Classification of software vulnerability artifacts using public Internet data

  • Leonardo Ambrus de Lima UFRJ
  • Estevão Rabello Ussler UFRJ
  • Miguel Angelo Santos Bicudo UFRJ
  • Daniel Sadoc Menasche UFRJ
DOI: https://doi.org/10.5753/sbrc.2025.6346

Abstract


Artifacts associated with vulnerabilities, such as patches, exploits, and scanners, provide valuable insights in the context of network security. In particular, the network protocols used by scanners to identify vulnerabilities offer clues about their exploitation mechanisms and associated risks. In this work, we analyze network-related vulnerabilities using data from the NomiSec repository, with a special focus on scanners. For example, we observe that some artifacts indicate that exploitation occurs via HTTP, while others require direct socket interactions. Additionally, we perform clustering and visualization of these artifacts, identifying relationships between different categories. We find that certain artifact groups are associated with the exploitation of network devices, such as firewalls, while others focus on protocol-specific vulnerabilities, such as SSL/TLS. These findings contribute to a better understanding of the vulnerability ecosystem and the improvement of mitigation strategies based on data automatically and periodically collected from GitHub.

Keywords: Scanners, NomiSec, Software Artifact Classification, InTheWild, NVD, Software Vulnerabilities, Patches, Exploits, Proofs of Concept

References

Ambrus de Lima, L., Ussler, E. R., Bicudo, M. A. S., and Menasche, D. S. (2025). Classificação de artefatos de vulnerabilidades de software usando dados públicos da internet. Relatório técnico: [link].

Figueiredo, C. et al. (2023). A statistical relational learning approach towards products, software vulnerabilities and exploits. IEEE Trans. Network and Service Management.

He, H. et al. (2024). 4.5 Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Scams, and Malware. arXiv:2412.13459.

Jacobs, J., Romanosky, S., Edwards, B., Adjerid, I., and Roytman, M. (2021). Exploit prediction scoring system (EPSS). Digital Threats: Research and Practice, 2(3):1–17.

Miranda, L. et al. (2021). On the flow of software security advisories. IEEE Transactions on Network and Service Management, 18(2):1305–1320.

Miranda, L., Figueiredo, C., Menasché, D. S., and Kocheturov, A. (2023). Patch or exploit? NVD assisted classification of vulnerability-related github pages. International Symposium on Cyber Security, Cryptology, and Machine Learning.

Ponce, L. M. S. et al. (2022). Caracterização escalável de vulnerabilidades de segurança: um estudo de caso na internet brasileira. SBRC.

Rokon, M. O. F., Islam, R., et al. (2020). SourceFinder: Finding malware source-code from publicly available repositories in GitHub. RAID, pages 149–163.

Suciu, O. et al. (2022). Expected exploitability: Predicting the development of functional vulnerability exploits. In USENIX Security, pages 377–394.

Wang, X. et al. (2021). PatchDB: A large-scale security patch dataset. In IEEE/IFIP Conf. Dependable Systems and Networks (DSN), pages 149–160. IEEE.

Yadmani, S. E., The, R., and Gadyatskaya, O. (2022). Beyond the surface: Investigating malicious CVE proof of concept exploits on github. arXiv preprint arXiv:2210.08374.

Yoon, S.-S. et al. (2023). Vulnerability assessment based on real world exploitability for prioritizing patch applications. In CSNet, pages 62–66. IEEE.
Published
2025-05-19
How to Cite

Select a Format
DE LIMA, Leonardo Ambrus; USSLER, Estevão Rabello; BICUDO, Miguel Angelo Santos; MENASCHE, Daniel Sadoc. Classification of software vulnerability artifacts using public Internet data. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 43. , 2025, Natal/RN. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2025 . p. 700-713. ISSN 2177-9384. DOI: https://doi.org/10.5753/sbrc.2025.6346.