CVE, a third party is able to gain unauthorized access to the devices and erase data from memories of the devices, the severity of the second CVE is determined to be more than a threshold severity; and
determining, based at least on the determined frequency and severity of each of the plurality of the CVEs infecting the devices, a total feature importance value associated with the one or more features that are in common between the first device profile and the second device profile, wherein the total feature importance value is a first sum of the set of feature importance values of the one or more features of the first device profile that are in common with the second device profile, wherein the first sum of the set of feature importance values corresponds to the first sum of the first probability, the second probability, the third probability, the fourth probability, and the fifth probability; and
identifying, by a classifier machine learning algorithm, the first device profile is labeled with the first CVE and the second CVE based on a training dataset, wherein the training dataset comprises the plurality of device profiles, each of the plurality of device profiles is labeled with the corresponding CVE and corresponding security patches; the first device profile is associated with a first device; and
the second device profile is associated with a second device;
duplicate the second device profile for the first CVE and the second CVE, such that a first duplicate of the second device profile is associated with the first CVE and the second duplicate of the second device profile is associated with the second CVE, wherein the second device profile is not among the plurality of device profiles;
determine that the total feature importance value is more than a feature importance threshold value;
in response to determining that the total feature importance value is more than the feature importance threshold value:
identify a particular CVE associated with the first device profile;
associate the particular CVE with the second device profile;
identify a particular security patch associated with the first device profile;
associate the particular security patch to the second device profile; and
update the second device associated with the second device profile with the identified security patch.
|