go back

Automatic Categorization of Products for Threat Modeling

Zhenpeng Shi, Nikolay Matyunin, Kalman Graffi, David Starobinski, "Automatic Categorization of Products for Threat Modeling", IEEE Secure Development Conference 2022, 2022.


We consider the problem of systematizing the creation of general product categories used by libraries of threat modeling tools. Leveraging connections between various threat databases (CPE, CVE, and CWE), we propose and evaluate a method based on clustering CPE entries with the help of a knowledge graph. This clustering method allows one to categorize products, and identify the characteristics of each category based on the associated weaknesses.

Download Bibtex file Per Mail Request