The National Vulnerability Intelligence Platform (NVIP) Project

NVIP is an open source Java platform that provides an efficient management of the software vulnerability data.

Features

• NVIP is a publicly available resource providing rich, near real-time CVE intelligence.
• Provides near real time detection of disclosed vulnerabilities using automated mining techniques to check CVE Numbering Authority (CNA) web sites and many other online sources.
• It crawls a given list of vulnerability sources (links) and creates a dynamic database of Common Vulnerabilities and Exposures (CVE).
• Provides AI/ML-based CVE Characterization via NIST’s Vulnerability Description Ontology (VDO) framework.
• Automated CVSS scoring based on the Common Vulnerability Scoring System Version 3.1 specification.
• Automatically reconciles CVEs description using Apache Open NLP to find the best description.
• Uses LSTM/Word2Vec to extract affected Common Platform Enumeration (CPE) product names from free-form CVE descriptions.

Components

For more details about each component please refer to the Readme files under each directory.

nvip_backend

The back end platform that does all CVE mining, characterization, product name extraction, and CVSS scoring etc.

nvip_ui

The proof-of-concept user interface that lists crawled and characterized CVEs.

nvip_data

The repository that includes the training data sets and required resources for CVE characterization, product name extraction and CVSS scoring.

nvip_lib

jar files (libraries) that are needed to run the nvip backend system.

Quick Start Steps

To start using nvip:

• Install MySQL (version 8) as well as MYSQL workbench and Command Line Client.

• Create the nvip database by executing the SQL script provided at "nvip_data/mysql-database" in the MySQL Workbench. The script can be executed in a query editor in the MySQL Workbench (File/New Query Tab).

• Once the database is created, run the jar file named "nvip-1.0.jar", by opening the command prompt and executing the command "java -Xms8G -Xmx16G -jar nvip-1.0.jar". The system will scrape CVE sources (URLs) included in the 'nvipsourceurl' table and update CVEs in the MySQL database.

• To start viewing scraped CVEs, install the nvip_ui project. For details about how to setup the nvip_ui project, please follow the instructions in "nvip_ui/Readme.md".

Note: To have the most up-to-date CVE sources in the nvipsourceurl table in mysql, you may want to run the CVE source update tool by: "java -Xms1G -Xmx4G -cp "nvip-1.0.jar;nvip_lib/*" edu.rit.se.nvip.cvesource.UpdateNvipSourceUrlList"

Project Team

• Mehdi Mirakhorli, Principal Investigator
• Ahmet Okutan, Senior Research Developer
• Peter Mell, Collaborator
• Igor Khokhlov, Researcher
• Joanna Cecilia Da Silva Santos, Researcher
• Danielle Gonzalez, Researcher
• Steven Simmons, Developer
• Ryan Bryla, Developer
• Andrew Pickard, Developer
• Brandon Cooper, Developer